Chapter 4: Information and communication technologies Page 20

Ch # 4 Information and communication technologies

IMPACT OF TECHNOLOGICAL CHANGE ON WORKING METHODS

Over the years, machines have replaced man for mechanical tasks. Computers have replaced
man for many mental and intellectual jobs.

Impact of technological change on products and services

 Technological change has a huge impact on the nature of products and services
 Companies need to maintain technological developments in the design and manufacture of
products, and in the provision of services, in order to remain competitive.

Impact of technological change on organisation structure etc

Computerisation, communications technology and other aspects of technological change have

led to major developments such as:

1) Downsizing

 Means the reduction in size of a business organisation. Its business activities are conducted
by a smaller number of people.
 Technological change makes downsizing possible

2) De-layering

 Means removing one or more levels of management in the organisation structure.

 De-layering is made possible by high-quality communications and that is now quiet
possible through technological developments.

3) Restructuring

 Restructuring may be vertical and horizontal both.

 Different organizations merge functions, sections and departments according to the
technological advancement and continuously restructure the organizational structure.
 Like real time, online data availability has shifted regional decision making into centralized.

4) Outsourcing & Virtual Company

 An entity does not need to carry out many operations itself.

 Instead, it can outsource (delegate) work to a sub-contractor.
 Outsourcing is made much easier by high-quality telecommunications & computer systems
Chapter 4: Information and communication technologies Page 21

Reasons for outsourcing

 Entity would focus activities within the entity on core competencies, with aim of gaining
more competitive advantage in these core areas.
 Entity would outsource work to entities that have core competencies in these areas of work.
 Outsourced work might require specialist skills that the entity cannot employ internally

Problems with outsourcing

 Loss of control over the outsourced activities.

 Something may go wrong, and action performance does not meet expectations.
 Affect on relationships with the suppliers

Virtual organisation

 Virtual organisation does not have an identi iable physical existence.

 It does not have a head of ice or operational premises.
 It might not have any employees.
 A virtual organisation is operated by means of:
- IT systems and communications networks (e.g. telephone and e-mail)
- Business contacts for outsourcing all operations.
 These organisations use their brand name as major core competence.
 One person, or a small number of individuals, can operate a virtual organisation.

Other modern concepts

Online Social Media

 Social media has changed the business models.

 Personal and business entities now have become the digital identities.

Big Data

 Extremely large data sets are being gathered, analysed computationally to reveal patterns,
fashions, trends, associations and preferences, especially relating to human behaviour
 These big data sets are being used to take business decisions.

Arti icial Intelligence

 Different business segments are using arti icial intelligence, various services are being
provided with the help of arti icial intelligence (like frequently asked questions)
Chapter 4: Information and communication technologies Page 22

INFORMATION TECHNOLOGY AND INFORMATION SYSTEMS

Information technology (IT)

 IT developments have resulted in many new products & improvements in existing products
 IT developments have also radically altered methods of communication.
 The Internet has emerged as a major source of external and easily accessible information.
 Commercial transactions can be processed more quickly.
 Changes in IT will continue, and these will have a signi icant impact on business strategy.
 IT and changes in IT affect every business entity.
 Business entities should be prepared to change as IT changes, and to take advantage of new
opportunities provided by IT, rather than try to oppose change.
 IT should be used constructively for setting strategic targets and implementing strategies

Information systems (IS)

 Businesses depend on information technology for everything from running daily operations
to making strategic decisions.
 Computers are the tools of this information age, performing extremely complex operations
as well as everyday jobs such as word processing and creating spreadsheets.

The main types of information system in organisations include:

 Transaction processing systems. Systems for processing routine transactions, such as
bookkeeping systems and sales order processing systems.
 Management information systems. Systems for providing information, mainly of routine
nature, to management for planning and controlling operations.
 Decision support systems. Used by managers to help them to make decisions of a more
complex or ‘unstructured’ nature. A DSS will include a range of decision models, such as
forecasting models, statistical analysis models and linear programming models.
 Executive information systems. Gives an executive access to summary information about
a range of issues, and also to ‘drill down’ into greater detail if this is required.
 Expert systems. A system that is able to provide information, advice & recommendations
on matters related to a speci ic area of expertise.
 Enterprise Resource Planning Bringing together human resources, operations, and
technology are becoming an integral part of business strategy.

Information Systems (IS) strategic support

 Quality of decision making depends on quality of information to management.
 Quality of the service to customers also depends on the quality of transaction processing.
 An entity should ensure that its Information Systems (IS) are suitable and will assist the
entity in achieving its long-term strategies.
 Better IS systems can give an entity a competitive advantage over its rivals
 Tasks that would take years on a PC can be completed in just hours on a supercomputer.
- Supercomputers play a critical role in national security research as well
(such as scienti ic research, simulations of earthquakes and predicting voting patterns)
- Businesses, too, put supercomputers to work by analyzing big data
Chapter 4: Information and communication technologies Page 23

Data and Information Systems

 Businesses collect a great deal of data (i.e. raw, unorganized facts that can be moved and
stored) in their daily operations.
 Only through well-designed IT systems and computers, this data can be processed into
meaningful and useful information
 One such form of business information is the database
(an electronic iling system that collects and organizes data and information)
 Using software called a database management system (DBMS), you can quickly and easily
enter, store, organize, select, and retrieve data in a database.
 Databases are at the core of business information systems.
- E.g. customer database containing name, address, payment method, products ordered,
price, order history, and similar data provides information to many departments.
- Marketing can track new orders and determine what products are selling best;
- Sales can identify high-volume customers or contact customers about new offerings
- Operations use order information to obtain inventory and schedule production;
- Finance uses sales data to prepare inancial statements.

Data warehouse and Data marts

 Data warehouse combines many databases across whole company into 1 central database.
 With this, managers can easily access and share data across the enterprise to get a broad
overview rather than just small pieces of information.
 Data warehouses include software to extract data from databases, maintain the data in the
warehouse, and provide data to users.
 They can analyze data much faster than transaction-processing systems.
 Data warehouses may contain many data marts
(special subsets of a data warehouse that each deal with particular area or department).
 Companies use data warehouses to gather, secure, and analyzing data for many purposes,
including customer relationship management, fraud detection and product-line analysis
- Retailers might wish to identify customer demographics and shopping patterns
- Banks can more easily spot credit-card fraud, as well as customer usage patterns.

Information and organisation structure

Changes in IS and IT have an effect on organisation structure.

 Databases and intranet systems can make information accessible to any employee.
 It is now easily possible for decisions to be taken ‘locally’ by employees or managers.
 IT therefore makes it possible for head of ice to control an organisation centrally.

Changes in IS and IT systems have already affected the organisation of many entities.
 Many organisations have a ‘ latter’ management hierarchy, with fewer middle managers.
 Decisions are taken either centrally by head of ice or locally by junior management.
 No need for employees to work together in an of ice, because they can communicate easily.
 Virtual organisations are working on their own, often from home, linked by IS/IT systems.
Chapter 4: Information and communication technologies Page 24

IT CONTROL & E FFECTIVENESS

Threats to systems security

 Data deletion or corruption due to human error.

 Technical error in the computer hardware, the software or the communications links
 Some computer systems may be exposed to risks of natural disasters (e.g. earthquakes)
 Systems are also exposed to risk from criminal damage, or simply theft.
 Deliberate corruption (e.g through virus or hacking).
 Loss of key personnel with specialist knowledge about a system.
 Exposure of system data to unauthorised users. (e.g. hackers)

In addition, there are risks within the computer software itself:

 Software might have been written with mistakes in it, so that it fails to process all the data.
 Software might not contain enough in-built controls against risk of input / processing error

General controls and application controls

General controls are controls that are applied to all IT systems and in particular to the
development, security and use of computer programs. Examples of general controls are:
 Physical security measures and controls
 Physical protection against risks to the continuity of IT operations
 General controls within software such as passwords, encryption software, and irewalls
 General controls over the introduction and use of new versions of a computer program
 The application of IT Standards.

Application controls are speci ic controls that are unique to a particular IT system or IT
application. They include controls that are written into computer software

General controls in IT

Physical access controls

 Putting locks on doors to computer rooms when there are no authorised staff in the room.
 Putting bars on windows, and shatterproof glass in computer room windows
 Locating hardware in places that are not at risk from looding
 Physical protection for cables (to provide protection against ire and loods)
 Back-up power generators, in the event of a loss of power supply
 Installing smoke detectors, ire alarms and ire doors
 Regular ire drills, so that staff know the measures to protect data and iles in emergency
 Obtaining insurance cover against losses in the event of a ire or looding.
 Arrangements with different providers of hot and cold sites (in case of emergency shifting)
Chapter 4: Information and communication technologies Page 25

Passwords

 It is de ined as ‘a sequence of characters that must be presented to a computer system

before it will allow access to the systems or parts of a system’
 Typically, a computer user is given a prompt on the computer screen to enter his password.
 Passwords can also be placed on individual computer iles, systems and programs.
 To gain access to a system, it may be necessary to input both a user name and a password.
 However, password systems are not always as secure, mainly due to human error.

Problems of password systems include the following:

 Users might give their passwords to other individuals who are not authorised to.
 Users are often predictable in their choice of passwords, so that a hacker might be able to
guess, by trial and error, a password to gain entry to a system or program or ile.
 Passwords are often written down so that the user will not forget it.

A security culture should be developed within the organisation, so that the user’s staff are aware
of the security risks and take suitable precautions.

Encryption

 Encryption involves coding of data into a form that is not understandable to casual reader.
 Data can be encrypted (converted into a coded language) using an encryption key.
 A hacker would not be able to read the data, and would not be able to convert it back into a
readable form without a special decryption key.
 Encryption is commonly used to protect data that is being communicated across a network.
 The on-line shopping system should provide for encryption of sender’s details (using
‘public key’) and the decryption of message at seller’s end (using a ‘private key’)

Preventing or detecting hackers

 Physical security measures to prevent unauthorised access

 Use of passwords
 Encryption of data
 Audit trails, so that transactions can be traced through system when hacking is suspected
 Network logs of attempts to gain access to the system
 Firewalls.

Firewalls

 Firewalls are either software or a hardware device between user’s computer and modem.
 Purpose is to detect and prevent any attempt to gain unauthorised entry through Internet
into a user’s computer or Intranet system.
 A irewall:
- Will block suspicious messages from Internet, and prevent them from entering system
- May provide an on-screen report to the user whenever it has blocked a message
 Firewalls can be purchased from suppliers.
 Some irewall software can be downloaded free of charge from the Internet.
Chapter 4: Information and communication technologies Page 26

Computer viruses

 Viruses are computer software that is designed to deliberately corrupt computer systems.
 Viruses are written with malicious intent, but they may be transmitted accidentally.
 Viruses can be introduced into a system on a ile containing the virus.
 A virus may be contained in a ile attachment to an e-mail or On a storage device like DVD.
 Viruses vary in their virulence (amount of damage they may cause to software or data)
 New viruses are being written continually.

Measures that might be taken to guard against computer viruses.

 Computer user should install anti-virus software and keep up to date to:
- Detect known viruses in a ile; and
- Isolate the virus so that it is not able to corrupt software or data in the computer.
 Computer user might restrict the use of loppy disks and re-writable CDs
 Firewall software and hardware should be used to prevent unauthorised access
 Staff should be encouraged to delete suspicious e-mails without opening any attachments.
 There should be procedures, communicated to staff, for reporting suspicions of any virus.

IT Standards

 IT Standards are a form of general control within IT that help to reduce the risk of IT system
weaknesses and processing errors, for entities that apply the Standards.
 A range of IT Standards have been issued (e.g. ISO has issued IT security system standards).
 There are also IT Standards for the development and testing of new IT systems.

Application controls in IT

 Application controls are controls that are designed for a speci ic IT system.
 Common example of application controls is data validation. These are checks on speci ic
items that are input to a computer system, to test the logical ‘correctness’ of the data. E.g.:
- If a transaction is input to system without value, an error report should be produced.
- Entered value should be within a range of codes, otherwise error would be generated
- Key code numbers can be designed to include a ‘check digit’.
Monitoring of controls

It is important within an internal control system that management should review and monitor
the operation of the controls, on a systematic basis

IT controls audit

 Large organisations might employ an internal audit team.

 Organisation could also employ IT auditors who specialise in a particular IT system
 Alternatively, IT control audit might be outsourced to a irm of independent auditors
 The steps involved in IT Control audits typically include the following:
- Auditor must understand the risks faced by the systems.
- Auditor would then consider the design of the controls that have been put in place.
- Auditor will then test the key controls to ensure they have been operating effectively.
 They might perform IT controls auditing on cyclical basis addressing different parts
 Alternatively they might audit all areas of the system at every audit.
 Another approach would be to adopt a ‘risk-based’ approach
Chapter 4: Information and communication technologies Page 27

Exception reporting

A periodic (e.g. daily / weekly / monthly) exception reporting should

 Describe control failures that occurred
 Describe the impact of the control failure
 Suggest the new control(s) that should be adopted

The effectiveness of IT control monitoring is driven by the action taken by management to

address control failures when they occur.