Causas de los Accidentes/Incidentes Acto Inseguro:

The company has yet to rise to the challenge represented by an increasingly diverse yet related range of business operations. Similarly, an historic under-investment in IS has meant that the divisional areas can only send information in manual form only where it is re-keyed into relatively old mainframe-based financial systems.

The divisional nature of SSL means that the activities at headquarters are principally general and financial management–orientated.

The information technology (IT) department is somewhat old-fashioned and certainly less up to date than some of the divisions. In addition to a data processing (DP) manager, there are six data entry clerks who are responsible for re-keying financial data from the divisions, three programmers, a systems analyst and two computer operator/systems programmers. When the DP manager is about to retire, SSL must consider how it wishes to manage IS both at headquarters and divisional level.

Questions

1. It is recommended that up to 1 hour should be spent on each question.

2. Analyse how SSL may identify the value that it obtains from its current portfolio of IS and evaluate the techniques that may be used in assessing future IS investments.

3. In many parts of the company, it is clear that SSL does not have a coherent IS strategy.

Analyse how it may construct an IS strategy that is supportive of its business strategy and the benefits it would derive from this.

4. Analyse the strategic potential for greater investment in IS and technology at SSL, both from divisional and company-wide perspectives. Could business process re-engineering (BPR) be a useful tool in maximising the potential of IS and IT within the company?

Explain and justify your answers.

5. Describe the current location of IS functions within SSL. Recommend the best location of IT services in the future.

Specimen answers

The strategy can refer to any of these four areas below, which can be set as additional assignment questions.

It is recommended that students should spend up to 1 hour on each question.

1. Analyse how SSL may identify the value it obtains from its current portfolio of IS and evaluate the techniques that may be used in assessing future IS investments.

In this question, students need to distinguish between the current and future IS/IT investments.

For the present systems, value will relate to the ways in which existing decision-making processes are supported by the IS/IT already in place. It is questionable if assessing the current value is a particularly worthwhile process in the first place. The systems already exist and there has been a past financial commitment as well as current and future commitments in terms of maintenance and other running costs. What needs to be done, therefore, is to assess the current and ongoing costs against the benefits that arise from current system usage. Assigning monetary values to the costs is relatively straightforward since many of the costs will be tangible in nature. The benefits are a different issue, since many of them will be intangible. However, it may be possible to assess the additional costs of running the business if the current systems did not exist (e.g. by replacing computerised systems with manual paper based ones). Again, it is questionable whether or not this is a worthwhile exercise, especially where systems are classified as ‘key operational’ or strategic systems.

What will be useful is to take the existing portfolio of applications across the group as a whole and classify them according to the Ward and Griffiths matrix, designating current systems in the way they fall into the following categories:

• support

• key operational

• high potential

• strategic.

In this way, the strategic impact of the systems both in terms of current and future contributions can be classified.

For future applications, students need to analyse alternative methods of assessing the contribution of future systems development. They need to evaluate:

• hard financial methods (NPV, ROI, payback etc.);

• other methods (balanced scorecarding, information economics etc.).

• Students need to identify current practice amongst public and private organisations to illustrate their arguments. They also need to address whether or not:

• hard financial methods can guarantee sound investment decisions;

• other approaches such as balanced scorecarding offer more informed decision making;

• managers usually make investment decisions on a ‘leap of faith’, ‘gut feel’, or

‘entrepreneurial judgement’;

• a portfolio of appraisal methods is needed.

2. In many parts of the company, it is clear that SSL do not have a coherent IS strategy.

Analyse how it may construct an IS strategy that is supportive of its business strategy and the benefits that it would derive from this.

To answer this question, students need to look at alternative approaches. Besides particular tools and techniques, they need to identify a framework within which the tools can be applied.

One of the most useful frameworks is ‘business impacting, versus business aligning’. As discussed in Chapter 14, it is useful to consider tools for strategy formulation and implementation in the context of whether they are intended to directly support an existing business strategy (business alignment) or indicate new opportunities that may impact positively on a business strategy (business impacting).

Within this framework, alignment techniques include the following:

• critical success factor (CSF) analysis;

• business systems planning;

• strategy set transformation.

While impacting techniques include:

• competitive forces models;

• competitive strategies;

• value chain analysis.

It is also desirable for students to consider possible planning process frameworks. These include the following approaches:

• top-down

• bottom-up

• innovative

• eclectic (selective)

• middle-out.

Finally, the balance of the applications portfolio can be distributed amongst the following categories:

• external long-term

• external short-term

• internal long-term

• internal short-term.

The above framework together with the Ward and Griffiths' matrix model can help to guide an analysis of how the business might benefit. As seen in earlier chapters, business benefits can relate to:

• capability – volume, nature of business transactions;

• cost management – remove duplication of functions, replace expensive manual processes with more efficient computerised ones;

• control – knowledge about business activities that can be easily communicated to the senior management team;

• competitive advantage – by using IS/IT to create business opportunities, reduce costs, offer better service etc.

3. Analyse the strategic potential for greater investment in IS and technology at SSL both from a divisional and company-wide perspective. Could BPR be a useful tool in maximising the potential of IS and IT within the company? Explain and justify your answers.

As with the previous question, students need to construct a suitable framework for the answer.

For the first part of the question, it is recommended that students use some of the tools relating to the impacting and aligning techniques described in the chapter. It is not proposed to come up with specific answers to this question. However, by looking at both Porter’s five forces model and value chain tools, it will be possible for students to analyse the opportunities both from an internal and an external perspective. The competitive forces model will allow SSL to look at how IS/IT can be used to:

• improve linkages with customers;

• improve supply chain management;

• create barriers to entry by potential competitors;

• reduce the risk from substitutes by differentiating the product.

Similarly, by using the value chain model, it will be possible to identify how IS/IT can be used both within individual functional areas and between those areas. Examples might include the following:

• New systems in sales and marketing to present a unified product range and focus marketing activity more effectively;

• Rationalised accounting systems for the group as a whole to reduce costs and establish improved financial control;

• Improved business operations by using IS/IT to improve workflow.

The second part of the answer should emphasise how BPR focuses on analysing business processes and how they add value to the business. Again, value chain analysis will allow the business to focus on the processes that exist between each functional area and how processes are linked across functional areas. Processes can then be analysed to see whether or not they can be:

• eliminated;

• combined with other processes using systems to link them;

• made more efficient by using IS/IT (by reducing manual effort, or making them more transparent).

4. Describe the current location of IS functions within SSL. Recommend the best location for IT services in the future.

The first part of this question is fairly mechanical and can be produced without too much effort.

Students need to reflect on how the present IS/IT is distributed across the divisional areas with little central control or management. They also need to observe that the present structure stems from the way the company has evolved over recent years.

For the second part, students need to be clear about what needs managing in the first place.

They also need to be clear that when we refer to the best location for IS/IT services, we are actually referring to where within the organisation specific elements should be located. The elements that students need to consider include the following:

IS strategy planning

• Hardware platform

• Network architectures

• Systems development tools

• Legacy systems – strategies

• IS/IT staffing.

Operations management

• Hardware architecture management

• Capacity planning

• Security (backups, access control, error detection and archiving)

• Technical support (hardware and systems software)

Telecommunications management

• Distributed computing

• Network availability

• Network security

Business systems development

• Systems development centre administration

• Migration and conversion strategy

Database administration

• Repository/data dictionary administration

• Database management

User support

• Help-desk support

• Information centre services – end-user computing

• Training

• Shared services – e-mail, collaborative work systems (e.g. Lotus Notes).

Quality assurance

The alternative locations discussed in Chapter 14 are mainly centralised versus decentralised, and various considerations are given there. There will be a range of different approaches given by the students. The broad approach that is often given is as follows:

• Centralised

(a) IS/IT strategy formulation

(b) Development of corporate IS (including DBMS selection and management) (c) Infrastructure strategy and implementation

• Decentralised

• Development of personal or specifically departmental systems

• Localised help-desk support

Given the way the company has evolved, students often suggest that a high degree of centralisation is needed initially in order to establish control of the IS/IT function as it relates to all divisions of the business.

Activity 14.2

Examine Table 14.1 and assess which of the reasons for outsourcing would be important to the following:

1. Financial manager (chief finance officer) 2. Information systems manager

3. Managing director

4. Departmental manager in human resources, marketing or production.

1. Financial manager (chief finance officer). The attitude of the (CFOs) will depend on their view of IS. They may simply see IS as a means of reducing costs. However, if they are also responsible for managing IS, they will be concerned with its impact on customer service, so may see outsourcing as a way of improving this.

2. IS manager. As the IS manager, cost reduction would be a factor since the IS budget may not be increasing, but demand for services is. The need for specialist expertise, perhaps related to e-commerce may prove attractive, especially if it has proved difficult to attract staff in this area due to the salaries required.

3. Managing director. The fact that 21% see outsourcing as a strategic business decision suggests that managing directors are likely to be involved in this decision. They may be looking to reduce the headcount or feel that this is the most effective way of getting ‘more bang for your buck’.

4. Departmental manager in human resources, marketing or production. They will mainly be concerned with the impact on quality of service for their users or customers. Since they are not likely to pay for IS services from their own budgets, they will be less concerned about the cost implications than managers of those departments responsible for the bill.

Case Studies

Case Study 14.1: Why do public-sector projects fail?

1. Public-sector information systems projects have had a chequered history. Is the national programme for IT proving to be any different from some of the fiascos that have preceded it?

2. The national programme for IT involves a substantial increase in outsourcing. What are the likely benefits and risks associated with this approach?

3. Could the COBIT methodology be applied in this context?

1. It is recommended that students look at relevant National Audit Office (NAO) reports, Treasury Select Committee reports and similar publications. In addition, Computer Weekly has had a long-running series on the National Programme for IT. Gerry Robinson has also expressed views on the project on the British Broadcasting Corporation (BBC).

It might be useful for students to look at previously published NAO guidelines for managing public-sector IT procurement projects: http://www.nao.org.uk/publications/nao_reports/03-04/0304877.pdf.

2. It is recommended that students look at examples of previous public-sector IT projects where outsourcing has played a significant role (e.g. Siemens and the Passport Office project). Electronic Data Systems (EDS) have also been involved in a number of projects.

It would be useful for students to look at Computing and Computer Weekly for examples of public-sector outsourcing.

3. The material in Chapter 14 on outsourcing should provide a framework for students to answer the question – both in terms of the risks/dangers and benefits from outsourcing. It is suggested that these ideas be applied to public-sector outsourcing in general and the national programme for IT in particular.

The Control Objectives For Information and Related Technology (COBIT) methodology clearly provides a framework by which IT projects can be managed – but then so does the NAO.

So yes, the methodology can be applied. However, the question goes deeper than this – to what extent is the political and organisational will to follow the methodology (especially if the outcome is not politically expedient!)? Are there factors that relate to public-sector IT projects that do not apply in the same way to private sector ones? One factor, for example, is that public-sector projects tend to be on a larger scale and can also be more complicated than private public-sector ones which in turn adds a layer of complexity to them. In addition, failures tend to be more high profile.

Exercises (pp. 566–567)

Self-assessment exercises

1. What factors might account for the productivity paradox relating to IS/IT investments?

The main factors identified include:

• mismeasurement;

• the lag occurring between initial investment and payback;

• mismanagement of IS projects.

To this can be added the notion that business benefits are often intangible in nature (e.g.

improving customer satisfaction) and that it is hard to put a money value on some factors. This would tend to reinforce both the mismeasurement and lag arguments.

2. When information systems costs are being considered, what kinds of costs would be considered development costs and what would be considered operations/

maintenance costs?

Development costs would include the following:

• package software and bespoke development costs;

• relational database management system (RDBMS) acquisition;

• initial hardware and infrastructure acquisition;

• development tools.

Operations and maintenance costs include the following:

• ongoing software licence costs;

• legacy system maintenance;

• telecommunications running costs;

• help-desk support;

• security management;

• hardware technical support;

• systems programming support.

3. How do strategic systems differ from high-potential projects?

Strategic systems are critical to sustaining future business strategy, while high-potential projects either may or may not be important to the future success of the organisation. A high-potential project may become a future strategic system.

4. Why do information systems projects fail?

These issues are also covered in Chapter 8. Students should identify some of the following:

• Technical failure. Stemming from poor technical quality, this is the responsibility of the organisation’s IS/IT function.

• Data failure. Owing to (a) poor data design, processing errors and poor data management and (b) poor user procedures and poor data quality control at the input stage. The fault of the former lies with the IS/IT function, while the fault of the latter lies with the end-users themselves.

• User failure. Users don’t use the system to its maximum capability – may be due to an unwillingness to train staff or user management failure to allow their staff’s full involvement in the systems development process.

• Organisational failure. Where an individual system may work in its own right but fails to meet organisational needs as a whole (e.g. while a system might offer satisfactory operational information, it fails to provide usable management information – this results from senior management failure to align IS/IT to overall organisational needs.

• Failure in the business environment. This can stem from systems that are inappropriate to the market environment, IS/IT not being adaptable to a changing business environment (often rapid change occurs), or a system not coping with the volume and speed of the underlying business transactions.

5. Explain the difference between project size and project complexity when evaluating information systems risk.

A project size in itself does not necessarily mean that the project will have a high level of risk, provided that a large project is straightforward. However, with higher levels of project complexity, risks are increased significantly. When taken together, large, complicated projects have the highest levels of risk.

6. What are the main different types of outsourcing?

Generally, the alternative types relate to the scale of the outsourcing being undertaken. These can include the following:

• Facilities management

• Total outsourcing

• Selective, targeted or partial outsourcing.

Discussion questions

1. ‘The millennium bug has demonstrated that organisations, more often than not, take a short-term view in their approach to information systems rather than a strategic one’. Discuss.

Students should concentrate on applications software rather than other issues such as processor chips. They can centre their discussion around the following points:

• Some legacy systems in current use can date back to their original development at least two decades ago; the writers of these systems never envisaged that the software would still be running 20 or more years later. This suggests that the software falls at least into the

‘support’ or even the ‘key operational’ categories.

• The legacy systems referred to above were built at a time when memory and disk space constraints were severe and developers took every possible step to reduce storage space for data and programs. It has been argued that running applications with full eight-digit dates would have been prohibitively expensive, thus putting off systems development and preventing businesses from gaining the benefits of computerisation. Similarly, the cost of fixing these systems is less than the benefits that have accrued over the life of the system.

• There is evidence that systems developed as recently as 6 or 7 years ago were not millennium compliant. It is much harder to argue the storage and memory costs issue here.

Recently developed systems that use six-figure dates, therefore, do suggest that a short-term view exists.

• The failure of many companies to get up to speed with their millennium compliance activities also suggests that a degree of complacency exists (especially for those businesses with a turnover of between £1 and 50 million). Also, it is suggested that some public-sector organisations are leaving things to the last minute. Both of these points suggest that, again,

• The failure of many companies to get up to speed with their millennium compliance activities also suggests that a degree of complacency exists (especially for those businesses with a turnover of between £1 and 50 million). Also, it is suggested that some public-sector organisations are leaving things to the last minute. Both of these points suggest that, again,

In document Implementación de equipos de trabajo autodirigidos en seguridad para una planta papelera (página 43-47)