CHAPTER-10 IT STRATEGY (2)

CHAPTER NO. 10

IT STRATEGY

Contents

1 IT strategy
2 Principles of e-business
3 Infrastructure
4 E-marketing
5 Customer relationship management
6 IT control
CHAPTER-10 IT STRATEGY (3)

1. IT Strategy

Section overview

◼ Information systems (IS)

◼ IS systems as strategic support
◼ Information technology (IT)
◼ IT as strategic support
◼ Information and organisation structure

1.1 Information systems (IS)

All organizations use information. Information is used at:
• Operational level: Basic transactions must be recorded and processed – a bookkeeping
system, for example, is a transaction processing system.
• Tactical and strategic level: Management also use information to plan and make decisions.
The quality of their planning and decision-making, from strategic decisions to day-to- day
operating decisions, depends on having reliable and relevant information available
Main types of information systems and their uses
Transaction processing system Used to process routine transactions, such as bookkeeping
systems and sales order processing systems.
Management information system Used to provide information, mainly of a routine nature, to
management. The purpose of a management information
system (MIS) is to provide management with the
information they need for planning and controlling
operations.
Decision support system Used by managers to help them to make decisions of a
more complex or ‘unstructured’ nature. A DSS will
include a range of decision models, such as forecasting
models, statistical analysis models and linear
programming models. A DSS therefore includes facilities
to help managers to prepare their own forecasts and to
make decisions on the basis of their forecast estimates.
Models can also be used for scenario testing.
Executive information system It gives an executive access to key data at any time, from
sources both inside and outside the organisation. An
executive can use an EIS to obtain summary information
about a range of issues, and also to ‘drill down’ into
greater detail if this is required. The purpose of an EIS is
to improve senior management’s decision-making by
providing continual access to up-to-date information.
Expert system provides information, advice and recommendations on
matters related to a specific area of expertise.
CHAPTER-10 IT STRATEGY (4)

1.2 IS systems as strategic support

IS systems provide strategic support within an organisation because the quality of decision making
depends on the quality of information to management. In addition, the quality of the service to
customers depends on the quality of transaction processing.
An entity should ensure that its IS systems are suitable and will assist the entity in achieving its long-
term strategies. It should be remembered that an IS systems can give an entity a competitive advantage
over its rivals, because they will be making better-informed (and faster) decisions.

1.3 Information technology (IT)

Information technology consists of both computer technology and communications technology.
Developments in IT have had an enormous impact on business.
• IT is mainly concerned with collecting and manipulating information using hardware (IT
components) – bar code scanning and invoicing at Hyperstar/Al-Fateh
• IS is mainly concerned with decision making aspect of the business using software – using the
data generated through invoicing to observe trends of product sales and managing inventory
accordingly.

1.4 IT as strategic support

IT helps organizations to develop new products and service, make use of advanced technological
systems and explore new opportunities to meet strategic targets.

1.5 Information and organizational structure

IT and IS has affected organizational structure in many ways such as:

• Ease of access of information to employees has make it easier to take decisions at ‘local’ level
• Information can be obtained from any part of the entity by the senior management that lead to
better coordination
• Middle management has been made redundant as senior executives now directly communicate
with lower levels
This has led organizations to develop flatter structures, or even virtual structures.
CHAPTER-10 IT STRATEGY (5)

2. Principles of E-business

Section overview

◼ Definition of e-business
◼ The impact of the internet on business strategy and competition
◼ Main business and marketplace models for delivering e-business
◼ E-commerce and the globalisation of business
◼ Barriers to e-business

2.1 Defining E-Business and E-commerce

E-commerce: E-commerce can be described as: ‘all electronically mediated information exchanges
between an organisation and its external stakeholders. E-commerce is sell-side if it is between an
organisation and its customers and is buy-side if it is between an organisation and its suppliers’.
An alternative definition is ‘Buying and selling of goods and services, or the transmitting of funds or
data, over an electronic network, primarily the Internet. These business transactions occur either
business-to-business, business-to-consumer, consumer-to-consumer or consumer-to-business.’
E-business: E-business includes all aspects of e-commerce, but also includes work flows and
movements of information within an entity, for example between departments or functions. Internal
processes are driven by e-business methods as well as external relationships with customers, suppliers
and other external stakeholders.
E-business transactions do not necessarily involve a payment for goods or services. Transactions with
customers and suppliers might involve the transfer of information rather than a transfer of money. For
example, a major aspect of e- marketing is concerned with providing information to customers or
exchanging information with customers or potential customers.
Aspects of E-business include:
• Corporate website
• Company intranet
• Telecommunication networks
• Interactive televisions (especially in consumer markets)

2.2 The impact of internet on business strategy and competition

Porter argued that the two main factors that determine the profitability of a business entity are the
structure of the industry in which it competes, and the ability of the entity to achieve a sustainable
competitive advantage.
Internet and industry structure
The internet has led to the development of some new industries, such as online auctions. However, it
has had a much more significant impact on existing industries and the nature of competition within
those industries. (Remember that when an industry becomes more competitive, prices are lower and
profitability for all companies in the industry is lower – five forces model)
CHAPTER-10 IT STRATEGY (6)

The impact of the internet on competition in many industries can be analysed within the framework of
Porter’s Five Forces model.
• Competitive rivalry with existing competitors. The internet encourages greater competition.
Companies provide a large amount of information about themselves and their products on their
websites. This makes it easier for competitors to copy what they are doing. As a result of the
stronger competition, selling prices are depressed.

• Threat of new entrants. In many industries, the barriers to entry have been lowered. By using
the internet, new competitors can enter the market more quickly and more cheaply. Companies
are able to enter the market using the internet to market their products or services. They do not
need to employ an expensive full-time sales force, or distribute their products through
(expensive) traditional retail networks.

• Bargaining power of suppliers. Suppliers are able to use the internet to increase the number
of clients or customers for their products. As a result, the bargaining power of suppliers is
likely to increase.

• Bargaining power of customers. The internet has increased the bargaining power of
customers substantially. Customers are able to obtain information about the rival products of
many different competitors, by using search engines such as Google and visiting many
different websites. ‘The reality is that customers using the internet are finding it easier to
switch suppliers, and the openness of the internet and its standards makes it difficult for a
customer to maintain its customer network intact.’

2.3 Main business marketplace models for delivering e-business

The main types of ‘model’ for delivering e- business are:

Selling goods and services. ‘E-shopping’ is a term for consumers buying goods or services by placing
orders on a company’s website.
Providing electronic auctions. These are websites where customers can auction goods for sale, and
put in bids for auctioned items. eBay is perhaps the most well-known example.
New intermediary companies. One of the problems with the internet is the enormous number of
different websites. This can make it difficult for customers to know which website to visit where they
can buy goods or services that they are looking for, and obtain the ‘best deals’. Food panda, Airbnb
are best examples.
Alliances of suppliers. In some markets, businesses have created alliances with shared websites for
selling their products to customers over a wider geographical area. Daraz.pk alliance with
Alibaba.com. later it was purchased by Alibaba.
E-procurement. As well as creating larger markets for consumer goods and services, communications
networks and computer systems have created new opportunities for business-to-business purchasing
(‘e- procurement’), by linking up the computer systems of companies with those of their main
suppliers.
Advertising. The internet has also created new opportunities for advertising and marketing.
Companies can advertise their products or services on search engines such as Google, or on the
websites of other companies.
Promotion. Opportunities are provided by the chance to send promotional messages by e-mail to
potential customers
CHAPTER-10 IT STRATEGY (7)

Customer relationships. The internet provides opportunities for companies to build customer
relationships, for example by providing support, user forums and FAQ (frequently asked questions)
pages.
2.4 E-commerce and globalization of businesses
E-commerce has been a major factor in the globalisation of business. Geographical distance can still
be a barrier to the globalisation of markets, but e- commerce reduces those barriers, and can even
remove them.
The earlier concept of e-procurement helps firms to globalize based on e-commerce models
2.5 Barriers to E-business
Although many companies engage in some form of e-business, there are barriers to setting up e-
business activities and maintaining them so that they remain an effective way of developing the
business. The difficulties with e-business can include the following.
Set-up costs. It can be fairly expensive for a small company to establish a website for selling its
products and taking payment by credit card, debit card, Interswitch or PayPal. For example, it will be
expensive for a small company to set up a website showing an online catalogue with photographs,
keeping records of inventory balances, and with the facility to debit customer credit cards.
Type of business. Some products and services are easier to sell on the internet than others. For
example, computer firms sell products very successfully over the internet as their products can be
perfectly specified in writing. However, it is much more difficult to sell items of clothing.
On-going operating costs. A website has to be updated frequently, to keep it interesting (and
accurate), and it might be necessary to keep making special offers to encourage customers to revisit
the site.
Time to establish the system. It takes time to establish a website that customers know about and want
to visit.
No in-house skills. A company might not employee individuals with the knowledge or skills to
maintain a website. However, this should not be a serious barrier to e-business, especially if the
employer is prepared to give suitable training to staff.
CHAPTER-10 IT STRATEGY (8)

3. Infrastructure

Section overview

◼ Layers of infrastructure
◼ The internet
◼ Intranets and extranets
◼ Designing a website for e-commerce

3.1 Layers of infrastructure

A company needs to be able to communicate with its customers or suppliers electronically, usually by
the internet. The infrastructure necessary to support a business is a combination of computer hardware,
software, data files and communication networks.
3.2 The Internet
The internet is a network of computer networks. To link to the internet you need the following:

• An internet service provider (ISP), such as Zong, Wateen, Warid etc.

• A browser, such as Microsoft’s Internet Explorer or Google Chrome.
• A communication link such as ordinary telephone or ISDN. Increasingly users are subscribing
to broadband (ADSL or DSL), which provides very high transmission speeds.
• A modem to enable the computer to transmit over the communications link.
The internet is based on client-server technology. Web browsers, such as Internet Explorer, are the
client applications. The server, which may be a distant computer, holds e-mails and web pages.
Websites are usually arranged in a hierarchical pattern, starting with a home page. The
client requests information from the server, at first by specifying a URL. Once the home page
of the site is delivered to the user from the server, links on the page can be clicked to access
other pages on other sites.

Some web pages are static, always showing the same information, rather like a printed sheet. Other
web pages are dynamic, which means that they are updated in real time.
CHAPTER-10 IT STRATEGY (9)

Web Middleware Database

Web Email
Web browser Regional
(client software) internet
company
Web Web pages

Web Web pages

Intranet and extranet

An intranet is the use of internet technology within one entity. For example, a company can set up its
own intranet, which allows its employees to exchange and share information with each other.
Customer information and product information are usually available on intranets, together with other
shared data files, newsletters, company procedures, and so on.
Benefits:
• Better communication
• Speedy data transfer
• Low data transmission error
• Allows access to internet

An extranet is a network in which the intranet of one company can connect with the intranet of
another company, usually a supplier or customer. An example of an extranet is a buyer’s purchasing
system communicating electronically with a seller’s sales order system, through their intranets, to
generate a purchase order and order delivery.
3.3 Designing website for e-commerce
The design of a website is extremely important, for persuading customers to use the site and buy from
it.
• The website must be easy to use. The user must be able to navigate through the site easily.
Icons must be clear. Users should be able to select goods for purchasing without any difficulty
or possible confusion. Any forms must be easy to fill in.
• Screens should also be visually attractive, to encourage users to browse through the site.
• Design features such as the ability to enlarge images of products, or obtain additional
information about a product, may also be very useful.
• The system must allow users to interact with it, so that the users can choose their
own route through the website easily.
• The website must be kept up to date. For example, the availability of products must be
kept up to date, so that buyers know whether a product is available for purchase or not. If
a website is not kept up to date, users will lose confidence in it.
• The website is an advertising medium as well as an electronic store. It can be designed
in such a way that the user’s attention is drawn to additional products that he or she
CHAPTER-10 IT STRATEGY (10)

might be interested in buying.

• The website must be available ‘all the time’ to users. Downtime must be kept to an
absolute minimum.
• The system must integrate with the company’s other transaction processing systems, such
as its customer database, accounting system and inventory control system.
• The system must be able to reassure users that it is secure. The website should be
designed with security in mind, and also with providing reassurance to users that it is a
secure site.
CHAPTER-10 IT STRATEGY (11)

4. E-marketing

Section overview

◼ E-marketing and the 7Ps of the marketing mix

◼ The 6Is of the e-marketing mix
◼ E-marketing: promotion strategy
◼ E-mail marketing (direct mail and the internet)
◼ E-branding

4.1 E-marketing and the 7-Ps of E-marketing mix

E-marketing is marketing using electronic technology, particularly the internet. The 7Ps of the
marketing mix apply to e-marketing just as much as they do to other forms of marketing, although the
relative importance of each item in the mix might vary with e-marketing.
Product: Some products sold on the internet can be customised so that they are constructed to the
customer’s specifications. For example, customers of Dell Computers can order a computer on the
internet, and specify the features of the computer they want. Dell then assemble a computer to the
customer’s specifications. Products can be customised.
Price: This is more transparent on the internet and users can often compare prices easily. Some
websites are specifically designed to compare prices (for example www.booking.com.) Pricing can
also be dynamic so that prices change frequently according to demand and availability.
Place: Some goods, such as music, video and software can be delivered over the internet.
Promotion: Websites and e-mail are new ways of advertising goods and services. Buying space on the
websites of other companies or on search engines such as Google can provide an opportunity for
targeted promotion. Traditional media are currently suffering from a loss of mass audience, as the
market for entertainment becomes much more segmented. As television, radio, magazines and
newspapers become less attractive for advertisers, the internet has created new advertising possibilities
for reaching a wider (and often younger) audience.
Physical environment: In terms of e-marketing, the design of a website is important, because visitors
will not stay on a website if it is not attractive, difficult to navigate or fails to provide the information
that visitors are looking for.
People: The internet does not involve ‘people’ in marketing, in the sense that customers are
communicating by computer with a website.
Processes: Buying goods or services by internet is a process, and the quality of this process is another
element in the marketing mix for e- business. A sale must be followed up by an efficient delivery
service. Many companies send a confirmation of order to the customer immediately after website
purchase is made, to reassure the customer that the order is being dealt with promptly.
CHAPTER-10 IT STRATEGY (12)

4.2 ‘6 Is of E-marketing my’

In addition to planning e-marketing strategy in terms of the 7Ps of the marketing mix, an e-marketing
mix can also be considered in terms of the ‘6Is’. These are:
• Interactivity
• Intelligence
• Individualization
• Integration
• Industry structure
• Independence of location
Interactivity
Traditional advertising media are ‘push media’, in the sense that the flow of information is all one
way, from the advertiser to the customers, and the advertiser is trying to persuade the customers to buy
its products.
A website is a pull medium, because the aim is to attract interest from customers and make them want
to visit the site.
The internet can also be used to establish interactivity with customers, and create a dialogue.
Interactivity is a very powerful marketing device. Interactivity takes several forms, such as:

• getting visitors to the site to provide details about themselves (and agree to receive e-mails
from the website owner in the future), perhaps in exchange for additional information or a free
service
• getting visitors to buy a product or service and pay for it using the internet.
Having obtained the e-mail address of an individual, opportunities exist for the continuation of the
dialogue in the future, through e-mail marketing messages and ‘information updates’. This connection
with the customer helps to establish a long-term relationship, which companies can try to benefit from.

Intelligence
The internet can be used as a relatively low-cost method of collecting market research data and data
about customers and other visitors to a website. This data can be analysed to produce marketing
information about what customers buy, and what information on a website interests them most.
‘Clickstream analysis’ of data on a website log file can be used to build up a picture of customer
preferences, and possibly also to identify different market segments.
Individualisation
In traditional media the same message tends to be broadcast to everyone. Communication via the
internet can sometimes be tailored or ‘personalised’ to the individual. For example, the activities of
every customer who visits a site can be recorded and whenever a customer next visits the site, relevant
information will be retrieved from the data files and used to produce an individualised message. (In
contrast, advertising messages in media such as television are ‘one-to-many’ messages, and the same
marketing message is sent to every potential customer.)
This can be done even if a visitor has not registered with the website as ‘cookies’ can be sent and
stored on visitors’ machines. Cookies are small pieces of information, which are used to customise
visitors’ experiences on subsequent visits to the website.
CHAPTER-10 IT STRATEGY (13)

Integration
The internet provides scope for integrated marketing communications: how can the internet
complement other marketing channels to deliver customer service?

Many companies are now considering how they integrate e-mail response and website call-back into
their existing call-centre or customer service operation. This may require a substantial investment in
training and new software.
Some practical examples of how the internet can be used as an integrated communications tool are as
follows:
• The website can have a call-back facility built into it. For example, a customer service
representative can contact a customer by telephone when the customer provides his name,
phone number and gives a suitable time for calling. Similarly when a customer logs on to the
website of his bank and looks at information about personal loans or mortgages mortgage
information, this can be notified to one of the bank’s mortgage advisers or loans advisers, who
can then telephone the customer.
• The internet can be used to support the buying decision even if the purchase does not take
place on the website. For example, the website might provide a telephone number to call in
order to speak to a sales representative and make an order. (This might be necessary for
companies that sell non-standard products or services.)
• The internet can be used to support customer service, for example, by encouraging users to
check a list of frequently asked questions (FAQ) compiled from previous customer enquiries
before contacting customer support via phone.

Industry restructuring
The internet can lead to a re-structuring of the industry supply chain. Disintermediation is the removal
of intermediaries such as distributors or agents: this occurs for example when a company starts selling
directly to end-consumers through its website, and reduces or abandons its use of sales agents,
distributors and sales representatives. In other markets there has been re-intermediation, where new
intermediary companies sell the products of other suppliers, when the suppliers had previously sold
direct to customers. An example, mentioned earlier, is the use of intermediaries such as
lastminute.com to sell holidays, travel arrangements, book hotel accommodation and buy theatre
tickets and tickets to other entertainment events.

Independence of location
The internet introduces the possibility of increasing the impact of an entity on a global market. Users
of a website cannot easily tell from the website whether it is owned by a small local company or a
large multinational or global company. This gives small companies opportunities to sell into global
markets.
The internet also makes it possible to sell to a country without a local sales force. In the UK, the
internet is used extensively to advertise residential property in other European countries, for purchase
or rental.
CHAPTER-10 IT STRATEGY (14)

4.3 E-Marketing promotion strategy

The objectives of e-marketing with a website should be to:
• Get as many potential customers as possible to visit the website. The first task is to get as
many potential customers to visit the website, using a mix of traditional advertising media and
e-business methods (such as advertising on other websites or search engine optimisation).
• Keep visitors at the website long enough to make a marketing proposal to them. The website
must be designed and used so that it delivers a powerful marketing message.
• Achieve a successful marketing outcome, so that the marketing process can continue. A
successful marketing outcome from a visit to a website might not be an immediate sale.
Traditional media and internet compared

Traditional media Internet

Advertising space An expensive commodity Cheap and virtually unlimited

Time consumed Expensive for the advertisers Expensive for the internet users

Advertising image Creating an image is usually The content of the message is usually
more important than the more important than creating an
content of the advertising image.
message

Communication Push, one-way from advertiser Pull, drawing the customers to the
to customers website.

Or interactive.

How are Provide an incentive Offer them information (and possibly

customers incentives)
persuaded to act?
Information is the main currency of
the internet.

4.4 E-mail marketing (direct mail and the internet)

Interactivity with the customer allows a company to build up a relationship with the customer through
the internet. An important feature of interactivity (after obtaining the customer’s e-mail address and
agreement to receive messages) is the delivery of e-mail marketing messages.
Companies wanting to use e-mail marketing as a part of their marketing strategy should acquire
customer lists – a list of actual or potential customers and their e- mail addresses. These can be built
up ‘in house’ over time, by collecting e-mail addresses from visitors to the website.
Spam: ‘Spam’ has become a significant problem for electronic marketing, and has helped to give
direct mail advertising through the internet a ‘bad name’.
Spam is unsolicited and unwanted e-mail. Although many consumers receive ‘junk mail’ through the
post, spam is more of a problem simply because of the very high volumes of mail received. Unless
CHAPTER-10 IT STRATEGY (15)

software is installed for detecting and blocking spam messages, the likelihood is that by far the
greatest number of e- mail messages received by an internet user will be spam.
Nowadays many email service providers like Gmail and Hotmail have a built-in feature for protecting
users from ‘spam emails’
4.5 E-branding

E-branding refers to the use of internet and related technologies to build brand of a company and
develop its positioning in minds of the consumer.
A brand image can be defined as a collection of perceptions in the mind of the consumer. (These
perceptions can be positive or negative.)
A strong brand is important because it immediately confers a certain amount of recognition when
consumers are choosing products and services. To make their choice easier, consumers will choose a
brand that they have been happy with in the past.
Brand identity can be defined as the elements that are used by a customer to recognise a brand: logos,
symbols, colours, packaging etc. For example, part of Coca Cola’s brand identity in the past has been
the distinctive shape of their glass bottles.
When an established company is planning to market its products by internet for the first time, it has to
consider what to do about its brand identity. There are four choices:

• Duplicate its existing brand identity online. However, if the quality of the internet
site is poor, the brand could be damaged.

• Extend the traditional brand by creating a slightly different version of the brand. For
example, in the UK the BBC extended its name image to its online services, giving the
new services the slightly different name of BBC Online. This allowed the useful
associations of the BBC brand name to be retained, but also suggested to the customer
that the services offered by BBC Online might be different.

• Partner with an existing e-brand. For example, a chain of hotels could market itself
online through an airline website and so associate the hotels with the airline brand
name.

• Create a new brand for the web. For example TCS created www.yayvo.com as their e-
branding to sell goods online.
CHAPTER-10 IT STRATEGY (16)

5. Customer relationship management

Section overview

◼ Definition and scope of customer relationship management

◼ CRM software solutions

5.1 Defining CRM and scope of CRM

A feature of the internet is that it can be very difficult to retain customers and build up customer
loyalty over time. This is because customers can visit the websites of other suppliers whenever they
are dissatisfied with the products or services of a company they have bought from in the past.
Retaining existing customers, as well as attracting new customers, is an important challenge for
companies using the internet for e-business.
The purpose of customer relationship management (CRM) is to help companies to understand better
the behaviour of their customers, and modify their marketing operations to service customers in the
best way possible.
Objectives of CRM include:
• Find out more about the purchasing habits and preferences of customers
• Profile the characteristics and needs of individuals customers and groups of customers more
effectively
• Change the way the company operates, in order to improve its service to customers and the
marketing of its products.

5.2 CRM software solutions

A CRM software system is available as an off-the-shelf application package. This is the cheapest
software solution for companies, although off-the-shelf packages are not always ideally suited to the
specific requirements of the individual company.
Some firms also purchase customized CRM software.
Functions of CRM software
• Collect information for identifying individual customers and categorising their behaviour.
(Different categories of customer might be treated as different market segments, and a
different marketing approach might be used for each segment of customers.)
• Store the customer information and keep it up-to-date.
• Access the information, often instantly, whenever it is needed.
• Analyse customer behaviour.
• Use the analysis of customer behaviour to develop a more effective marketing strategy.
• Provide customers with a better ‘experience’ when they contact the company. Customers often
feel that they receive better service when they deal with a person who knows about their
previous dealings with the company. Customer service staff are able to provide this type of
experience because they have access to the customer’s CRM record.
• Monitor key customer management performance indicators, such as the number of customer
complaints.
CHAPTER-10 IT STRATEGY (17)

6. Cloud and Mobile technology, Big Data and Artificial intelligence

Section overview

◼ Cloud and Mobile technology

◼ Big Data
◼ Artificial Intelligence

6.1. Mobile technology

This refers to technology that is portable. It includes laptops, tablets and smartphones all with high
power and functionality. The development and improvement of such devices has been stimulated by
the growth and improvement of the internet.
6.1.1. Benefits of Mobile technology
• Improved communication
• Ease in search of products and services
• Innovative methods of doing business
• New product development

6.1.2. Risks
• Loss of data, device or gadget
• Prone to attack by hackers and criminal sabotage
6.1.3. Cloud computing
Cloud computing is a general term for the delivery of hosted services over the internet.
It is the practice of using a network of remote servers hosted on the internet to store, manage, and
process data, rather than a local server or a personal computer. It enables use of a computing resource
without the need to build and maintain in-house computing infrastructures.
Characteristics:
• Hardware and software managed by vendor
• Service driven payments (not for the hardware infrastructure)
• Scalable services
6.1.4. Benefits
• Allowing minimized up-front cost
• Focus on core business instead of developing IT infrastructure
• Respond quickly to the changes
6.1.5. Risks
• Giving data access to third party
• More prone to cyberattack

6.2. Big Data

‘Big Data’ is the term used to describe a huge volume of both structured and unstructured data that is
so large it is difficult to process using traditional database and software techniques.
6.2.1 Laney’s 3 Vs of Big data:
Volume huge volumes of new data generated every second. All this new data needs
processing, storing and to be made readily accessible for searching and
analysing. The Datafloq study estimated that 90% of all data created was
CHAPTER-10 IT STRATEGY (18)

generated in the past two years and will continue to double in volume every
two years. Aeroplanes generate around 2.5 billion terabytes of data per year
from sensors installed in their engines. Self-drive cars are estimated to
generate 2 petabyte of data every year. The energy company Shell uses ultra-
sensitive sensors for exploration - if each of their 10,000 wells had three
sensors each that would generate around 10 Exabyte of data annually.
Variety the wide range of data types and sources reflected within big data. Big data
comprises largely unstructured data which requires a different approach and
technique to store raw data. Furthermore, the wide variety of data facilitates
new ways of thinking and analysing. For example, social media such as
Facebook can provide insights such as sentiment analysis on a brand.
Velocity the incredibly high speed that data is created, stored, analysed and visualised.
Traditional batch processing might only update master files once per day on
an overnight batch run. Big data is updated real time (or near real-time) - for
example when you post a photo or comment on social media

6.2.2. Four Vs of Big data

Veracity data needs to be correct and error-free in order to be reliable and relevant.
Variability whilst big data reflects a wide range (variety) of sources its meaning can also
vary widely depending on the context. This is important particularly for
sentiment analysis where the same word can mean different things depending
on context.
Visualization is particularly challenging as it refers to making the vast amount of data
comprehensible in a manner that is easy to read and understand.
Value the huge volume of data that big data reflects is capable of creating huge value
for organisations, societies and consumers.

6.2.3. How big data adds value

Creating transparency. Improved accessibility for relevant stakeholders in a timely manner can
create
value. For example making relevant data readily accessible across otherwise separate departments
within government. Another example is enabling concurrent engineering within manufacturing through
integrating R&D, engineering and manufacturing data.
Enabling experimentation to discover needs, expose variability and improve performance.
Organisations are able to collect and analyse ever more accurate and detailed performance data on
everything from personal sick days to product inventories. They can develop processes then set up
controlled experiments and use the data to analyse variability in performance.
Segmenting populations to customise actions. Big data enables highly specific segmentation to be
developed to support tailored products and services that precisely meet those needs. Whilst common in
areas such as marketing and risk management, this approach has the potential to revolutionise other
areas where populations are more homogenised (treated the same) such as in the public sector.
Replacing/supporting human decision making with automated algorithms. Sophisticated analytics
can substantially improve decision making, minimise risks and unearth valuable insights that would
otherwise remain hidden. Such analytics could be useful across most organisations ranging from tax
agencies (that might use automated risk engines to, say, flag candidates for further examination) to
retailers (who could use algorithms to optimise decision processes such as automatic fine-tuning of
inventories and pricing in response to real-time in-store and online sales).
CHAPTER-10 IT STRATEGY (19)

Innovating new business models, products and services. Big data enables companies to enhance
existing products, create new products and services and invent entirely new business models.
Manufacturers such as airlines might use data obtained from the use of actual products to improve the
development of next generation products to create, say, innovative after-sales service offerings.

6.2.4. Strategies to leverage big data

Performance management is probably the most traditional and best understood current big data
strategy. This involves understanding the meaning of big data in company databases and using
predetermined queries and multidimensional analysis. The underlying data is transactional - for
example
years’ worth of customer purchasing activity. Many businesses will already have some kind of
dashboard
capability that will allow limited drill-down and multiple reporting to identify trends and exceptions
Data exploration also leverages existing transactional data but involves using statistics to experiment
and challenge areas managers may not have previously considered. Cluster analysis is one technique
used to segment customers into groups based on similar attributes which may not have previously been
identified by managers. This will help to attract potential customers with an emphasis on digital,
inbound marketing through engaging, robust and targeted content.
Social analytics relates to the huge amount of non-transactional data which nowexists. Much of this
data is generated on social media platforms such as conversations and reviews on applications such as
Facebook, Twitter and WeChat. Social analytics measures three key areas: awareness, engagement and
word-of-mouth (reach). They are critical for businesses as they help inform managers of the success of
their external and internal social digital campaigns and activities.
Decision science. Unlike social analytics that focus on measuring knownobjectives, decision science
explores social big data in order to conduct field research and test hypotheses. This could include
initiatives such as crowdsourcing, ideas generation and polling.
6.2.5. Challenges of Big data
• When dealing with larger datasets, organisations face challenges in being able to create,
manipulate and manage big data, in particular in business analytics where standard tools and
procedures are not designed to search and analyse massive datasets.
• issues of privacy, security, intellectual property and liability
• Paradoxically the personal data such as health and financial records that might be most
sensitive could arguably offer the most significant human benefits, such as helping identify the
right medical treatment or most appropriate financial product
CHAPTER-10 IT STRATEGY (20)

6.3. Artificial Intelligence

Artificial intelligence (AI) is a wide-ranging branch of computer science concerned with building
smart machines capable of performing tasks that typically require human intelligence. AI has many
branches like Robotics, Fuzzy Logic, Expert System etc.
6.3.1. Expert systems
An expert system is a computer program that is designed to solve complex problems and to provide
decisionmaking ability like a human expert. It performs this by extracting knowledge from its
knowledge base using the reasoning and inference rules according to the user queries

6.3.2. Major components of expert system

Knowledge base: It is a database of human experience, scenarios and detail information about the
subjects, gathered from various resources.
Inference rules: These are set of logical judgements applied to the knowledge base each time a user
describes a situation to the expert system.
User interface: It permits the end user to describe the problem or goal.

6.3.3. Capabilities of Expert system

Substituting human decision making Possessing human capabilities
Producing accurate output Refining knowledge
Advising Demonstrating
Diagnosing Explaining
Interpreting Predicting

6.3.4. Criteria for expert system

• A subject area which can be suitably defined.
• The problem cannot be solved through conventional transaction processing system.
• An expert who can provide the knowledge
• Users who know what they want and how they want to use it
• A knowledge engineer who can translate the expertise into facts and rules for the system
• A short but useful glossary of technical terms which may be encountered in the world of
expert systems is included
6.3.5. Advantages of ES
• It enables individuals who lack expertise in any subject to be able to make expert decisions
• It is accurate and offers advice on a consistent basis.
• It has flexibility to change input details to explore alternative solutions.
• It can handle several problems simultaneously through a multi-access system.
• Staff costs are reduced because less expert staff is required.
• It gives the opportunity to capture expertise before it is lost.
• Improved allocation of human resources as experts is able to concentrate on more complex
issues.
• Expert advice is available all the time.
CHAPTER-10 IT STRATEGY (21)

7. IT control

Section overview

◼ Threats to systems security

◼ General controls and application controls
◼ General controls in IT
◼ Application controls in IT
◼ COBIT (Control Objectives for Information and Related Technologies)
◼ Web Trust

7.1 Threats to system security

Business organisations rely on IT systems to function. For example, accounting and performance
management systems are often computerised, and likely contain large amounts of confidential data.
Computer systems need to be kept secure from errors, breakdown, unauthorised access and corruption.
Some of the major risks to IT systems are as follows:
• Human error. Individuals make mistakes. They may key incorrect data into a system. In
some cases, they may wipe out records, or even an entire file, by mistake. Human error is also
a common cause of lapses in system security – leaving computer terminals unattended is just
one example.

• Technical error. Technical errors in the computer hardware, the software or the
communications links can result in the loss or corruption of data.

• Natural disasters. Some computer systems may be exposed to risks of natural disasters, such
as damage from hurricanes, floods or earthquakes.

• Sabotage/criminal damage. Systems are also exposed to risk from criminal damage, or
simply theft. Risks from terrorist attack are well- publicised. Losses from theft and malicious
damage are much more common.

• Deliberate corruption. All computer systems are exposed to risk from viruses. Hackers may
also gain entry to a system and deliberately alter or delete software or data.

• The loss of key personnel with specialist knowledge about a system. For example, the risk
that a senior systems analyst will leave his job in the middle of developing a complex new
system.

• The exposure of system data to unauthorised users. For example hackers and industrial
espionage.
In addition, there are risks within the computer software itself:
• The software might have been written with mistakes in it, so that it fails to process all the data
properly.
• The software should contain controls as a check against errors in processing, such as human
errors with the input of data from keyboard and mouse. The software might not contain
enough in-built controls against the risk of input error and other processing errors.
CHAPTER-10 IT STRATEGY (22)

7.2 General controls and Application controls

General controls are applied to all IT systems and in particular to the development, security and use
of computer programs. Examples of general controls are:

• Physical security measures and controls

• Physical protection against risks to the continuity of IT operations

• General controls within the system software such as passwords, encryption software, and
software firewalls

• General controls over the introduction and use of new versions of a computer
program

• The application of IT Standards.

Application controls are specific controls that are unique to a particular IT system or IT application.
They include controls that are written into the computer software, such as data validation checks on
data input.

7.3 General IT controls

Physical access controls

• Putting locks on windows

• Using shatter proof glass
• Locating hardware where there is no risk flooding and other natural disasters
• Physical protection of cables
• Smoke detectors
• Back-up power generators
• Insurance to cover losses
Passwords
A computer password is defined as ‘a sequence of characters that must be presented to a computer
system before it will allow access to the systems or parts of a system’
Typically, a computer user is given a prompt on the computer screen to enter his password. Access to
the computer system is only permitted if the user enters the correct password.
Passwords can also be placed on individual computer files, as well as systems and programs.
To gain access to a system, it may be necessary to input both a user name and a password for the user
name. For example, a manager wanting to access his e- mails from a remote location may need to
input both a user name and the password for the user name.
CHAPTER-10 IT STRATEGY (23)

Problems of password system include:

• giving their passwords to other individuals who are not authorised to access the system.

• Choosing predictable passwords

• Writing down passwords that can be stolen

• Not regularly changing the password

Effective password control system includes:

• Passwords must be changed regularly

• Passwords must not be easy to guess

• Developing security culture in the organization

Encryption
Encryption involves the coding of data into a form that is not understandable to the casual reader. Data
can be encrypted (converted into a coded language) using an encryption key in the software.
A widely-used example of encryption is for sending an individual’s bank details via the Internet. An
individual buying goods or services from a supplier’s web site may be required to submit credit card
details. The on-line shopping system should provide for the encryption of the sender’s details (using a
‘public key’ in the software for the encryption of the message) and the decryption of the message at
the seller’s end (using a ‘private key’ for the decryption).

Preventing and detecting hackers

Various measures might help to prevent hacking into a system, or to detect when a hacker has gained
unauthorised access. However, the fight against hacking is never-ending, and computer users must be
alert at all times.
Controls to prevent or detect hacking include:

• Physical security measures to prevent unauthorised access to computer terminals

• The use of passwords

• The encryption of data

• Audit trails, so that transactions can be traced through the system when hacking is suspected

• Network logs, whereby network servers record attempts to gain access to the system

• Firewalls.

Firewalls
Firewalls are either software or a hardware device between the user’s computer and modem. Computer
users might have both.
A firewall:

• Will block suspicious messages from the Internet, and prevent them from entering the user’s
computer, and

• May provide an on-screen report to the user whenever it has blocked a message, so that the
user is aware of the existence of the messages.
CHAPTER-10 IT STRATEGY (24)

Computer viruses
Viruses are computer software that is designed to deliberately corrupt computer systems. Viruses can
be introduced into a system on a file containing the virus. A virus may be contained:

• In a file attachment to an e-mail or

• On a backing storage device such as a CD.

Term Description

Trojan A Trojan horse is a type of virus that disguises itself often hidden within
horses other software or files. Whilst the user thinks that the system is carrying
out one program, the Trojan horse secretly carries on another.

Worms This is corrupt data that replicates itself within the system, moving from
one file or program to another.

Trap A trap door is an entry point to a system that bypasses normal controls
doors to prevent unauthorised entry.

Logic This is a virus that is designed to start ‘working’ (corrupting the files or
bombs data processing) when a certain event occurs.

Time This is a virus that is designed to start ‘working’ (corrupting the files or
bombs data processing) on a certain date.

Denial of Rendering the system unusable by legitimate users – for example by

service overloading a website with millions of computer-generated queries

New viruses are being written continually. Some software producers specialise in providing anti-virus
software, which is updated regularly (perhaps every two weeks). This includes software for dealing
with the most recently-discovered viruses.
Anti-virus software is able to:

• Detect known viruses in a file

• Report the virus to the computer user

• Isolate the virus so that it is not able to corrupt software or data in the computer.

IT standards
A range of IT Standards have been issued. For example, the International Standards Organisation
(ISO) has issued IT security system standards. There are also IT Standards for the development and
testing of new IT systems.
7.4 Application controls in IT
Application controls are controls that are designed for a specific IT system. One example of
application controls is data validation. Data validation checks are checks on specific items of data that
are input to a computer system, to test the logical ‘correctness’ of the data.
CHAPTER-10 IT STRATEGY (25)

7.5 COBIT (Control Objectives for Information and Related Technologies)

Introduction

COBIT is an IT governance tool that has been of tremendous benefits to IT professionals and has
contributed immensely to effective control of information systems. Linking information technology
and control practices, COBIT consolidates and harmonises standards from prominent global sources
into a critical resource for management control professionals and auditors. As such, COBIT represents
an authoritative, up-to-date control framework, a set of generally accepted control objectives and a
complementary product that enables the easy application of the Framework and Control Objectives,
referred to as the Audit Guidelines.
COBIT applies to enterprise-wide information systems, including personal computers, mini-
computers, mainframes and distributed processing environments. It is based on the philosophy that IT
resources need to be managed by a set of naturally grouped processes in order to provide the pertinent
and reliable information which an organisation needs to achieve its objectives.
With the addition of the management guidelines, COBIT now supports self- assessment of strategic
organisational status, identification of actions to improve IT processes and monitoring of the
performance of these IT processes. Since the first edition of COBIT was released in 1997 it has been
sold and implemented in over 100 countries of the world.
Purpose of COBIT
The purpose of COBIT is to provide management and business process owners with an information
technology (IT) governance model that helps in understanding and managing the risks associated with
IT. COBIT helps to bridge the gaps between business risks, control needs and technical issues. It is a
control model to meet the needs of IT governance and ensure the integrity of information and
information system.
Users of COBIT
COBIT is used by:

• Anyone who has the primary responsibilities for business processes and technology
• those who depend on technology for relevant and reliable information
• those providing quality, reliability and control of information technology

Application of COBIT in business processes

COBIT is applied in business processes such as:

• procurement
• marketing
• sales
• sales
• finance and accounting

The process owners are responsible for the performance of their processes of which IT has become an
integral part. In other words, they are empowered, but also accountable. As a consequence, the
business process owners bear the final responsibility for the information technology as deployed
within the confines of business processes.
CHAPTER-10 IT STRATEGY (26)

The addition of the Management Guidelines in the third edition of COBIT provides management with
a new set of tools. These allow self-assessment in order to make choices for control implementation
and improvements over IT, measure the achievement of goals and the proper performance of IT
processes. The Management Guidelines include maturity models, critical success factors, key goal
indicators and key performance indicators to support managerial decision making.

COBIT components

COBIT, issued by the IT Governance Institute and now in its third edition, is increasingly
internationally accepted as good practice for control over information, IT and related risks. Its
guidance enables an enterprise to implement effective governance over the IT that is pervasive and
intrinsic throughout the enterprise. In particular, COBIT’s Management Guidelines component
contains a framework which responds to management’s need for control and measurability of IT by
providing tools to assess and measure the enterprise’s IT capability for the 34 COBIT IT processes.
The tools include:
• Performance measurement elements (outcome measures and performance drivers for all IT
processes)
• A list of critical success factors that provides succinct, non-technical best practices for each IT
process; and
• Maturity models to assist in benchmarking and decision-making for capability improvements.
COBIT comprises six specific components:
• Management Guidelines;
• Executive Summary;
• Framework;
• Control Objectives;
• Audit Guidelines; and
• Implementation Tool Set.

Management Guidelines
To ensure a successful enterprise, one has to effectively manage the union between business processes
and information systems. The Management Guidelines are composed of:

• Maturity models, to help determine the stages and expectation levels of control and compare
them against industry norms

• Critical Success Factors, to identify the most important actions for achieving control over the
IT processes

• Key Goal Indicators, to define target levels of performance; and Key Performance Indicators,
to measure whether an IT control process is meeting its objective.
These Management Guidelines will help answer the questions of immediate concern to all those who
have a stake in enterprise success.
Executive Summary
Sound business decisions are based on timely, relevant and concise information. Specifically designed
for time pressed senior executives and managers, COBIT includes an executive overview which
CHAPTER-10 IT STRATEGY (27)

provides thorough awareness and understanding of COBIT’s key concepts and principles. Also
included is a synopsis of the Framework providing a more detailed understanding of the concepts and
principles, while identifying COBIT’s four domains (Planning & Organisation, Acquisition &
Implementation, Delivery and Support, and Monitoring) and 34 IT processes.

Framework
A successful organisation is built on a solid framework of data and information. The Framework
explains how IT processes deliver the information that the business requires to achieve its objectives.
This delivery is controlled through 34 high-level control objectives, one for each IT process, contained
in the four domains. The Framework identifies which of the seven information criteria (effectiveness,
efficiency, confidentiality, integrity, availability, compliance and reliability), as well as which IT
resources (people, applications, technology, facilities and data) are important for the IT processes to
fully support the business objective.
Control Objectives
The key to maintaining profitability in a technologically changing environment is how well control is
maintained. COBIT’s Control Objectives provide the critical insight needed to delineate a clear policy
and good practice for Information Technology controls. Included are the statements of desired results
or purposes to be achieved by implementing the specific and detailed control objectives throughout the
34 Information Technology processes.

Audit Guidelines
To achieve desired goals and objectives one has to constantly and consistently audit one’s procedures.
Audit Guidelines outline and suggest actual activities to be performed corresponding to each of the 34
high level IT control objectives, while substantiating the risk of control objectives not being met. Audit
Guidelines are an invaluable tool for information system auditors in providing management assurance
and/ or advice for improvement.

Implementation Tool Set

Implementation Tool Set contains:
• Management Awareness and IT Control Diagnostics;
• Implementation Guide FAQs;
• Case studies from organisations currently using COBIT; and
• Slide presentations that can be used to introduce COBIT into organisations.
The Tool Set is designed to facilitate the implementation of COBIT, relate lessons learned from
organisations that quickly and successfully applied COBIT in their work environments, and lead
management to ask about each COBIT process: Is this domain important for our business objectives?
Is it well performed? Who does it and who is accountable? Are the processes and control formalised?

7.6 Web trust

Definition: Web Trust is a seal of assurance attached to a Website to assure users of its integrity and
safety.
Web Trust is a seal of best practices, and a new service jointly developed by the Canadian Institute of
Chartered Accountants (CICA) and the American Institute of Certified Public Accountants (AICPA).
CHAPTER-10 IT STRATEGY (28)

Web Trust enables consumers and businesses to purchase goods and services over the Internet with the
confidence that vendors' web sites have historically met specific high standards for privacy, security,
business practices, transaction integrity and more.

Three principles are used to evaluate a site:

• Business and information privacy practices
• Transaction integrity
• Information protection