Chapter 9: Is Strategy, Governance, and Ethics
Q1: What is the relationship between organizational strategy and information technology planning?
We could develop a competitive strategy for the organization, this is supported by information systems.
The information system a company chooses to use should support the company’s competitive strategy.
Effectively managing IS so they support business objectives is a difficult process. It requires a significant
amount of information technology planning, including understanding how technological and organizational
systems should be acquired, maintained, and renewed.
Q2: What is information technology architecture?
Some questions to ask: How many computers are in the company, are they the same brand, where were
they bought, what os are they using, what aps are being used on them.
An IT architecture is like a plan for a city. An IT architecture is complex and that complexity is increasing
as more services are supported and different technology is used.
Enterprise architect creates a blueprint of the organizations information systems and the management of
these systems. The blueprint should provide an overview that helps the people in the organization better
understand current investments in technology and plan for changes.
In developing the architecture the enterprise architect usually considers organizational objectives, business
processes, databases, information flows, operating systems, applications and software, and supporting
An architecture is usually a long document with many sections that include diagrams, as well as
management policies, and supporting technology.
Since IT architecture is so complex it is often helpful to use a method that organizes the development. One
of the most popular of these is the Zachman framework, conceived by John Zachman at IBM.
The Zachman framework: divides systems into 2 dimensions: one is based on 6 reasons for communication
(what-data, how-function, where-network, who-people, when-time, and why-motivation), and the other is
based on stakeholder groups (planner, owner, designer, builder, implementer, and worker).
Organizational architecture is very important when considering significant changes (mergers, acquisitions,
divesture, or rapid growth.
Q3: What is alignment, why is it important, and why is it difficult?
Alignment: the process of matching organizational objectives with IT architecture. Alignment should be
viewed as an ongoing process- meaning that fitting IT architecture to business objectives is a challenge that
The alignment process takes advantage of the IT capabilities as they develop while at the same time
maintaining a balance between business objectives and IT architecture.
One may think that Wal-Mart doesn’t spend less on IT than the industry average but really they spend
more. Over several decades they have developed a sophisticated network of information technology
applications that allows it to collect and share vast amounts of enterprise information throughout the
organization. Access to this data allows Wal-Mart employees and suppliers to make more effective
decisions and to operate more efficiently.
Communication between businesses and IT executives is the most important indicator of alignment.
Successful companies find ways to share knowledge and frustrations between the IT department and the
business functions. This shared knowledge can become a source of competitive advantage for firms
because the firms are better able to align their IT investments with the overall business objectives. Q4: What is information system governance?
Governance: suggests that some committee or political party is able to decide on expectations for
performance, to authorize appropriate resources and power to meet expectations and perhaps eventually to
verify whether expectations have been met.
In publically traded organizations, one purpose of governance is to ensure on behalf of the firm’s
shareholders, that an organization produces good results while working to avoid bad results.
For business organizations governance is working towards the development of consistent, cohesive
management policies and verifiable internal processes.
Managing at a corporate level often involves establishing the way in which boards oversee a corporation
and establishing the rules that apply to issues such as sourcing, privacy, security, and internal investments.
The goal of IS governance is to improve the benefits of an organization’s IT investment over time.
Reporting processes and review processes can be established and can work over a period of time to
improve quality, reduce service costs and delivery time, reduce IT risks, and better support business
Sarbanes-Oxley Act: governs the reporting requirements of IPOs.
Q5: What is an Information Systems audit?
An Information systems audit is very similar to a financial audit, but instead of financial and accounting
records, the focus is placed on information resources that are used to collect, store, process, and retrieve
Q6: What are information system ethics?
Actions may not be illegal but may be unethical.
Information systems ethics isn’t about the hard ware or software it is about the people involved with the
system. Computers do not threaten our privacy it is the people who will use our private information that
As humans we should take advantage of technological innovations but should be sensitive to the possibility
of abusing these advances.
Information systems ethics is not about detailing appropriate rules for our behaviour. The legal system
develops rules of law and their enforcement. If we could put ethics into rule-based behaviour, then
computers would control ethics. Instead, information systems ethics is about understanding our own
behaviour and how it can affect others.
Q7: What is Green IT and why should I care?
Green IT means using information technology resources to better support the triple bottom line for
organizations. The triple bottom line is a concept that expands the notion of traditional financial reports that
are based solely on financial performance, to take account into account ecological and social performance.
Its primary goals are to improve energy efficiency, promote recyclability, and reduce the use of materials
that are hazardous to the environment.
Ex: laptops instead of desktops, using the sleep mode on computers
One of the most important issues in green IT is e-cycling (the recycling of electronic computing devices).
Chapter 10: Understanding the IT department: Operations and projects
Q1: What do you need to know about the IT department? The IT department is in charge of many of your working services (emails, passwords, databases)
There are two reasons you need to make friends with IT
1. You need to understand the responsibilities and duties of the department do that you can be more
effective. If you understand what IT does and how it’s organized you’ll understand how to obtain
the equipment, services, or systems you need.
2. You need to know how it works in order to be a better manager. If you understand the functions of
the IT department, you will know how to raise IT issues very early in any plan to acquire or merge
with another organization.
Q2: What should you know about IT operations and IT projects?
There are two basic activities required to provide IT services for the organization:
1. Maintaining current information technology infrastructure: often accomplished as part of IT
2. Renewing and adapting the infrastructure to keep IT working effectively in the future. This is
normally accomplished by projects. Projects are normally accomplished by projects. Projects can
be any size. Large IT projects are normally high profile, high cost changes to the status quo of the
organization and can often be founded outside of the IT budget.
Operation and project work tend to attract different types of IT professionals.
Operational people tend to want to specialize in particular technologies. (networking specialists, operating
systems specialists, database administrators, and hardware technicians).
Because projects are temporary and often change existing infrastructure, they generally require broad skills,
and they challenge project team members to learn new technologies. Team members may work on multiple
projects at a time. IT projects can provide more opportunities for contact with project stakeholders in other
Information Technology Infrastructure Library (ITIL)- offers a large set of management procedures that are
designed to help businesses achieve value from IT operations .
While IT operations and projects are very different they rely on each other for success (projects come to an
end and must be maintained, and infrastructure must eventually be replaced).
Q3: What are the IT department’s responsibilities?
Our previous discussion had suggested there were 2 basic functions for the IT department:
o Managing the IT infrastructure to provide IT services, which requires:
a) Managing and protecting the IT
b) Managing and protecting the data resource
c) Managing and protecting the system applications
o Develop and adapting IT systems and IT infrastructure.
Managing Information Technology Infrastructure: IS exist to further the organization’s competitive
strategy. IT departments exist to facilitate business processes and improve decision making within the
organization. The IT department has the responsibility of aligning its activities and services with the
primary goals and objectives of the organization. As new technology emerges, the department is
responsible for assessing that technology and deciding whether it can be used to advance the organization’s
goals. The IT department is also responsible for adapting infrastructure and systems to the new business
goals. The responsibility for managing the IT infrastructure is the CIO (chief info officer) and the MIS
o Managing and Protecting IT: Networks and servers need to be turned on and monitored, and
software and security applications need to be updated. Sometimes the infrastructure needs to be adjusted or tuned to changes in the workload. Because of the high cost and serious disruption of
system outages, information system’s personnel are particularly sensitive to any threats to IT.
o Managing and Protecting Data Resources: The IT department is also responsible for protecting
data from threats. Threats to data arise from 3 sources: human error, malicious human activity, and
natural events and disasters. The department must identify threats, and estimate risks, and
implement safeguards (which aren’t free).
o Managing and Protecting the System Applications: If the IT department has built an application,
then it is involved in supporting the system. The IT department isn’t responsible for fixing initial
bugs, that’s the job of the SAP but the IT department is often responsible for managing the
upgrades, and basic maintenance. It is also often concerned with the service licensing agreement
of the application.
Renewing the IT infrastructure: the department must also be responsible to create, develop, and adapt the
IT infrastructure to enable business projects to be completed. Examples of projects that renew infrastructure
are developing/modifying new system applications or adapting infrastructure (computer networks, servers,
data centres..ect) to changes in the business systems. They are also responsible for creating systems
infrastructures such as email, instant messaging.
In most companies departments will pay for their own computers but because iT maintains the equipment
the department will specify which computer systems and configurations it will support.
Q4: How do IT departments decide what to adopt and when?
While IT departments make recommendations about adopting technology the final decision should be made
by the business part of the organization.
The benefits of adopting technology are often referred to as business value. In calculating business value it
is important to consider all of the benefits the company may receive. Tangible benefits are those which a
dollar value can be computed. Intangible benefits are those that no dollar value can be computed.
A common method for justifying IS and IT projects is to compute the costs and tangible benefits, and if the
project can be justified on just tangible benefits than a favorable decision can be made.
If it cannot be justified on just tangible benefits then the tangible benefits must be considered and a
subjective decision is made as to whether the intangibles are sufficiently valuable to overcome any missing
tangible benefits that would be required.
Everett Rogers was interested in describing which aspects of an innovation were particularly important in
an individual’s or organizations decision to adopt that innovation. He identified 5 characteristics
1. Relative advantage: how well an innovation performed in comparison with a more traditional
product or service. The larger the relative advantage, the more likely to adopt.
2. Compatibility: the difficulty that an organization would have in using the innovation alongside
their existing technology.
3. Complexity: if the innovation is too difficult to understand or use the company won’t adopt it.
4. Trial ability: being able to use the innovation before purchasing.
5. Observability: the extent to which the technology can be seen or demonstrated to others.
Closely related to the idea of innovation characteristics is the Technology Acceptance Model (TAM): In
this model an individual considers 2 primary factors when forming intentions bout whether to adopt the
technology. Ease of use, and Perceived usefulness.
Q5: How is the IT department organized? Organizational structure depends on the organization’s size, culture, competitive environment, industry,
and other factors.
The title of the IT manager varies from organization, a common title is the Chief Information Officer
(CIO), and other titles include: vice-president of information services, and director of information services.
In some cases the CIO reports directly to the CEO, but in other cases they report to the COO who reports to
the CEO, and sometimes the CIO reports to the CEO.
Most IT departments include a technology office that investigates new IS technologies and determines how
the organization can benefit from them. The chief technology officer (CTO) often heads the technology
group. The CTO sorts through new ideas and products to identify those that are most relevant to the
Operations manages the computing infrastructure including individual computers, computer centres,
networks and communications media. An important function for this group is to monitor user experience
and respond to user concerns or problems.
The third group- development, manages projects that acquire new information systems as well as maintain
existing information systems.
o The size of the development group depends on if the programs are developed in house or not. If
not the department will be staffed by business analysts and system analysts who work with users,
operations, and vendors to acquire and install licensed software and set up the system components
around that software. If the programs are developed in house programmers, project managers, test
engineers, technical writers, and other development personnel.
The last IT group is outsourcing relations which are responsible for negotiation outsourcing agreements
with other companies to provide equipment, applications, or other services.
A data administration staff function is included to protect data and information assets by establishing data
IS exist in the organization to achieve its goals and objectives. IT focuses on the technology.
What about the web? As companies recognize the impact that the web could have on its brand and its
customers, control of content and the look and feel of the website were moved toward the marketing
department while IT maintained technical responsibilities.
Recognition of the importance of website design created a whole new set of jobs related to that design.
These jobs combine business skills (marketing) and technological skills.
A website can take a lot of people to create (project manager, lead designer, developer, and technical
Q6: What IS-related job positions exist?
Highly developed interpersonal and communication skills are needed. In reality most jobs in the IS industry
require a mix of interpersonal and technical skills.
Q7: What are your rights and responsibilities?
Your rights: you have the right to computing resources you need to perform your work proficiently. You
have the right to a reliable network and internet services. You also have the right to a secure computing
environment. You have the right to regular systems development and maintenance. You have a right to
Your responsibilities: you have the responsibility to learn basic computer skills, and learn basic techniques,
and procedures for the applications you use. You have the responsibility to follow security and back up
procedures. You are responsible for protecting your computer. Chapter 11: Acquiring information systems through projects
Q1: How can information systems be acquired?
You can acquire an information system the same way you do a car. Look at your options and decided
which one has the best fit with your company. If none of them have a good fit you can customize it which
costs a bit more. You can also rent or lease an information system. Some licenses have a fixed term and
others don’t. You may even be able to build your own software, it can be risky but can have great benefits
in the end. So all in all there are 4 ways to acquire an software:
1. Buy and use as is
2. Buy and customize*Most common
3. Rent or lease it
4. Build it yourself
Acquiring a software requires incorporating the software into the current technological infrastructure and
integrating the software into the data and procedures people use to make things happen in an organization.
Acquiring a software is not the same as acquiring an IS. Even if the software is free the company will face
charges in implementing the software to the company.
Q2: What are projects, what is IT project management, and what does PMBOK mean?
Project Management Body Of Knowledge (PMBOK), the guide to PMBOK notes that a project consists of
a temporary endeavor undertaken to create a unique product, service, or result.
Projects often begin with goals and objectives, from these a scope for the project is developed and project
managers are given resources like people, money, and space to complete the project.
Projects usually have a start and end date. Projects also often represent change in an organization.
Projects that often have a large IT component in terms of budget or personnel are called IT projects.
Projects that require a change to the business process are often called IT projects because the new IT
supports the change in business processors.
Information Technology Project Management (ITPM) is the collection of techniques and methods that
project managers use to plan, coordinate, and complete IT projects. They use PERT and GANTT charts.
The guide in the PMBOK suggests there are 5 groups in any project:
These groups should be viewed as a group of activities that often overlap and that occur throughout the
project. Each of these process groups can relate to one of the 9 project knowledge areas: integration
management, scope management, time management, cost management, quality management, human
resource management, communications management, risk management, and procurement management.
PMP- project management professional.
Q3: Why are IT projects so risky?
IT projects have a general failure rate of 25%.
The reason IT projects are so risky is because they are hard to picture. How can you draw all the
components and show how people will be affected? The price also makes IT projects riskier as technology
prices and technology are always changing. It is also hard to tell how far along the IT project is, what does a half completed IT project look like? Many other risks involve the people involved with creating and
managing this IT project.
When a project ends we measure whether the project was on schedule and budget. We also consider
whether the project added any business value. The model on Page 330 shows us three things about IT
1. IT performance has to be evaluated on not only whether the project was on budget and time, but
whether the expected benefits from the project were realized.
2. The forces of evil pathway- involves structural risk, volatility risk, and project process
performance. When structural risk is high, the project is either large or technically complex. When
volatility risk is high project process performance tends to be lower. Increased organizational
support may help to reduce the volatility risk but the forces of evil make it hard to hit budget and
schedule estimates difficult.
3. The forces of good involve knowledge resources, organizational support, project management
practices, and both process and product performance. When teams knowledge resources are high,
there is a tendency to observe higher levels of organizational support and higher levels of project
management. These correlate with increased levels of process performance and project product
performance. The knowledge resources help create a virtuous cycle of improved performance.
Remember that the model is only a model and that real life IT projects are subject to many affects.
Q4: What are systems analysis and design, and SDLC?
Systems analysis and design is the process of creating and maintaining information systems.
This involves not just IT but IS which includes the non-technical skills required in systems analysis and
design, such as, establishing the system’s goals, setting up the project, determining requirements,
interviewing users, and understanding their view of the business. Also developing job descriptions, staffing,
training all require HR resources. Systems development is not exclusively a tech