Strategic information

system

Strategic information
system

An information system established

with the goal of creating
competitive advantage and
improving the competitive position
of an organization.

A strategic information system

supports and shapes the corporate
strategy of an organization.

Strategic roles of IS fall into one of

three categories:
1. working inward (improving a firms
internal processes and structure)
2. working outward (improving the
firms products and relationships with
customers) and
3. working across (improving its
processes and relationships with its
business partners)

Figure 3-1 Strategic Uses of Information Systems

Working Inward: Business-toEmployee

Building an Intranet
Fostering a Sense of Belonging

Working Outward: Business-toConsumer

Jumping to a New Experience Curve
Getting Closer to Customers
Being an Online Customer

Working Across: Business-toBusiness

Coordinating with Co-suppliers
Establishing Close and Tight
Relationships
Becoming a Customer-Centric
Value Chain
Getting Back-End Systems into
Shape

Innovation Strategy - Find new

ways of doing business

Develop new products & services

Enter new markets or marketing
segments
Establish new business alliances
Find new ways of producing
products/services
Find new ways of distributing
products/services

For knowledge management

system

Knowledge management has become one of the

major strategic uses of information technology.
Many companies are building knowledge
management systems to manage
organizational learning and business knowhow.
The goal of KMS is to help knowledge workers
create, organize, and make available important
business knowledge, wherever and whenever
its needed in an organization.
Internet and intranet web sites, groupware,
data mining, knowledge bases, discussion
forums, and videoconferencing are some of the
key information technologies for gathering,
storing, and distributing this knowledge.

Characteristics of KMS:

KMS are information systems that facilitate

organizational learning and knowledge
creation.
KMS use a variety of information
technologies to collect and edit information,
assess its value, disseminate it within the
organization, and apply it as knowledge to
the processes of a business.
KMS are sometimes called adaptive learning
systems. Thats because they create cycles
of organizational learning called learning
loops, where the creation, dissemination,
and application of knowledge produces an
adaptive learning process within a company.

KMS can provide rapid feedback to

knowledge workers, encourage behavior
changes by employees, and significantly
improve business performance.
As an organizational learning process
continues and its knowledge base
expands, the knowledge-creating company
integrates its knowledge into its business
processes, products, and services. This
makes it a highly innovative and agile
provider of high quality products and
customer services, and a formidable
competitor in the marketplace.

For managing business risk

(risk management)

In ideal risk management, a prioritization

process is followed whereby the risks with the
greatest loss and the greatest probability of
occurring are handled first, and risks with
lower probability of occurrence and lower loss
are handled in descending order.

The process can be very difficult, and

balancing between risks with a high
probability of occurrence but lower loss
versus a risk with high loss but lower
probability of occurrence can often be
mishandled.

Steps of Risk Management

1. Establishing the context

Identification of risk in a selected

domain of interest
Planning the remainder of the process.
Mapping out the following:

the social scope of risk management .

the basis upon which risks will be
evaluated, constraints.

Defining a framework for the

activity and an agenda for
identification.
Developing an analysis of risks
involved in the process.
Mitigation of risks using available
technological, human and
organizational resources.

2. Identification :
After establishing the context,
the next step in the process of managing risk
is to identify potential risks. Risks are about
events that, when triggered, cause problems.
Hence, risk identification can start with the
source of problems, or with the problem itself.
Source analysis : Risk sources may be
internal or external to the system that is
the target of risk management.
Examples of risk sources are: stakeholders
of a project, employees of a company or the
weather over an airport.

Problem analysis: Risks are related to

identified threats. For example: the
threat of losing money, the threat of
abuse of privacy information or the
threat of accidents and casualties.
The threats may exist with various
entities, most important with
shareholders, customers and
legislative bodies such as the
government.

3. Assessment
Once risks have
been identified, they must then
be assessed as to their potential
severity of loss and to the
probability of occurrence.

4. Potential risk treatments

Once risks have

been identified and assessed, all
techniques to manage the risk fall into
one or more of these four major
categories:
Avoidance (eliminate)
Reduction (mitigate)
Sharing (outsource or insure)
Retention (accept and budget)

5. Create a risk-management plan

Select appropriate controls or

countermeasures to measure each risk.
Risk mitigation needs to be approved by
the appropriate level of management.
For example, a risk concerning the image
of the organization should have top
management decision behind it whereas
IT management would have the authority
to decide on computer virus risks.

6.Implementation

Follow all of the planned methods

for mitigating the effect of the risks.
Purchase insurance policies for the
risks that have been decided to be
transferred to an insurer, avoid all
risks that can be avoided without
sacrificing the entity's goals, reduce
others, and retain the rest.

7. Review and evaluation of the

plan

Risk
analysis results and management plans
should be updated periodically. There are
two primary reasons for this:
to evaluate whether the previously selected
security controls are still applicable and
effective
to evaluate the possible risk level changes
in the business environment. For example,
information risks are a good example of
rapidly changing business environment.