Companies typically buy software licenses for packages they use for their operation.
What should a software license cover and what should companies check in their set-ups
so as not to infringe on copyright law? (8 marks)
A risk is a quantified assessment of potential loss. Where risk cannot be totally avoided it must be
managed. What does risk management entail? (6 marks)
A threat is a potential danger to a component of the information system that may
modify or destroy it. Identify the special characteristics of computer systems that cause
extra problems for control over systems. (6 marks)
A software license typically covers:
Number of authorised users;
- Modifications allowable without manufacturer consent; § Circumstances for termination; and
- The limitation of liability.
So as not to infringe copyright, organisations should:
Make sure they receive and keep licenses;
- Track the number of users accessing licensed programs;
- Periodically check computers for unlicensed software; § Buy from reputable dealers;
- Require itemised invoices giving details of hardware and software supplied.
Risk management entails:
- Risk assessment. This involves identification of risks, quantification of risks and placing of risks in order of potential loss.
- Risk minimisation. This involves identification, costing, selection and implementation of countermeasures together with contingency planning. –
Risk transfer (insurance). The risks that cannot be covered by security measures should be insured against.
The special characteristics of computer systems that cause extra problems for control over systems include:
Large volumes of data are concentrated in files that are physically small.
- Enormous quantities of data are processed without human intervention.
- It is easy to lose data on file.
- Unauthorised people can gain access to data on file.
- Information on a computer file can be changed without leaving a physical trace
- Define contingency planning and outline the contents of a contingency plan.
- In ensuring control over the IS department resources, the company can adopt physical or logical access controls. With appropriate examples, explain the two forms of control.
|c)Define the following terms as they related to information systems.||(6 marks)|
- QUESTION TWOA contingency is an unscheduled interruption of computing services that requires measures outside the day to day routine operating procedures. A contingency plan must provide for standby procedures to continue operations, recovery procedures to correct the breakdown and personnel management policies for the procedures.
Contents of a contingency plan include:
- Definition of responsibilities.
- Setting priorities.
- Back-up and standby arrangements.
- Communication with staff. § Public relations.
- Risk assessment.
This ensures intruders do not get near computer equipment or storage media.
Methods of controlling human access include:
Personnel (security guards)
- Mechanical devices (lock and keys)
Electronic identification (card swipe systems, keypad systems)
Logical access systems
These are controls designed to prevent those who have access to a terminal or computer from gaining access to data or software. A logical access system performs three operations when access is requested:
Identification of the user.
- Authentication of the user identity.
- Check on user authority.
Logical access is accomplished through:
- Password systems
- Encryption – Biometrics
A password is a set of characters, which may be allocated to a user, terminal or facility which are required to be keyed into the system before further access is permitted. Passwords should be kept secret, changed regularly and should not be obvious.
Data transmitted over telecommunication links or networks suffers three security dangers:
- Unauthorised access by eavesdroppers.
- Direct intervention by an impostor who sends false messages down the line.
Encryption involves scrambling the data at one end of the line, transmitting the scrambled data and unscrambling (decrypting) it at the receiving end of the line.
Authentication involves making sure that the message has come from an authorised user by the addition of an extra identification field to the message.
Biometrics- use of human biological features e.g retina, sound, to identify orauthenticate individuals accessing the system.
- Hackers and Viruses
A hacker is a person who attempts to invade the privacy of a system. A virus is a piece of software that invades programs or data, and which replicates itself and causes harm to data or the IS.
Viruses are written by programmers and are usually placed in:
- Pirated software. § Games software.
Examples of viruses are:
- TROJANS . This is a program that while visibly carrying out one function, secretlycarries out another.
- WORM. This is a program that replicates itself inside a computer system. §
- TRAP DOORS. These are undocumented entry points into the system to whichmalicious code can be attached.
- LOGIC BOMBS. These are pieces of code triggered by a certain event.
- TIME BOMBS. These are pieces of code triggered by a certain date.
Protection against viruses includes:
- Guarding against introduction of unauthorised software.
§ Cleaning of disks before downloading.
QUESTION THREE a)State the characteristics of a quality software product (6 marks) b)Explain the following terms as they relate to systems development: i) Quality management (2 marks) ii)Quality assurance (2 marks) iii)Quality control (2 marks)
Contingency planning The two forms of control Physical access contro
- In assessing the economic feasibility of MIS projects, it is important to identify the costs and benefits of New Systems. Identify Costs and benefits of new systems (8 marks)
- QUESTION THREE
- Shareability; and
- Quality management, quality assurance and quality control
Quality management is concerned with controlling activities so as to ensure that products or services are fit for their purposes and meet specifications.
Quality assurance focuses on the way a system is produced. Procedures and standards for development are of key concern.
Quality control is concerned with checking and review work done.
Quality management involves:
- Planning. Standards and procedures formulated;
- Devising suitable instruments and techniques to monitor actual quality;
- Comparison of actual and planned quality; § Control action for any variances; and
- Review of plans and standards for continuous improvement.
- Costs and benefits of new systems Costs of a new system
- Installation costs. Room set-up
- Development costs- Consultancy fee, changeover.
- Personnel costs. Training, recruitment, redundancy.
- Operating costs. Maintenance, accommodation, power, insurance etc
Benefits from the new system include:
The characteristics a quality software product include:
- Savings from ceasing operations of the old system.
- Savings from using the new system. § One-off revenue benefits.
- Intangible benefits like better customer satisfaction or improved staff morale.
Explain the following tools for documenting and modelling user requirements
Entity-relationship diagrams (ERDs) (3 marks)
Entity Life Histories (3 marks)
- What are the desirable characteristics of a user-friendly system(6 marks)
- Common computer outputs include printed reports and on screen reports. Explain the
main classifications of reports. (8 marks)
- Entity-relationship diagrams (ERDs)
An ERD is a graphical model that shows relationships among system entities § Each entity is a rectangle, labelled with a noun
- Each relationship is a diamond, labelled with a verb
Types of relationships
- One-to-many (1:M)
- Many-to-many (M:N)
A full ERD shows all system relationships
- Entity Life Histories
Each entity identified on the ERM contains a specific set of attributes. During the existence of each entity-occurrence these attributes are given a value that may be updated many times until eventually the whole entity-occurrence is deemed not to be of any more interest to the system and is ‗killed off‘ or archived. Thus, each entity-occurrence has a life of its own that follows a set pattern common to every occurrence of the entity it belongs to and which has to be ‗discovered‘ by the analysts. The Entity Life History (ELH) is a diagram where the possible life of each occurrence within an entity, from its creation to its deletion, is recorded.
- Desirable characteristics of a user-friendly system
Ease of data entry;
- Consistent design;
- On-screen help;
- On-screen prompts and dialog boxes; § Ability to back-track; and
- Common computer outputs include printed reports and on screen reports.
Explain the main classifications of reports. Reports can be classified by content
- Detail reports
- Exception reports § Summary reports
- Provide the most information
- At least one line of output is produced for each record processed
- Detail reports can be quite lengthy
Show only records that meet a specific condition
- Useful when particular information is required
Special parameter queries can be used to select only the records that meet specified conditions
Show only subtotals and totals
p Useful for upper-level managers who do not require extensive detail
Reports also can be classified by distribution § Internal reports § External reports
Distributed within the organisation
- Usually printed on stock paper
- Blank, single ply, standard size
- Less expensive
- Can be used for many types of reports
Distributed outside the organisation
- Might include statements, invoices, or pay cheques
- Usually printed on special forms
- More expensive than stock paper
- Paper must be changed for each report printing job
- Multi-part forms must be separated or decollated
- Special forms can use pre-printed graphics and logos
- Special applications, such as checks, require special forms
Factors to consider:
- Types of printers
- Print volume calculations
- Print-time calculations
- The systems implementation stage of SDLC involves getting the new system into use as smoothly and quickly as possible. Briefly explain the main activities in the
implementation stage. (12 marks)
- Fourth Generation Languages (4GLs) make rapid applications development faster for
many programmers. What are 4GLs? (2 marks)
- It has been suggested that for any business to derive strategic advantage from information systems there has to be alignment between the business strategy and the
IS/IT strategy. Define what a business strategy for IT is and show why it is important
for organisations to have an IS/ IT strategy. (6 marks)
- The stages of implementation are:
- Hardware and software acquisition
Hardware and software acquisition
This involves buying required hardware and software. Need ITT
Aimed at maximising staff utilisation of the system. If you want to maximise your investment in new systems you will need to invest in staff training to ensure staff can
maximise their utilisation of that system. There are a number of keys to good training.
- Plan the training to be as close as possible to live usage so that members of staff do not get the chance to forget what they have learned.
- Get the design team to produce user documentation for the training course. User manuals are necessary.
- Who are you going to get to do the training for you? If the systems are supplied externally then the software house will be best, though for common ‗off-the-shelf‘ pack-ages there will be a number of cheaper computer training specialists.
At this stage the new system will be physically installed into the firm‘s premises. This requires careful management:
It will need to be addressed early in the systems development work as it may have a long
- leadbuilding alterations;-time. For instance it may be necessary to obtain planning permission for any
- It is very easy to overlook simple things like ensuring you have sufficient power points, desk space, filing cabinets and so on;
It requires close consultation with all of the interested parties i.e. hardware and software suppliers, communication services providers, builders, users and so on.
Now that the new system is physically located on the premises the next stage is to load the correct standing data and opening balances onto the new system.
This will take two forms:
1 Test data posted to the new system prior to live use to check it will processaccurately. A (now poverty stricken) MP said recently ―Asking Lloyds to self regulate Lloyds is like asking the Mafia to self regulate the
Mafia‖. When designing the test data take care that the programmers are not designing it — it is their work you are testing. The users or, if available, Internal
Audit are best.
Periods of acceptance testing where there will be careful testing of live transactions in the early periods of use. The principle of acceptance testing is that the system is only completed when the users accept it is functioning properly.
The four changeover options are direct, pilot, phased and parallel running:
Direct changeover .
The immediate replacement of the old system by the new. Often this is your only choice
— there may not be office space to run both systems or you may be using new softwareon your existing hard-ware. It is to be positively recommended where the new system is based on an established off-the-shelf solution. As long as staff has been trained and the system has been tested it should work well.
A distinct part of the new system is brought into use and, once tested, will be brought into use immediately elsewhere. This is particularly useful in distributed systems where you can pilot the new system in, say, the Leeds office and once it is working bring it into
use in all other offices with immediate effect. Another type of pilot is known as ‗Restricted Data Running‘ where, say, customers A-D are processed on the new systemand once functioning properly all customers will be processed on it. In effect with pilot implementation you are selecting a typical part of the organisation and testing the new system within it using live, rather than test, data.
This is another popular option but it is more time-consuming than both direct and pilot. Here you will gradually introduce distinct parts of the new system. You can use either local offices in a wide area network — say, Nairobi in August, Mombasa in September, Eldoret in October and so on, or distinct software modules — say, payroll in August, stock control in September, word-processing in October. One advantage of phased implementation is cash-flow — you can spread the cost out over the phases, however it will cause disruption within the business as different parts of it are using different, often incompatible, systems.
This is often assumed to be the best option. Certainly error detection is excellent as there is direct comparison of information between the old and new systems. It is however very costly and if your staff don‘t complain about being overworked during a parallel run then you are over staffed! It should be used only for ‗business critical‘ systems where the cost of failure would be high.
- 4GLs These are non-procedural languages used in the quick development of software applications.
Features and functions that a Fourth Generation Language may provide: § Query and report generators. § Application generators.
- Business strategy for IT
A business strategy is an action plan detailing the long-term plans and direction for an organisation. Based on the organisations mission statement, a series of long-term objectives are developed to ensure the organisation can meet its mission (reason for being).
Why is it important for organisations to have an IT strategy?
- To ensure a firm foundation on which to build future developments;
- To ensure the organisation is led by its requirements, rather than the technology;
- To ensure technology assumes its proper place as a tool; § Toclarify what IT will contribute to the organisation;
To ensure that the company invests in appropriate solutions and are clear about the costs and
To ensure the full benefits of any investment are realised;
- To avoid unexpected expenditure and the diversion of energy and resources;
- To avoid changing working practices just
- to suit the technology;
- To avoid inefficient and overly complex procedures;
- To ensure a smooth transition from one system to another;
- To ensure clear procedures for the monitoring, evaluation, review and revision; and
To minimise problems, ensure appropriate fault tolerance, fault recovery procedures and contingency planning.
- QUESTION SIX
- Project management software can offer useful tool for managing projects.i)Identify the functions of project management software(4 marks)ii)What are the typical inputs required for the software?(4 marks)iii)Outline the major merits and demerits of using a project management software in
the project management process (6 marks) b) Outline the key steps in the systems acquisition process (6 marks)
- Project management software
- Features and functions of project management software PM software e.g. Microsoft Project may be used for:
Planning. Network diagrams and Gantt charts
- Estimating. Trend analysis, statistical estimations etc.
Monitoring. Comparison of actual against budgeted performance and plan updates.
Reporting. Standard and customised progress reports.
- Typically 4 inputs are required for PM software:
Length of time required for each activity
- Logical relationships between activities § Available resources
- When resources are available
Merits and demerits of using PM software package in the project management process Advantages:
- Quick re-planning
- Document quality
- Constant progress tracking
- What if analysis
Difficulty in use
- Loss of project focus/time
- Key steps in the systems acquisition process Identify the key features of the system
- Estimate volume and future growth
Specify any hardware constraints
- Prepare an ITT/ a request for proposal or quotation
- Contact potential vendors
Assess vendor responses
- Choose vendor (s)
- Contract signing (service level agreement)
Steps in Evaluation and Purchase of Computer Hardware and Software
A – Feasibility Document
- Hardware and software Requirement
- Request for Proposal
D – Proposals
- Accepted proposals
- Purchase Order
(Source: Hicks, James Information Systems for Managers pg 497)
- Before systems are put into organisational use, they should be well tested to ensure that the system being delivered is working as expected before it is implemented.
- What factors would determine the scope of system testing? (4 marks)
- Who are involved in the testing process? (3 marks)
- What do you consider to be limitations of software testing? (5 marks)
- Decision support systems (DSS) are ISs that support managers in arriving at decisions in
semi-structured problems. State any FOUR characteristics of DSS. Identify too the
THREE main components of the DSS. (8 marks)
- a) Software testing
- i) The scope of the software test depends on:
Criticality of the system– if very critical would require thorough tests
- Complexity (scope)- more complex more tests
- Size of system- number of modules will dictate the duration and type of tests
- Whether the system is stand alone or interfacing with other systems
- People involved in system testing
- User representative
- Operations manager/ management representative
- Limitations of software testing
- Test data may not test all the possible types or values of data input that may occur within a system
There may be a problem of ensuring that all error messages contain adequate explanation to the errors that occur. Many error messages are quite
- understandable to the program writer but not necessarily to the program userg. error 43201 … may not be discernible for the user –
- complex may not cover all the functionality of the system especially if it is large and The test plan
Testing process may be inadequately documented – due to human error or lack of complete documentation
- Inappropriate focus to the testing
- The software may be tested to check what it should do rather than what it should not do
- No good past experience for software testing (no rule of thumb)
- Software is logical not physical thus it requires rational thinking
- system testing can be complex and costly
Characteristics of DSS:
The DSS support managers in their work decision making. They overlay both data processing systems and office support systems and acquire their basic data from routine transaction processing
DSS have the following characteristics:
- DSS are developed with the participation of and often, by individual managers or a group of managers to support a range of decisions of concern to them.
- DSS directly support the decision making process. DSS are able to support unstructured problems where the manager interacting with the system supplies semi- structured decisions in which some of the dependencies between factors and their consequences are expressed by models and some parts. Best suited for semi-structured problems where parts of the analysis can be computerised while still the decision marker‘s judgements and insight is needed to control the process. Tailoring to their needs.
- Provide analytical capabilities expressed in DSS models and this is the reason for the existence of these systems. This entails projecting possible future
during a planning process. 2 principle modes of analysis are available. The
―what if ‖ mode, where the users consider alternative scenarios and their results and the goal seeking mode, the user asks, ―what would it
take- in terms of input, factors to achieve a particular performance?‖ iv) In DSS, graphics are usually available to portray a decision situation made with a lot of scrutiny then it can be done with a tabular display of data. graphical presentations
- They combine internal and external information in supporting d-m.
- The computer provides support but does not replace the decision makers
(manager‘s) judgement. It doesn‘t provide pre-determined solutions.
- Common where effective problem solving is enhanced by interaction between the computer and the manger.
- Helpful to top level managers who have little time for detail – summaries.
Components of DSS:
- The data management subsystem/ Database:
The data management subsystem of a DSS relies on a variety of internal and external databases. The power of DSS derives from their ability to provide easy access to data.
- Model Management Subsystem/ Models:
The power of DSS pressed on the user ability to apply quantitative, mathematical models to data. Models have different areas of application and come from a variety of
- Dialogue Management Subsystem/ User Interface:
Along with DSS‘s ability to apply models to large volumes of data from a variety of sources, a single advantage of DSS is the user friendly and flexible interface between the decision-maker and such a system.
- The computerisation process of the Strath-Times Investments has been estimated in the table provided.
|ACTIVITY||DURATION (weeks)||PREDECESSOR||Normal cost (KSh.)|
- Draw a network chart (CPM) and determine the critical path and duration of the
project. (10 marks) ii) Given that the company experiences an additionalweekly site cost of Ksh.400,compute the total cost of the project.(4 marks)
- Strath-Times Investments has decided to develop its own programs in-house.
Theinitial cost of the project is estimated at Ksh. 200,000.
If the estimated cash flow from the time of implementation of the system is estimated at Ksh. 120,000; 60,000; and 120,000 respectively, compute the payback period and netpresent value (NPV) of the project. The current cost of capital is 12%. Comment on the viability of the project. (6 Marks)
- Critical path = MDKLFG Duration = 35 days
- Total cost
Cost of normal activities = 35,900
Additional site costs = 400×35 days = 14, 000 Therefore, total cost = 35400+14000
= Sh. 49,900
|Year||Cash in||PVFactor (12%)||PV|
Payback period= 2+(20000-
180000)/120000 =2.167 yrs
The project pays back in a relatively short period of time.
It has a large positive NPV. Given that it is prudent to invest in projects whose NPV is greater than 0, thus the project is viable.