Chat with us, powered by LiveChat Two questions need help with Question 1 Unit VII Journal Read Chapter 11 Instructions If yo | Max paper

Two questions need help with

Question 1

Unit VII Journal

Read Chapter 11


If you were the manager of the project from the data integration scenario for the IoT medical devices at the beginning of Chapter 11, would you approve the decision to use an offshore contractor to outsource the development of this? Why would you make this decision?

Your journal entry must be at least 200 words in length. No references or citations are necessary.

Questions 2

Unit VII Case Study


As a manager of an organization, you will often need to find ways to cut costs. One way to cut costs is to outsource by hiring another organization to perform the service. Consider the following scenario:

As a manager for the public outreach department, you realize that the current system for managing outreach issues is outdated. You would like to have a new outreach system developed using the Cloudera platform to help manage ‘big data.’ However, no one in the organization has the expertise. You will have to outsource the project to save on costs and avoid management problems. Two companies have sent in a bid, one from Vancouver, Canada and one from Mumbai, India. The bid from India was slightly lower than the bid from Canada. Compose a response that includes the following elements:

Define what is meant by outsourcing.

Explain how Peter Drucker’s statement (covered in the textbook) about how one company’s back room is another company’s front room pertains to outsourcing. Use an example.

Summarize the management advantages, cost reduction, and risk reduction of outsourcing.

Summarize the outsourcing risks concerning control, long-term costs, and exit strategy.

Discuss which company you would outsource to and why. Does distance matter?

Your case study must be at least two pages long, and you must use at least two references as a source for your essay. See the Suggested Unit Resources section for some sample articles on outsourcing. Be sure to cite all sources used in APA format and format your essay in APA style.

Lesson Preview


Information systems are critical to organizational success and, like all critical assets, need to be managed responsibly. In this lesson, we will survey the management of IS and IT resources. We begin by discussing the major functions and the organization of the IS department. Then we will consider planning the use of IT/IS. Outsourcing is the process of hiring outside vendors to provide business services and related products. For our purposes, outsourcing refers to hiring outside vendors to provide information systems, products, and applications. We will examine the pros and cons of outsourcing and describe some of its risks. Finally, we will conclude this lesson by discussing the relationship of users to the IS department. In this last section, you will learn both your own and the IS department’s rights and responsibilities. We continue this discussion in 2031 with new challenges: the gig economy and automated labor.

Q11-1 What Are the Functions and Organization of the IS Department?


The major functions of the information systems department1 are as follows:

Plan the use of IS to accomplish organizational goals and strategies.

Manage outsourcing relationships.

Protect information assets.

Develop, operate, and maintain the organization’s computing infrastructure.

Develop, operate, and maintain applications.

We will consider the first two functions in Q11-2 and Q11-3 of this lesson. The protection function was the topic of Lesson 10. The last two functions are important for IS majors but less so for other business professionals; therefore, we will not consider them in this text. To set the stage, consider the organization of the IS department.

How Is the IS Department Organized?


Figure 11-1 shows typical top-level reporting relationships. As you will learn in your management classes, organizational structure varies depending on the organization’s size, culture, competitive environment, industry, and other factors. Larger organizations with independent divisions will have a group of senior executives such as those shown here for each division. Smaller companies may combine some of these departments. Consider the structure in Figure 11-1 as typical.

Figure 11-1: Typical Senior-Level Reporting Relationships
The title of the principal manager of the IS department varies from organization to organization. A common title is chief information officer, or CIO. Other common titles are vice president of information services, director of information services, and, less commonly, director of computer services.

In Figure 11-1, the CIO, like other senior executives, reports to the chief executive officer (CEO), though sometimes these executives report to the chief operating officer (COO), who, in turn, reports to the CEO. In some companies, the CIO reports to the chief financial officer (CFO). That reporting arrangement might make sense if the primary information systems support only accounting and finance activities. In organizations such as manufacturers that operate significant nonaccounting information systems, the arrangement shown in Figure 11-1 is more common and effective.

The structure of the IS department also varies among organizations. Figure 11-1 shows a typical IS department with four groups and a data administration staff function.

Most IS departments include a Technology office that investigates new information systems technologies and determines how the organization can benefit from them. For example, today many organizations are investigating social media and elastic cloud opportunities and planning how they can use those capabilities to better accomplish their goals and objectives. An individual called the chief technology officer, or CTO, often heads the technology group. The CTO evaluates new technologies, new ideas, and new capabilities and identifies those that are most relevant to the organization. The CTO’s job requires deep knowledge of information technology and the ability to envision and innovate applications for the organization.

The next group in Figure 11-1, Operations, manages the computing infrastructure, including individual computers, in-house server farms, networks, and communications media. This group includes system and network administrators. As you will learn, an important function for this group is to monitor the user experience and respond to user problems.

The third group in the IS department in Figure 11-1 is Development. This group manages the process of creating new information systems as well as maintaining existing ones.

The size and structure of the development group depend on whether programs are developed in-house. If not, this department will be staffed primarily by business and systems analysts who work with users, operations, and vendors to acquire and install licensed software and to set up the system components around that software. If the organization develops programs in-house, then this department will include programmers, test engineers, technical writers, and other development personnel.

The last IS department group in Figure 11-1 is Outsourcing Relations. This group exists in organizations that have negotiated outsourcing agreements with other companies to provide equipment, applications, or other services. You will learn more about outsourcing later in this lesson.

Figure 11-1 also includes a Data Administration staff function. The purpose of this group is to protect data and information assets by establishing data standards and data management practices and policies.

There are many variations on the structure of the IS department shown in Figure 11-1. In larger organizations, the operations group may itself consist of several different departments. Sometimes, there is a separate group for data warehousing and data marts.

As you examine Figure 11-1, keep the distinction between IS and IT in mind. Information systems (IS) exist to help the organization achieve its goals and objectives. Information systems have the five components we have discussed throughout this text. Information technology (IT) is simply technology. It concerns the products, techniques, procedures, and designs of computer-based technology. IT must be placed into the structure of an IS before an organization can use it.

Security Officers


After Target Corp. lost 98 million customer accounts, it created a new C-level security position to help prevent these types of losses.2 Many organizations reeling from large-scale data breaches are creating similar executive security positions. A chief security officer, or CSO, manages security for all of the organization’s assets: physical plant and equipment, employees, intellectual property, and digital. The CSO reports directly to the CEO. A chief information security officer, or CISO, manages security for the organization’s information systems and information. The CISO reports to the CIO.

Both positions involve the management of staff, but they also call for strong diplomatic skills. Neither the CSO nor the CISO has line authority over the management of the activities he or she is to protect and cannot enforce compliance with the organization’s security program by direct order. Instead, they need to educate, encourage, even cajole the organization’s management into the need for compliance with the security program (discussed in Lesson 10).

What IS-Related Job Positions Exist?


IS departments provide a wide range of interesting and well-paying jobs. Many students enter the MIS class thinking that the IS departments consist only of programmers and tech support engineers. If you reflect on the five components of an information system, you can understand why this cannot be true. The data, procedures, and people components of an information system require professionals with highly developed interpersonal communications skills.

Figure 11-2 summarizes the major job positions in the IS industry. With the exception of tech support engineers and possibly test QA engineers, all of these positions require a 4-year degree. Furthermore, with the exception of programmer and test QA engineer, they all require business knowledge. In most cases, successful professionals have a degree in business. Note, too, that most positions require good verbal and written communications skills. Business, including information systems, is a social activity.

Figure 11-2: Job Positions in the Information Systems Industry



Knowledge, Skill, and Characteristics Requirements

Technical sales

Sell software, network, communications, and consulting services.

Quick learner, knowledge of product, superb professional sales skills.

Technical writer

Write program documentation, help-text, procedures, job descriptions, and training materials.

Quick learner, clear writing skills, high verbal communications skills.

Network administrator

Monitor, maintain, fix, and tune computer networks.

Diagnostic skills, in-depth knowledge of communications technologies and products.

Tech support engineer

Help users solve problems and provide training.

Communications and people skills. Product knowledge. Patience.

Systems analyst

Work with users to determine system requirements, design and develop job descriptions and procedures, and help determine system test plans.

Strong interpersonal and communications skills. Knowledge of both business and technology. Adaptable.


Design and write computer programs.

Logical thinking and design skills, knowledge of one or more programming languages.

Business intelligence analyst

Collaborate with cross-functional teams on projects, and analyze organizational data.

Excellent analytical, presentation, collaboration, database, and decision making skills.

Business analyst, IT

Work with business leaders and planners to develop processes and systems that implement business strategy and goals.

Knowledge of business planning, strategy, process management, and technology. Can deal with complexity. Sees the big picture but works with the details. Strong interpersonal and communications skills needed.

Test QA engineer

Develop test plans, design and write automated test scripts, and perform testing.

Logical thinking, basic programming, superb organizational skills, eye for detail.

Database administrator

Manage and protect database.

Diplomatic skills, database technology knowledge.

Consultant, IT

Wide range of activities: programming, testing, database design, communications and networks, project management, security and risk management, social media, and strategic planning.

Quick learner, entrepreneurial attitude, communications and people skills. Responds well to pressure. Particular knowledge depends on work.

Manager, IT

Manage teams of technical workers and manage the implementation of new systems

Management and people skills, critical thinking, very strong technical skills.

Project manager, IT

Initiate, plan, manage, monitor, and close down projects.

Management and people skills, technology knowledge. Highly organized.

Chief technology officer (CTO)

Advise CIO, executive group, and project managers on emerging technologies.

Quick learner, good communications skills, business background, deep knowledge of IT.

Chief information officer (CIO)

Manage IT departments and communicate with executive staff on IT- and IS-related matters. Member of the executive group.

Superb management skills, deep knowledge of business and technology, and good business judgment. Good communicator. Balanced and unflappable.

Chief information security officer (CISO)

Manage IS security program, protect the organization’s information systems and information, and manage IS security personnel.

Deep knowledge of security threats, protections, and emerging security threat trends. Excellent communication and diplomacy skills. Good manager.

Median salaries and approximate salary ranges for the positions discussed in Figure 11-2 are shown in Figure 11-3.3 According to the U.S. Social Security Administration, the median salary in 2018 for the average U.S. worker was $32,838.4 Salary ranges for CTO, CIO, and CISO are higher than the other positions because they require many more years of experience.

Figure 11-3: Salaries for Information Systems Jobs
Salaries for information systems jobs have a wide range. Higher salaries are for professionals with more experience, working for larger companies, and living in larger cities.5 Do not expect to begin your career at the high end of these ranges. As noted, all salaries are for positions in the United States and are shown in U.S. dollars.

(By the way, for all but the most technical positions, knowledge of a business specialty can add to your marketability. If you have the time, a dual major can be an excellent choice. Popular and successful dual majors are accounting and information systems, marketing and information systems, and management and information systems.)

Knowledge Check

Q11-2 How Do Organizations Plan the Use of IS?


We begin our discussion of IS functions with planning. Figure 11-4 lists the major IS planning functions.

Figure 11-4: Planning the Use of IS/IT

· Align information systems with organizational strategy; maintain alignment as organization changes.

· Communicate IS/IT issues to executive group.

· Develop/enforce IS priorities within the IS department.

· Sponsor steering committee.

Align Information Systems with Organizational Strategy


The purpose of an information system is to help the organization accomplish its goals and objectives. In order to do so, all information systems must be aligned with the organization’s competitive strategy.

Recall the four competitive strategies from Lesson 2. The first two strategies are that an organization can be a cost leader either across an industry or within an industry segment. Alternatively, for the second two strategies, an organization can differentiate its products or services either across the industry or within a segment. Whatever the organizational strategy, the CIO and the IS department must constantly be vigilant to align IS with it.

Maintaining alignment between IS direction and organizational strategy is a continuing process. As strategies change, as the organization merges with other organizations, as divisions are sold, IS must evolve along with the organization. As you will learn in Lesson 12, maintaining that alignment is an important role for business process management and for COBIT (Control Objectives for Information and related Technology), in particular.

Unfortunately, however, adapting IS to new versions of business processes is neither easy nor quick. For example, switching from in-house hosting to cloud hosting requires time and resources. Such a change must also be made without losing the organization’s computing infrastructure. The difficulty of adapting IS is often not appreciated in the executive suite. Without a persuasive CIO, IS can be perceived as a drag on the organization’s opportunities.

Communicate IS Issues to the Executive Group


This last observation leads to the second IS planning function in Figure 11-4. The CIO is the representative for IS and IT issues within the executive staff. The CIO provides the IS perspective during discussions of problem solutions, proposals, and new initiatives.

For example, when considering a merger, it is important that the company consider integration of information systems in the merged entities. This consideration needs to be addressed during the evaluation of the merger opportunity. Too often, such issues are not considered until after the deal has been signed. Such delayed consideration is a mistake; the costs of the integration need to be factored into the economics of the purchase. Involving the CIO in high-level discussions is the best way to avoid such problems.

Develop Priorities and Enforce Them Within the IS Department


The next IS planning function in Figure 11-4 concerns priorities. The CIO must ensure that priorities consistent with the overall organizational strategy are developed and then communicated to the IS department. At the same time, the CIO must also ensure that the department evaluates proposals and projects for using new technology in light of those communicated priorities.

Read more about the perspective of a senior data officer in the Career Guide.

Technology is seductive, particularly to IS professionals. The CTO may enthusiastically claim, “By moving all our reporting services to the cloud, we can do this and this and this …” Although the statement might be true, the question that the CIO must continually ask is whether those new possibilities are consistent with the organization’s strategy and direction.

Thus, the CIO must not only establish and communicate such priorities but enforce them as well. The department must evaluate every proposal, at the earliest stage possible, as to whether it is consistent with the organization’s goals and aligned with its strategy.

Furthermore, no organization can afford to implement every good idea. Even projects that are aligned with the organization’s strategy must be prioritized. The objective of everyone in the IS department must be to develop the most appropriate systems possible, given constraints on time and money. Well-thought-out and clearly communicated priorities are essential.

Sponsor the Steering Committee


The final planning function in Figure 11-4 is to sponsor the steering committee. A steering committee is a group of senior managers from the major business functions that works with the CIO to set the IS priorities and decide among major IS projects and alternatives.

The steering committee serves an important communication function between IS and the users. In the steering committee, information systems personnel can discuss potential IS initiatives and directions with the user community. At the same time, the steering committee provides a forum for users to express their needs, frustrations, and other issues they have with the IS department.

Typically, the IS department sets up the steering committee’s schedule and agenda and conducts the meetings. The CEO and other members of the executive staff determine the membership of the steering committee.

Knowledge Check

Q11-3 What Are the Advantages and Disadvantages of Outsourcing?


Outsourcing is the process of hiring another organization to perform a service. Outsourcing is done to save costs, to gain expertise, and to free management time.

The father of modern management, Peter Drucker, is reputed to have said, “Your back room is someone else’s front room.” For instance, in most companies, running the cafeteria is not an essential function for business success; thus, the employee cafeteria is a “back room.” Google wants to be the worldwide leader in search and mobile computing hardware and applications, all supported by ever-increasing ad revenue. It does not want to be known for how well it runs cafeterias. Using Drucker’s sentiment, Google is better off hiring another company, one that specializes in food services, to run its cafeterias.

Because food service is some company’s “front room,” that company will be better able to provide a quality product at a fair price. Outsourcing to a food vendor will also free Google’s management from attention on the cafeteria. Food quality, chef scheduling, plastic fork acquisition, waste disposal, and so on, will all be another company’s concern. Google can focus on search, mobile computing, and advertising-revenue growth.

Outsourcing Information Systems


Outsourcing information systems can reduce costs, but it can also create ethical dilemmas. For more on outsourcing issues, read the Ethics Guide.

Many companies today have chosen to outsource portions of their information systems activities. Figure 11-5 lists popular reasons for doing so. Consider each major group of reasons.

Figure 11-5: Popular Reasons for Outsourcing IS Services

Management Advantages
First, outsourcing can be an easy way to gain expertise. As you’ll learn in Lesson 12, iMed Analytics wants to develop custom IoT medical device apps and a new real-time machine learning system, but no one on the staff knows the particulars of coding these types of apps. Outsourcing can be an easy and quick way to obtain that expertise.

For example, Figure 11-6 shows the top-10 highest-paid skills or experiences reported from Dice’s annual Tech Salary Survey. Note that only one of the top-10 skills in 2019 was ranked in the top 10 in 2012. Rapid changes in technology push rapid changes in demand for certain technical skills.

Figure 11-6: Top-10 Tech Skills


Skill or Experience










Apache Kafka

$ 134,557






$ 134,462





$ 133,695









$ 132,708









$ 132,497









$ 132,136








$ 131,772






$ 131,556









Amazon Redshift

$ 130,723





PaaS (Platform as a Service)

$ 130,669







Organizations developing innovative products may not have the necessary in-house technical expertise to produce them. In fact, unless they’re constantly training their current employees on the latest technology, they probably don’t have the necessary expertise. Outsourcing and strategic partnerships enable organizations to make products they wouldn’t have otherwise been able to make internally.

Another reason for outsourcing is to avoid management problems. At iMed Analytics, building a large development and test team may be more than the company needs and require management skills that neither Emily nor Jose has. Outsourcing the development function saves them from needing this expertise.

Similarly, some companies choose to outsource to save management time and attention. Emily at iMed has the skills to manage a new software development project, but she may choose not to invest the time.

Note, too, that it’s not just Emily’s time. It is also time from more senior managers who approve the purchase and hiring requisitions for that activity. And those senior managers, like Jasmine, will need to devote the time necessary to learn enough about server infrastructure to approve or reject the requisitions. Outsourcing saves both direct and indirect management time.

Cost Reduction
Other common reasons for choosing to outsource concern cost reductions. With outsourcing, organizations can obtain part-time services. Another benefit of outsourcing is to gain economies of scale. If 25 organizations develop their own payroll applications in-house, then when the tax law changes 25 different groups will have to learn the new law, change their software to meet the law, test the changes, and write the documentation explaining the changes. However, if those same 25 organizations outsource to the same payroll vendor, then that vendor can make all of the adjustments once, and the cost of the change can be amortized over all of them (thus lowering the cost that the vendor must charge).

Risk Reduction
Another reason for outsourcing is to reduce risk. First, outsourcing can cap financial risk. In a typical outsourcing contract, the outsource vendor will agree to a fixed price contract for services. This occurs, for example, when companies outsource their hardware to cloud vendors. Another way to cap financial risk is as Emily recommends: delay paying the bulk of the fee until the work is completed and the software (or other component) is working. In the first case, it reduces risk by capping the total due; in the second, it ensures that little money need be spent until the job is done.

Second, outsourcing can reduce risk by ensuring a certain level of quality or avoiding the risk of having substandard quality. A company that specializes in food service knows what to do to provide a certain level of quality. It has the expertise to ensure, for example, that only healthy food is served. So, too, a company that specializes in, say, cloud-server hosting knows what to do to provide a certain level of reliability for a given workload.

Note that there is no guarantee that outsourcing will provide a certain level of quality or quality better than could be achieved in-house. If it doesn’t outsource the cafeteria, Google might get lucky and hire only great chefs. Emily might get lucky and hire the world’s best software developer. But, in general, a professional outsourcing firm knows how to avoid giving everyone food poisoning or how to develop new mobile applications. And if that minimum level of quality is not provided, it is easier to hire another vendor than it is to fire and rehire internal staff.

Finally, organizations choose to outsource IS in order to reduce implementation risk. Hiring an outside cloud vendor reduces the risk of picking the wrong brand of hardware or the wrong virtualization software or implementing tax law changes incorrectly. Outsourcing gathers all of these risks into the risk of choosing the right vendor. Once the company has chosen the vendor, further risk management is up to that vendor.

International Outsourcing


Choosing to use an outsourcing developer in India is not unique to iMed Analytics. Many firms headquartered in the United States have chosen to outsource overseas. Microsoft and Dell, for example, have outsourced major portions of their customer support activities to companies outside the United States. India is a popular source because it has a large, well-educated, English-speaking population that will work for 20 to 30 percent of the labor cost in the United States. China and other countries are used as well. In fact, with modern telephone technology and Internet-enabled service databases, a single service call can be initiated in the United States, partially processed in India and then Singapore, and finalized by an employee in England. The customer knows only that he has been put on hold for brief periods of time.

International outsourcing is particularly advantageous for customer support and other functions that must be operational 24/7. Amazon, for example, operates customer service centers in the United States, Costa Rica, Ireland, Scotland, Germany, Italy, Beijing, Japan, and India. During the evening hours in the United States, customer service reps in India, where it is daytime, can handle the calls. When night falls in India, customer service reps in Ireland or Scotland can handle the early morning calls from the east coast of the United States. In this way, companies can provide 24/7 service without requiring employees to work night shifts.

By the way, as you learned in Lesson 1, the key protection for your job is to become someone who excels at nonroutine symbolic analysis. Someone with the ability to find innovative applications of new technology is also unlikely to lose his or her job to overseas workers.

What Are the Outsourcing Alternatives?


Organizations have found hundreds of different ways to outsource information systems and portions of information systems. Figure 11-7 organizes the major categories of alternatives according to information systems components.

 Figure 11-7: IS/IT Outsourcing Alternatives
Some organizations outsource the acquisition and operation of computer hardware. Electronic Data Systems (EDS) has been successful for more than 30 years as an outsource vendor of hardware infrastructure. Figure 11-7 shows another alternative: outsourcing the computers in the cloud via IaaS.

Acquiring licensed software, as discussed in Lesson 4 and Lesson 12, is a form of outsourcing. Rather than develop the software in-house, an organization licenses it from another vendor. Such licensing allows the software vendor to amortize the cost of software maintenance over all of the users, thus reducing that cost for all who use it. Another option is platform as a service (PaaS), which is the leasing of hardware with preinstalled operating systems as well as possibly DBMS systems. Microsoft’s Azure is one such PaaS offering.

Some organizations choose to outsource the development of software. Such outsourcing might be for an entire application, as with iMed, or it could also be for making customizations to licensed software, as is frequently done with ERP implementations.

Yet another alternative is software as a service (SaaS), in which hardware and both operating system and application software are leased. is a typical example of a company that offers SaaS.

It is also possible to outsource an entire system. PeopleSoft (now owned by Oracle) attained prominence by providing the entire payroll function as an outsourced service. In such a solution, as the arrow in Figure 11-7 implies, the vendor provides hardware, software, data, and some procedures. The company need provide only employee and work information; the payroll outsource vendor does the rest.

Finally, some organizations choose to outsource an entire business function. For years, many companies have outsourced to travel agencies the function of arranging for employee travel. Some of these outsource vendors even operate offices within the company facilities. Such agreements are much broader than outsourcing IS, but information systems are key components of the applications that are outsourced.

What Are the Risks of Outsourcing?


With so many advantages of outsourcing and so many different outsourcing alternatives, you might wonder why any company has in-house IS/IT functions. In fact, outsourcing presents significant risks, as listed in Figure 11-8.

 Figure 11-8: Outsourcing Risks
Loss of Control
The first risk of outsourcing is a loss of control. For iMed, once Emily contracts with her friend Kiaan, Kiaan is in control. At least for several weeks or months. If he makes iMed a priority project and devotes his attention and that of his employees as needed, all can work out well. On the other hand, if he obtains a larger, more lucrative contract soon after he starts iMed, schedule and quality problems can develop. Neither Emily nor Jose has any control over this eventuality. If they pay at the end, they may not lose money, but they can lose time.

For service-oriented outsourcing, say, the outsourcing of IT infrastructure, the vendor is in the driver’s seat. Each outsource vendor has methods and procedures for its service. The organization and its employees will have to conform to those procedures. For example, a hardware infrastructure vendor will have standard forms and procedures for requesting a computer, for recording and processing a computer problem, or for providing routine maintenance on computers. Once the vendor is in charge, employees must conform.

When outsourcing the cafeteria, employees have only those food choices that the vendor provides. Similarly, when obtaining computer hardware and services, the employees will need to take what the vendor supports. Employees who want equipment that is not on the vendor’s list will be out of luck.

Unless the contract requires otherwise, the outsource vendor can choose the technology that it wants to implement. If the vendor, for some reason, is slow to pick up on a significant new technology, then the hiring organization will be slow to attain benefits from that technology. An organization can find itself at a competitive disadvantage because it cannot offer the same IS services as its competitors.

Another concern is a potential loss of intellectual capital. The company may need to reveal proprietary trade secrets, methods, or procedures to the outsource vendor’s employees. As part of its normal operations, that vendor may move employees to competing organizations, and the company may lose intellectual capital as that happens. The loss need not be intellectual theft; it could simply be that the vendor’s employees learned to work in a new and better way at your company, and then they take that learning to your competitor.

Similarly, all software has failures and problems. Quality vendors track those failures and problems and fix them according to a set of priorities. When a company outsources a system, it no longer has control over prioritizing those fixes. Such control belongs to the vendor. A fix that might be critical to your organization might be of low priority to the outsource vendor.

Other problems are that the outsource vendor may change management, adopt a different strategic direction, or be acquired. When any of those changes occur, priorities may change, and an outsource vendor that was a good choice at one time might be a bad fit after it changes direction. It can be difficult and expensive to change an outsource vendor when this occurs.

The final loss-of-control risk is that the company’s CIO can become superfluous. When users need a critical service that is outsourced, the CIO must turn to the vendor for a response. In time, users learn that it is quicker to deal directly with the outsource vendor, and soon the CIO is out of the communication loop. At that point, the vendor has essentially replaced the CIO, who has become a figurehead. However, employees of the outsource vendor work for a different company, with a bias toward their employer. Critical managers will thus not share the same goals and objectives as the rest of the management team. Biased, bad decisions can result.

Benefits Outweighed by Long-Term Costs
The initial benefits of outsourcing can appear huge. A cap on financial exposure, a reduction of management time and attention, and the release of many management and staffing problems are all possible. (Most likely, outsource vendors promise these very benefits.) Outsourcing can appear too good to be true.

In fact, it can be too good to be true. For one, although a fixed cost does indeed cap exposure, it also removes the benefits of economies of scale. If iMed demand takes off and it suddenly needs 200 servers instead of 20, the using organization will pay 200 times the fixed cost of supporting one server. It is possible, however, that because of economies of scale, the costs of supporting 200 servers are far less than 10 times the costs of supporting 20 servers. If they were hosting those servers in-house, they and not the vendor would be the beneficiary.

Also, the outsource vendor may change its pricing strategy over time. Initially, an organization obtains a competitive bid from several outsource vendors. However, as the winning vendor learns more about the business and as relationships develop between the organization’s employees and those of the vendor, it becomes difficult for other firms to compete for subsequent contracts. The vendor becomes the de facto sole source and, with little competitive pressure, might increase its prices.

Another problem is that an organization can find itself paying for another organization’s mismanagement, with little knowledge that that is the case. If iMed outsources its servers, it is difficult for it to know if the vendor is well managed. The iMed investors may be paying for poor management; even worse, iMed may suffer the consequences of poor management, such as lost data. It will be very difficult for iMed to learn about such mismanagement.

No Easy Exit
The final category of outsourcing risk concerns ending the agreement. There is no easy exit. For one, the outsource vendor’s employees have gained significant knowledge of the company.

They know the server requirements in customer support, they know the patterns of usage, and they know the best procedures for downloading operational data into the data warehouse. Consequently, lack of knowledge will make it difficult to bring the outsourced service back in-house.

Also, because the vendor has become so tightly integrated into the business, parting company can be exceedingly risky. Closing down the employee cafeteria for a few weeks while finding another food vendor would be unpopular, but employees would survive. Shutting down the enterprise network for a few weeks would be impossible; the business would not survive. Because of such risk, the company must invest considerable work, duplication of effort, management time, and expense to change to another vendor. In truth, choosing an outsource vendor can be a one-way street.

At iMed, if, after the initial application development, the team decides to change development vendors, it may be very difficult to do. The new vendor will not know the application code as well as the current one who created it. It may become infeasible in terms of time and money to consider moving to another, better, lower-cost vendor.

Choosing to outsource is a difficult decision. In fact, the correct decision might not be clear, but time and events could force the company to decide.

Knowledge Check

Q11-4 What Are Your User Rights and Responsibilities?


As a future user of information systems, you have both rights and responsibilities in your relationship with the IS department. The items in Figure 11-9 list what you are entitled to receive and indicate what you are expected to contribute.

Figure 11-9: User Information Systems Rights and Responsibilities

Your User Rights


You have a right to have the computing resources you need to perform your work as proficiently as you want. You have a right to the computer hardware and programs that you need. If you process huge files for data-mining applications, you have a right to the huge disks and the fast processor that you need. However, if you merely receive email and consult the corporate Web portal, then your right is for more modest requirements (leaving the more powerful resources for those in the organization who require them).

You have a right to reliable network and Internet services. Reliable means that you can process without problems almost all of the time. It means that you never go to work wondering, “Will the network be available today?” Network problems should be a rare occurrence.

You also have a right to a secure computing environment. The organization should protect your computer and its files, and you should not normally even need to think about security. From time to time, the organization might ask you to take particular actions to protect your computer and files, and you should take those actions. But such requests should be rare and related to specific outside threats.

You have a right to participate in requirements meetings for new applications that you will use and for major changes to applications that you currently use. You may choose to delegate this right to others, or your department may delegate that right for you, but if so, you have a right to contribute your thoughts through that delegate.

You have a right to reliable systems development and maintenance. Although schedule slippages of a month or 2 months are common in many development projects, you should not have to endure schedule slippages of 6 months or more. Such slippages are evidence of incompetent systems development.

Additionally, you have a right to receive prompt attention to your problems, concerns, and complaints about information services. You have a right to have a means to report problems and to know that your problem has been received and at least registered with the IS department. You have a right to have your problem resolved, consistent with established priorities. This means that an annoying problem that allows you to conduct your work will be prioritized below another’s problem that interferes with his ability to do his job.

Finally, you have a right to effective training. It should be training that you can understand and that enables you to use systems to perform your particular job. The organization should provide training in a format and on a schedule that is convenient to you.

Your User Responsibilities


You also have responsibilities toward the IS department and your organization. Specifically, you have a responsibility to learn basic computer skills and to learn the techniques and procedures for the applications you use. You should not expect hand-holding for basic operations. Nor should you expect to receive repetitive training and support for the same issue.

Users are given a responsibility to manage critical systems. Companies have to find effective ways of motivating employees to be compliant with security policies designed to protect these critical systems. See the Security Guide.

You have a responsibility to follow security and backup procedures. This is especially important because actions that you fail to take might cause problems for your fellow employees and your organization as well as for you. In particular, you are responsible for protecting your password(s). This is important not only to protect your computer but, because of intersystem authentication, also to protect your organization’s networks and databases.

You have a responsibility for using your computer resources in a manner that is consistent with your employer’s policy. Many employers allow limited email for critical family matters while at work but discourage frequent and long casual email. You have a responsibility to know your employer’s policy and to follow it. Further, if your employer has a policy concerning use of personal mobile devices at work, you are responsible for following it.

You also have a responsibility to make no unauthorized hardware modifications to your computer and to install only authorized programs. One reason for this policy is that your IS department constructs automated maintenance programs for upgrading your computer. Unauthorized hardware and programs might interfere with these programs. Additionally, the installation of unauthorized hardware or programs can cause you problems that the IS department will have to fix.

You have a responsibility to install computer updates and fixes when asked to do so. This is particularly important for patches that concern security and backup and recovery. When asked for input to requirements for new and adapted systems, you have a responsibility to take the time necessary to provide thoughtful, complete responses. If you do not have that time, you should delegate your input to someone else.

Finally, you have a responsibility to treat information systems professionals professionally. Everyone works for the same company, everyone wants to succeed, and professionalism and courtesy will go a long way on all sides. One form of professional behavior is to learn basic computer skills so that you avoid reporting trivial problems.

Knowledge Check

Q11-5 2031?


Over the next 10 years, changes in organizational management of IS and IT resources will be driven by the factors mentioned in Lesson 1, including exponential increases in processing power, storage, bandwidth, and connectivity. As a result, most organizations have already moved most of their internal hardware infrastructure to the cloud. This shift to the cloud will alter the way organizations function.

By 2031, it may be difficult to find a single hard disk anywhere within the organization. The same might be true for applications and employees as more online applications are rented—not bought—and jobs are outsourced. What happens to an organization when everything is outside the organization? Organizational boundaries become fuzzy and potentially nonexistent. Security, privacy, and competitiveness will become even more important. Sharing and stealing confidential data will be much easier.

If workers shift from being traditional employees to being consultants in the gig economy, we could see companies becoming hypercompetitive for the best workers. Workers with the hottest skills and the best work experience could make five or 10 times as much as their contemporaries. Even now, companies that are perceived as cool places to work are attracting the most talented workers. This trend will likely accelerate by 2031.

Everyday work life will be different in 10 years, too. Consider that Amazon started using Kiva robots in 2014, and now those robots account for 20 percent of Amazon’s workforce. More than 200,000 robots work alongside 840,000 employees. And it’s not just physical labor, either. A 2019 report by Wells Fargo predicted that in the next 10 years over 200,000 banking jobs currently done by human workers will be replaced by an AI.7 Advances in AI, robotics, and natural language processing could lead to a 30 percent reduction of all finance jobs by 2031.8 By 2031, it’s likely you will be working alongside a synthetic coworker.

The 2020 global pandemic accelerated the trend toward automation and remote working. Any job that requires humans to interact is a prime candidate for automation. Studies predict that 86 percent of restaurant jobs, 76 percent of retail jobs, and 59 percent of recreation jobs will be automated within the next decade.9 And this isn’t even considering the impact on manufacturing jobs. Companies negatively affected by the global lockdown see robots and AI as less risky, less costly, and more capable than their human counterparts. In the next decade the fear of losing jobs to robots may be replaced with the comfort of knowing that robots won’t get us sick. More tech workers will be needed to manage this new synthetic workforce.

By 2031, creating and maintaining a distinct corporate culture may be increasingly difficult. Increased outsourcing, automation, and a large remote virtual workforce may make corporations much less cohesive. Employee loyalty may become a punch line at Christmas parties in 2031. In 10 years, mixed-reality devices will be commonplace. Workers will be able to virtually interact with coworkers around the world as if they were all meeting in the same room.

Future workers may be more “connected” technologically but have fewer deep personal connections or shared experiences. You can already see this phenomenon with smartphones. How many times have you seen a group of people together physically, but most of them are silently staring down at their phones? Without a shared corporate culture or identity, it may be increasingly difficult for companies to hire, train, and keep the best employees.

By 2031, organizations will need to use social media inside the organization in true Enterprise 2.0 style. They will need to effectively engage their employees via internal social media. Similarly, employees will need to effectively engage customers in a world where social media interactions have a direct impact on the bottom line. IS will be seen no longer as a hindrance to organizational strategy and growth but as a key player for gaining competitive advantage. The ubiquity of social media and mobile devices will focus attention on the role that IS can play in achieving organizational goals.

So What? Poor Data Management at Facebook

What are the primary ways in which you interact with family, friends, and colleagues? You probably use face-to-face interactions and traditional phone calls to communicate with at least some of the people in your network. However, more and more communication technologies are being developed and adopted for use in a variety of contexts. For example, Slack is an extremely popular collaboration tool used within the business world, and Discord is a popular communication tool used by millions of gamers to keep in touch and strategize during game play. It is likely that you engage with some of your contacts using Facebook, the social media juggernaut boasting more than 2.5 billion active users as of 2020.

One reason that Facebook continues to attract and retain so many users is Metcalfe’s Law, which states that the value of a network is equal to the square of the number of users connected to it. In other words, the more users there are associated with a network, the more value is offered by that network. This incentivizes new users to join. When someone is considering joining their first social network, they are most likely to choose the platform that will already have the highest number of their friends, family members, and colleagues as users because their experience on that network will provide the greatest value relative to others. However, Metcalfe’s Law doesn’t just attract new users to a site. It also attracts app developers, researchers, and businesses seeking to glean insights—and make money—off the troves of data generated by users.

Click Here to Dislike
Due to Facebook’s position as the most popular social media site in the world, countless third parties target the network for opportunities to collect data about users, their connections with others, and their interactions. Several years ago, Facebook had an extremely open model that allowed the integration of Facebook with a variety of other platforms and services (music-streaming sites, dating sites, and so forth). This integration allowed users to create accounts and log in to those sites using their Facebook accounts. Additionally, third parties developed apps for Facebook that could access the data of the people using those apps as well as the data for all of their friends.

Only recently did the company recognize the potential privacy risks of this model and finally restrict data access to only those users who had directly provided consent to third-party developers as of 2015. However, the damage had already been done: It recently came to light that a researcher had siphoned off data for more than 80 million Facebook users and then sold that data to an analytics firm prior to Facebook putting tighter data restrictions in place.10 This violation of user privacy resulted in a firestorm about Facebook’s poor data management practices and resulted in a statement that Facebook would conduct an investigation to evaluate the apps that had the ability to access user data during that time.

Source: Bildagentur-online/Ohde/Alamy Stock Photo

Pay for Play
In response to this incident, CEO and founder Mark Zuckerberg stated that Facebook had already taken steps to prevent future privacy missteps. He was later summoned to Washington, D.C., to testify before the Commerce and Judiciary Committees on Capitol Hill to explain how something like this could have happened and how something similar could be prevented in the future. However, Facebook’s reputation was already tarnished by the incident. There was an active movement calling for people to delete their Facebook accounts. The scandal also had an impact on Wall Street. Major tech stocks (e.g., Facebook, Amazon, Apple, Netflix, and Alphabet) collectively lost $397 billion of market capitalization around this time as fears grew that other top tech companies likely had similar “skeletons in their closets.”11

While Facebook’s stock will likely recover, its data management practices, and possibly its business model, will change. Some experts have speculated that Facebook will begin offering the option for users to pay a monthly fee to access the network, which would protect their data from any sort of access by advertisers or other third parties.12 It has been estimated that Facebook would need to charge roughly $7 per month from users in North America to compensate for the $82 per user that is collected in advertising revenues per user per year.13 If nothing else, this situation has sent a shock wave through the tech world regarding privacy and the risks associated with careless management of user data—and the hard and soft costs that can occur as a result of such cavalier actions.


To what extent are social media platforms an important part of your daily interactions? Do you use a certain social media platform because your family or friends use it? Why do you think this is the case?

 Show Answer

Are you one of the 87 million Facebook users who had their data shared with Cambridge Analytica? If so, did this situation bother you? Why or why not?

 Show Answer

During Mark Zuckerberg’s hearings on Capitol Hill, it became clear that many politicians have minimal knowledge about how Facebook operates as a business. How does this present challenges for the creation of regulations that may be put in place to ensure that Facebook and other tech companies properly manage user data?

 Show Answer

Why would Facebook offer a pay option? Would it be worth it to you to pay a monthly fee to access Facebook and know that your personal data would be protected? Why or why not?

 Show Answer

Security Guide

Carrot or Stick? Neither
Imagine that you are given the opportunity to sit down with a group of corporate leaders and you can ask them about their biggest cyber security concerns. What do you think their most pressing worries would be?

When most people think about cybersecurity, they often conjure up images of hooded hackers in dark basements feverishly typing code or social engineers sneaking into corporate server rooms placing network taps to gain remote access. However, these types of nefarious digital actors often do not pose the greatest risk. You may find it surprising that what concerns business leaders most are their very own employees.

A study investigating where businesses felt most vulnerable found that the top three cybersecurity concerns were inappropriate sharing of data via mobile devices, physical loss of mobile devices exposing organizations to risk, and inappropriate IT resource use by employees14; all risks introduced by internal actors.

An additional finding of this study was that at least 40 percent of businesses of every size (very small businesses, small and medium-sized businesses, and enterprise-grade businesses) reported not feeling protected from inappropriate IT use by their own employees.

Security Policies
Accordingly, one of the mechanisms by which businesses try to reduce risk is to promote more secure behavior by employees. This is often accomplished using security policies. A security policy is simply a framework of guidelines and procedures that employees in an organization are mandated to follow to ensure appropriate use of systems, data, and other technological assets.

General information security policies are often rolled out in concert with a variety of other policies, including acceptable use policies, change management policies, email/communication policies, and disaster recovery policies.15 Employees are typically required to review these policies and agree to follow them during onboarding to the organization.

However, studies investigating employee compliance with security policies indicate that compliance rates can be dangerously lax. One study reported the troubling statistics that 44 percent of companies observed employees not following security policies appropriately and that roughly 25 percent of companies did not intend to even try to enforce security policies that had been deployed.

For companies electing to try to get employees to comply, a variety of methods are used. These methods can often be categorized as either rewards or punishments (frequently called the carrot or the stick approaches). But are existing methods like the carrot or stick approach actually effective if almost half of companies report issues with employee compliance?

Source: Wright Studio/Shutterstock

What Causes Compliance?
A study was recently conducted that looked at all of the information systems research that had investigated factors that influence security policy compliance.16 The purpose of the study was to identify higher-level trends and key takeaways from the dozens of different studies that each evaluated a handful of compliance factors. (This type of study is called a meta-analysis.)

Out of 17 different factors that had been widely studied, rewards and punishments placed in the bottom four, meaning that they are least likely to result in compliant behavior. This is quite a counterintuitive finding, as many organizations rely on rewards and punishments when trying to motivate compliant behavior.

Even more surprising is the finding that some of the strongest predictors of compliance are personal attributes, like attitudes and personal norms and ethics. What is interesting about this later finding is the realization that cultivating a security-conscious culture in an organization cannot be accomplished by simply putting incentives or punitive measures in place; it requires finding and hiring the right people who have the personal characteristics that match the security norms the organization is trying to create.

What does this mean for you? First, when you enter the workforce, you will become an integral part of your organization’s security posture—your compliance with the established policies will help to minimize risk. Second, when you take on managerial roles and hire new employees, you need to pay attention to factors that would indicate that an applicant will mesh well with the security needs and culture of the organization; employees cannot simply be altered to fit the organizational mold once they have been hired and are already on the inside.

Discussion Questions

You may not have realized that your university has a security policy that guides how students, faculty, and staff can use technological resources. Are you familiar with this policy and what it entails? If not, track down your university’s policy and read it carefully. Is there anything in the policy that surprises you?

 Show Answer

Where do you think security education, training, and awareness (SETA) ranked on the list of 17 factors that can lead to security policy compliance?

 Show Answer

What role do you think managers and higher-level organizational leaders play in promoting compliance and thereby a secure organizational culture?

 Show Answer

Refer back to question 1. If you were not familiar with your university’s policy, why do you think this is the case? What recommendations would you give your university’s chief information officer (CIO) to help him or her promote awareness of policies in students as to create a more secure university culture?

 Show Answer

Career Guide

Source: Susan M. Jones, DBA, CISA, OPST, Utah State University, Data Governance Officer

Name: Susan M. Jones, DBA, CISA, OPST

Company: Utah State University

Job Title: Data Governance Officer

Education: Henley Business School, UK

How did you get this type of job?

Early in my finance career, I watched technology advance and enhance business operations. I quickly realized that technology would provide a competitive advantage in the job market. Employers are always interested in individuals who have complementary technology skills. As the field evolved, threats to data became a focus, and I found myself addressing data security and data privacy issues. I studied “attackers” and how they were able to get into computer systems by exploiting technology and human psychology and trust. With this knowledge, my career advanced to my current position, where I help manage risk by setting clear ground rules for data access and handling.

What attracted you to this field?

Honestly, what isn’t attractive about this field? The information technology (IT) field is exciting, innovative, and dynamic. IT connects every division in an organization. For example, IT connects marketing to manufacturing, reshaping not only the way we produce products but the way we market them. More than the excitement of technology, the field is attractive because of its service aspects.

What does a typical workday look like for you (duties, decisions, problems)?

Much of my work involves identifying data-related risks and recommending technical and administrative controls to mitigate them. My days are full of a wide range of interactions and activities, which ultimately become more management oriented than technology oriented. From the mapping of data flows to training employees about secure data collection, my daily interactions provide valuable insight into the organization and its use of data and technology.

What do you like most about your job?

Like others in the IT profession, I find myself learning many different business functions, legal requirements, and system controls. The more I learn, the more I can contribute to the organization. To truly accomplish our organizational mission, we need both people and technology. I enjoy that my work contributes both to the organization and to the employees.

What skills would someone need to do well at your job?

Project management, change management, problem-solving, and communication skills are important for success in data governance. Data governance requires accountability; thus, if these skills are combined with a desire to learn and understand, a fulfilling career with strong relationships will follow. As a personal development goal, I consciously (and continually) work to hone these skills.

Are education or certifications important in your field? Why?

Yes, continual learning is valuable in any profession, but especially in technology. Technology is always progressing, so train, train, train! Education and certifications are very useful for professional development and career advancement, and they are listed as a base minimum in a majority of job descriptions in my field.

What advice would you give to someone who is considering working in your field?

Data governance requires the coordination of many roles and organizational areas. Therefore, my advice is to take time to analyze the big picture and make connections, whether working for yourself or for a large company. It is easy to learn about a single subject, but until you truly understand how one subject can enhance another, you will not recognize your full potential.

What do you think will be hot tech jobs in 10 years?

Tough question—tech forecasting can be a dangerous endeavor. In the next 10 years, I expect the hot tech jobs to involve more than just technology knowledge. In my dreams, all tech jobs will require a strong knowledge of data security and an understanding of privacy.

Ethics Guide

Training your Replacement
Scott Essex sat at his desk looking through the roster of employees he managed. As he flipped through the pages, he felt a sinking feeling in his stomach. Upper management had directed him to cut his team of software developers by nearly 75 percent. This directive came as a result of a recent initiative to reduce costs by outsourcing IT department projects. As he flipped back and forth between the pages, Scott didn’t know how to identify which employees to retain and which employees to let go. All the employees brought value to the team—if they didn’t, Scott wouldn’t have hired them in the first place.

Scott flipped to the beginning of the roster and started putting stars next to the names of employees he would consider letting go. Some had worked for the company for many years. But, in spite of their time on the job, they honestly didn’t add as much value as they should relative to their pay. Conversely, there were more recent hires who had tremendous potential and were low-cost relative to other employees. Scott paused and looked up from the roster—he wasn’t sure how he was going to look these people in the eye when he told them the bad news. But he would have to do it. It was part of his job.

Then it got worse. Scott’s boss sent him a portfolio of new development projects that had to be completed in the next 3 to 6 months. How could upper management expect the usual turnaround time for these projects when 75 percent of his staff was going to be replaced with new outsourced employees—working on the other side of the planet? These new employees would know nothing about the “vibe” of his team or the intangibles that made the team run smoothly. Letting employees go was one thing. But if he didn’t get these projects completed on time, his own position could be in jeopardy.

To Train or Not to Train
The next morning, Scott walked into the office still feeling discouraged about losing so much of his team. But he felt confident in the selections he had made concerning the employees who would be staying. As long as the remaining team members could move past this process and get back to work, he figured they had a chance at sticking to the new project schedule. He walked down the hall to drop off his proposed personnel changes to his boss, Beth Birman. Beth asked him to close the door and take a seat.

Beth started the conversation. “Well, I bet you are wondering how you are going to make those new project deadlines with the employee changeover you will be managing.” Scott tried to keep his true feelings from showing on his face. He replied optimistically, “Well, it is going to be a bit hectic, but I think we can manage!”

Source: Gorodenkoff/Shutterstock

Beth smiled and retorted, “Well, you should know that I always try to take care of you. I wouldn’t put you in such a bind without a little help.” Scott wasn’t sure what she was getting at. “I’m not exactly sure what you mean,” he replied.

Beth continued, “We are going to have the employees who are being released from your team train the new outsourced employees. Training the replacements will be a condition of departing employees’ severance package. If we do this, we ensure that the new employees do not spend a month or more getting up to speed and learning their responsibilities. Doing this will ensure that the outsourced hires are fully operational within a week or so. And you should be able to meet your project deadlines.”

The rest of the meeting was a blur. Scott tried to come to terms with the fact that the employees he was about to fire would be forced to train their own replacements. If they didn’t, they would forfeit most of their severance package. “Talk about adding insult to injury,” he muttered under his breath as he walked back to his desk.

He thought about it more and more as the day progressed, and he began to be deeply unsettled by what Beth was asking him to do. How is it fair to ask someone to train the person taking his or her job? This is going to be awkward, unpleasant, and insulting, Scott thought. If corporate felt good about this decision, what else would they be willing to make departing employees do as a condition of their termination? It seemed like a slippery slope. He wondered how long it would be before he was training his own replacement. He couldn’t get his mother’s famous saying out of his head: “If you lay down with the dogs, you wake up with fleas.”

Discussion Questions

According to the definitions of the ethical principles defined previously in this course:

Do you think that forcing an employee to train his or her replacement is ethical according to the categorical imperative?

Do you think that forcing an employee to train his or her replacement is ethical according to the utilitarian perspective?

How would you feel if you were asked to train your replacement after receiving notice that you were going to be terminated by your employer? Do you think that this sets a dangerous precedent for future termination conditions?

Aside from the tactic proposed by Beth in this scenario, what strategies could a company use to ensure that new replacement employees are better able to fulfill their responsibilities?

Building on question 3, how can technology be used to improve the change management process?

Active Review


Use this Active Review to verify that you understand the ideas and concepts that answer the lesson’s study questions.

Q11-1 What are the functions and organization of the IS department?

List the five primary functions of the IS department. Define CIO and explain the CIO’s typical reporting relationships. Name the four groups found in a typical IS department and explain the major responsibilities of each. Define CTO and explain typical CTO responsibilities. Explain the purpose of the data administration function. Define CSO and CISO and explain the differences in their responsibilities.

Q11-2 How do organizations plan the use of IS?

Explain the importance of strategic alignment as it pertains to IS planning. Explain why maintaining alignment can be difficult. Describe the CIO’s relationship to the rest of the executive staff. Describe the CIO’s responsibilities with regard to priorities. Explain challenges to this task. Define steering committee and explain the CIO’s role with regard to it.

Q11-3 What are the advantages and disadvantages of outsourcing?

Define outsourcing. Explain how Drucker’s statement “Your back room is someone else’s front room” pertains to outsourcing. Summarize the management advantages, cost advantages, and risks of outsourcing. Differentiate among IaaS, PaaS, and SaaS and give an example of each. Explain why international outsourcing can be particularly advantageous. Describe skills you can develop that will protect you from having your job outsourced. Summarize the outsourcing risks concerning control, long-term costs, and exit strategy.

Q11-4 What are your user rights and responsibilities?

Explain in your own words the meaning of each of your user rights as listed in Figure 11-9. Explain in your own words the meaning of each of your user responsibilities in Figure 11-9.

Q11-5 2031?

Explain how the adoption of the cloud may be a model for future outsourcing of applications and jobs. List some changes and developments that will have an effect on an organization’s management of IS and IT. How might the gig economy affect organizational effectiveness? Explain how robotics and automation will affect the workplace. How could the global coronavirus lockdown change perceptions of an automated workforce. Describe how virtual workers and “connected” digital devices may actually make an organization less cohesive. Explain the organizational cultural change that will affect the IS department.

Using Your Knowledge with iMed
You now know the primary responsibilities of the IS department and can understand why it may implement the standards and policies that it does. You know the planning functions of IS and how they relate to the rest of your organization. You also know the reasons for outsourcing IS services, the most common and popular outsource alternatives, and the risks of outsourcing. Finally, you know your rights and responsibilities with regard to services provided by your IS department.

The knowledge of this lesson will help you understand what needs to be done, whether you work for iMed Analytics, are a potential investor in iMed Analytics, or are an advisor to a potential investor.

Using Your Knowledge


11-1. According to this lesson, information systems, products, and technology are not malleable; they are difficult to change, alter, or bend. How do you think senior executives other than the CIO view this lack of malleability? For example, how do you think IS appears during a corporate merger?

11-2. Suppose you represent an investor group that is acquiring hospitals across the nation and integrating them into a unified system. List five potential problems and risks concerning information systems. How do you think IS-related risks compare to other risks in such an acquisition program?

11-3. What happens to IS when corporate direction changes rapidly? How will IS appear to other departments? What happens to IS when the corporate strategy changes frequently? Do you think such frequent changes are a greater problem to IS than to other business functions? Why or why not?

Collaboration Exercise


Using the collaboration IS you built in Lesson 1, collaborate with a group of students to answer the following questions.

Green computing is environmentally conscious computing consisting of three major components: power management, virtualization, and e-waste management. In this exercise, we focus on power.

You know, of course, that computers (and related equipment, such as printers) consume electricity. That burden is light for any single computer or printer. But consider all the computers and printers in the United States that will be running tonight, with no one in the office. Proponents of green computing encourage companies and employees to reduce power and water consumption by turning off devices when not in use.

Is this issue important? Is it just a concession to environmentalists to make computing professionals appear virtuous? Form a team and develop your own, informed opinion by considering computer use at your campus.

11-4. Search the Internet to determine the power requirements for typical computing and office equipment. Consider laptop computers, desktop computers, CRT monitors, LCD monitors, and printers. For this exercise, ignore server computers. As you search, be aware that a watt is a measure of electrical power. It is watts that the green computing movement wants to reduce.

 Show Answer

11-5. Estimate the number of each type of device in use on your campus. Use your university’s website to determine the number of colleges, departments, faculty, staff, and students. Make assumptions about the number of computers, copiers, and other types of equipment used by each.

 Show Answer

11-6. Using the data from items 11-4 and 11-5, estimate the total power used by computing and related devices on your campus.

 Show Answer

11-7. A computer that is in screensaver mode uses the same amount of power as one in regular mode. Computers that are in sleep mode, however, use much less power, say, 6 watts per hour. Reflect on computer use on your campus and estimate the amount of time that computing devices are in sleep versus screensaver or use mode. Compute the savings in power that result from sleep mode.

 Show Answer

11-8. Computers that are automatically updated by the IS department with software upgrades and patches cannot be allowed to go into sleep mode because if they are sleeping, they will not be able to receive the upgrade. Hence, some universities prohibit sleep mode on university computers (sleep mode is never used on servers, by the way). Determine the cost, in watts, of such a policy.

 Show Answer

   11-9. Calculate the monthly cost, in watts, if:

All user computers run full time night and day.

 Show Answer

All user computers run full time during work hours and in sleep mode during off-hours.

 Show Answer

All user computers are shut off during nonwork hours.

 Show Answer

11-10. Given your answers to items 11-4 through 11-9, is computer power management during off-hours a significant concern? In comparison to the other costs of running a university, does this issue really matter? Discuss this question among your group and explain your answer.

 Show Answer

Case Study




Imagine that you are placed in a group of four strangers and each of you is sent to a different location in your city. Upon reaching that location, you are given an envelope that contains a task that you and your group members have been assigned to complete together. The only way that you can communicate is by using a phone that has been provided to each member of your group at your respective locations.

Now, for comparison, think about your last experience working on a group project for school. Make a list of all of the different forms of technology that you used to communicate and coordinate with your group members. Your list probably includes calendar applications, to-do lists, cell phones, text messaging, cloud storage, productivity software, email, the Internet, and more.

Source: Sundry Photography/Shutterstock

Consider the disparity between these two scenarios. The first scenario is consistent with the constraints of collaboration before the advent of the Internet, personal computers, cell phones, and so on. The second scenario is consistent with the collaboration technologies that are available to most people today. However, just because there is more technology available today relative to decades ago doesn’t mean that there still couldn’t be an even better way to work as a team.

In fact, the most high-profile collaboration tool available today has changed the way countless teams around the world interact and work together. Almost by accident, the creation of this tool even spawned a billion-dollar company—Slack.

Silver Linings


Steward Butterfield had already had quite a successful career in the tech world. He first founded a company that developed a massively multiplayer online role-playing game (MMORPG). When that project fizzled, the company pivoted and developed the photo-sharing site Flickr. His company was ultimately bought by Yahoo! in 2005, and Butterfield stayed on to serve in a management position at Yahoo! for several years. In 2009, Butterfield started a new company, again with the intention to release a new MMORPG called Glitch.17

While Butterfield’s second attempt at developing a game was again abandoned in 2012, the process of developing the game yielded an outcome that would become the silver lining of all silver linings. Development teams for the game were spread between three cities: New York, San Francisco, and Vancouver. The chat tool they had been using to collaborate was stripped down and clunky—the developers decided to invent their own collaboration platform to facilitate their work.18

Despite having no initial intention to commercialize the collaboration tool, Butterfield realized that what they’d created had potential. Rather than switching over to try to sell their platform immediately, they pushed it out to friends and colleagues at other companies for unofficial trials; the bigger the group, the better.19 After multiple rounds of revisions to the tool, it was ready to go out into the wild in 2014. Interested users were required to request an invitation to access the tool; thousands of people submitted requests on the first day. A few months later, the company rebranded itself as Slack Technologies. (Slack is actually an acronym for “Searchable Log of All Conversations and Knowledge”).

Slack Attack


Slack rapidly grew its user base over the next several years, with 140,000 daily active users in 2014 to over 1 million active daily users in 2015 and then breaking through 3 million active daily users by 2016. Shadowing this growth was extensive funding, as Slack brought in multiple rounds of funding totaling over $100 million each round, which in sum would approach $1 billion worth of investments by 2019.

Slack has continuously worked to improve its platform and expand its functionality. Today, it features channels for messaging, embedded file sharing, voice and video calls, native integrations with other platforms (Google Drive, Dropbox, Zoom, Salesforce, etc.), security and privacy controls, searchable histories, and so on.20 To gauge adoption potential, the company developed its own target indicating that it takes teams about 2,000 messages before they reach the tipping point of buying in long-term. Of the teams that reached that point, 93 percent are still using Slack.

Based on its success and upward trajectory, Slack filed for a direct listing on the New York Stock Exchange in June 2019. The reference price to begin trading was $26, and the share price topped out at $38.62 at the end of the day—a diluted valuation of $23.2 billion.21



Slack turned out to be one of the fastest-growing tech companies of all time, but can it sustain this type of rapid growth and profitability? Many tech companies offer various combinations of collaboration tools (e.g., Microsoft Teams, which leads in security and compliance), and with Slack’s creation of a new market for enterprise-level collaboration platforms, competitors are now focusing on stealing Slack’s first-mover-advantage market share.

Further, with the disruption to the economy from COVID-19, it will be more difficult for Slack to engage with large corporate clients and close deals due to travel and meeting restrictions. Future revenue projects are uncertain. Will Slack continue its string of successes, or has the company left too much slack in the line for other companies to reel in?


11-11. Have you tried Slack? If so, think about your experience. If not, take a few minutes to install Slack and check it out for yourself. (At a minimum, take a few minutes to browse the Slack website.) In either case, consider why it has become so popular. Be ready to share your thoughts with the class.

 Show Answer

11-12. Despite its wild success and growing demand, Slack continues to offer a freemium model (i.e., people can use the software for free and then pay if they want advanced features, extended access, or enterprise functionality). With an extensive customer base, why wouldn’t Slack do away with this model and charge everyone who wants to use the platform?

 Show Answer

11-13. Why would a company want to spend money on Slack when users likely already have access to Microsoft Office solutions and/or Google Docs? Wouldn’t these provide enough collaboration opportunities?

 Show Answer

11-14. Most tech companies choose to follow a conventional initial public offering (IPO) process; Slack chose a direct listing. Do some research about the differences between these two processes—why do you think Slack chose the route that it did?

 Show Answer

11-15. In light of the challenges that may lie ahead for Slack, what recommendations would you give executives on how to continue the company’s success?

 Show Answer

Complete the following writing exercises

11-16. Consider the following statement: “In many ways, choosing an outsource vendor is a one-way street.” Explain what this statement means. Do you agree with it? Why or why not? Does your answer change depending on what systems components are being outsourced? Why or why not?

11-17. A large multinational corporation experiences a severe data breach that results in the loss of customer data for nearly 250 million customers. The lost data included names, addresses, email addresses, passwords, credit card numbers, and dates of birth. During the first week, the entire company is in damage control mode. About 2 weeks after the data breach, the company’s board of directors starts asking who was responsible. Heads are going to roll. They want to show their customers that they are taking steps so this won’t happen again. Should they fire the CEO, CIO, CISO, CTO, database administrators, or line workers? Justify your choices.

error: Content is protected !!