Exams

Question 1

Transaction Processing Systems

Answer 1

Capture/store routine transactions (order processing, billing, reservations).

Question 2

Knowledge Work Systems

Answer 2

Data mining tools or decision support systems that analyze sales trends and customer preferences.
Support professionals (engineers, lawyers, analysts) with design tools, spreadsheets, email.

Question 3

Office Systems (OS):

Answer 3

Used by data workers (clerks, bookkeepers) for word processing, spreadsheets, document imaging.

Question 4

Management Information Systems (MIS):

Answer 4

Summarize TPS data into reports (weekly/monthly sales, production, headcount).

Question 5

Decision Support Systems (DSS):

Answer 5

Help managers with semi-structured decisions (pricing, production scheduling).

Question 6

Executive Support Systems (ESS)

Answer 6

Executive dashboards showing long-term performance, profitability, and market share for strategic planning. Combine internal MIS + external data (market trends, legislation, confidence).

Question 7

Point-of Sale

Answer 7

is an operational‑level Transaction Processing System (TPS) that records daily sales, updates inventory, and processes payments.

Question 8

The Supply Chain (aka the Industry Value Chain)

Answer 8

is network of organizations and business processes for procuring raw materials, transforming raw materials into finished products
and distributing these products to customers.

Question 9

Islands of automation.”

Answer 9

Ideally, systems should share data, but integration is often difficult, systems don’t communicate → duplicate/outdated data.

Question 10

Middleware

Answer 10

(e.g., APIs, ETL processes) Software that connects different applications/systems, enabling communication and data exchange

Question 11

Enterprise Resource Planning system

Answer 11

Unified data repository, standardized processes, shared data with partners.

Question 12

Complementary investments

Answer 12

Non-IT resources (training, organizational change, new processes) needed to realize IT benefits.

Question 13

Business intelligence

Answer 13

automates reporting and analyze trends (e.g., peak hours, top sellers)

Question 14

Scenario: CFO upset that income statements take 3 months; systems are incompatible.

Answer 14

What’s going on: The organization likely has disparate legacy systems that don’t integrate well. Data may be stored in different formats, across multiple platforms, requiring manual reconciliation. This causes delays.

Standardize data formats and adopt a centralized database for financial reporting.
Automate reporting with Business Intelligence (BI) tools to reduce manual work.

Question 15

POS Data → Trends & Patterns

Answer 15

Systems Required:
Data Warehouse: Stores large volumes of historical POS data
Business Intelligence (BI): Dashboards, visualizations
Data Mining Tools: Identify patterns, correlations, and product relationships

How It Works:
POS (TPS) captures daily transactions
Data is extracted, transformed, and loaded into a data warehouse
BI tools analyze trends (e.g., peak hours, top sellers)
Data mining identifies relationships (e.g., items bought together)

Question 16

Why eCal Failed (10 marks)
The eCal project failed due to:

Answer 16

Lack of planning: No clear goals, objectives, or implementation strategy.
Poor implementation choice: No pilot testing or phased rollout.
Lack of complementary investments: Teachers were not trained, schools lacked WiFi, charging stations, and support resources.
Technology without organizational change: Devices alone cannot improve learning outcomes.

Improvements:
Conduct pilot testing
Provide teacher training
Ensure infrastructure (WiFi, support staff)
Set measurable goals and monitoring system

Question 17

The specific choice (Make or Buy) depends on factors

Answer 17

The specific choice (Make or Buy) depends on factors like resources, capabilities, corporate strategy, time pressure, prices, culture, politics, and the business environment

Question 18

1. Developing In-house (Make)

Answer 18

Organizations can develop systems internally using several methodologies:
* Traditional Development (SDLC): This is a phased, step-by-step approach used since the 1960s. It involves Identifying Problem/Opportunity, Conduct Investigation, Create Conceptual Design, Development, Testing, Implementation, and Maintenance. It is well understood but criticized as being too slow and costly.
* Agile Methods: Proposed as a solution to SDLC’s length, Agile focuses on speed not perfection. It uses small teams in an iterative process (e.g., Prototyping or Extreme programming). Many organizations use Agile for noncore systems and SDLC for critical systems, or use a hybrid methodology.
* End User Development: Users develop small, noncritical systems using simple tools like Microsoft Excel or Access.
* Open Source: Software that is shared, often free of charge, where any changes must be shared with the community (e.g., Moodle).

Question 19

2. Acquiring Systems (Buy)

Answer 19

Alternatives to internal development include:
* Licensing: Acquiring the right to use “off the shelf” software (e.g., SAP ERP systems). This is often considerably faster and much less costly than in-house development because costs are amortized. A drawback is that the system may not be an “exact” match. Licensed systems often run on the organization’s own hardware.
* Outsourcing: Transferring systems and processes entirely to an external vendor (e.g., outsourcing registration to IBM).
* Software as a Service (SaaS): A relatively new form of outsourcing reliant on high-speed networks (usually the Internet). The entire application runs on the provider’s servers (e.g., Salesforce.com), and the customer connects via a web browser. SaaS removes much of the burden of funding, running, and maintaining the IS from the client organization.

Question 20

Scenario: Organization replacing its financial system

Answer 20

Custom-built system (tailored but costly, longer implementation).
Commercial off-the-shelf (COTS) software (e.g., SAP, Oracle Financials).
Open-source solutions (lower cost, flexible, but requires in-house expertise).
Cloud-based SaaS financial systems (scalable, subscription-based).

Factors to consider:
Cost (initial + maintenance).
Scalability and future growth.
Integration with existing systems.
Vendor support and reliability.
Security and compliance requirements.
User training and change management.

Question 21

(b) Alternatives to SDLC

Answer 21

Alternatives: Agile, Rapid Application Development (RAD), Prototyping, End-user development.
Advantages: Faster delivery, flexibility, user involvement, adaptability to change.
Disadvantages: Less documentation, harder to manage large projects, risk of scope creep, potential lack of structure

Question 22

Agile methods

Answer 22

Iterative, flexible software development approaches emphasizing collaboration, adaptability, and rapid delivery.

Question 23

SDLC

Answer 23

Structured process for developing information systems: planning, analysis, design, implementation, maintenance.

Question 24

ERP Implementation Method (SAP system)

Answer 24

Options: Big Bang, Phased, Parallel, Pilot.
Recommended: Phased implementation.
Reason: Lower risk, easier troubleshooting, gradual user adaptation.
Example: Start with accounting, then HR, then manufacturing.
Avoid the Big Bang unless resources and training are very strong.

Question 25

Implementing a Supply Chain Management System

Answer 25

Considerations: Cost and budget constraints Integration with existing systems Training and change management Data migration and data quality Risk of downtime Vendor support and reliability Implementation Options: Big Bang: Entire system goes live at once Phased: Modules/locations implemented gradually Pilot: Test in one location before rollout Parallel: Old and new systems run together temporarily Recommendation: Phased implementation Lower risk Easier troubleshooting Allows gradual training Suitable for complex systems like SCM

Question 26

Information Security: Protection of information assets. Key Goals (CIA Triad):

Answer 26

Confidentiality – only authorized access. Integrity – free from unauthorized changes. Availability – accessible when needed.

Question 27

Why Systems Are Vulnerable

Answer 27

Internet – global, anonymous, insecure origins (ARPANET not designed for security). Hackers & Cyber Vandals – from bragging rights → organized crime, phishing, botnets. Computer Crime – laws now criminalize theft, destruction, denial of service. Cyberwar & Terrorism – attacks on grids, banks, telecom (e.g., Estonia 2007). Malicious Software – viruses, worms, trojans, spyware. Employees – intentional sabotage or accidental mistakes. Natural Disasters – fire, flood, hurricanes. Software Vulnerabilities – bugs, unpatched systems exploited. Business Value of Security System downtime = huge financial losses (e.g., eBay crash). Data loss can destroy companies. Compliance with laws (HIPAA, SOX, Gramm-Leach-Bliley, TT Computer Misuse Act, Data Protection Act). Avoid fines, reputational damage, cleanup costs.

Question 28

Security Policy & Risk Analysis

Answer 28

Assets to protect. Access rights. Resources needed. Responsibility assignments.

Question 29

Risk Analysis:

Answer 29

is the process of identifying, assessing, and prioritizing risks based on likelihood and impact to guide mitigation decisions. (financial, reputation) + likelihood. Strategies: contain, prevent, insure, backup.

Question 30

Security Technologies

Answer 30

Access Control – authorization (least privilege), authentication (passwords, tokens, biometrics). Firewalls – monitor & filter traffic between networks. Intrusion Detection Systems (IDS) – tripwires, alerts, auto-shutdown. Antivirus – scans memory/email, but lag in updates. Public Key Encryption (PKE) – public/private keys, ensures secure communication. Backup – essential for recovery.

Question 31

Management Challenges-Security

Answer 31

Balance between over-control (frustrating) vs under-control (vulnerable). Requires executive leadership, ongoing support, and policy enforcement.

Question 32

Scenario: Scarce resources to protect dozens of information systems.

Answer 32

Answer: Methodology: Use Risk Assessment & Prioritization. Step 1: Identify all systems (critical vs. non-critical). Step 2: Assess risks (likelihood × impact). Step 3: Rank systems by risk score. Step 4: Allocate resources to high-risk/high-impact systems first. Example: Payroll system (critical, high risk of data breach) → allocate strong firewalls, encryption, monitoring. Marketing database (less critical, low risk) → basic access controls.

Question 33

Firewall

Answer 33

Security device/software that monitors and controls incoming/outgoing network traffic based on rules, protecting systems from unauthorized access.

Question 34

Threats

Answer 34

Any potential danger to information systems, such as malware, hackers, or insider misuse.

Question 35

Tacit knowledge

Answer 35

Personal, experience-based knowledge that is difficult to codify (e.g., intuition, skills).

Question 36

Safeguards for student computers (8 Marks) Four examples:

Answer 36

Antivirus/anti-malware software → protects against malicious code. Strong passwords + multi-factor authentication → ensures confidentiality. Regular backups (cloud or external drive) → ensures availability. Firewalls + encryption → protect integrity and prevent unauthorized access.

Question 37

Security controls

Answer 37

technical, administrative, and physical safeguards that protect information systems and ensure confidentiality, integrity, and availability.

Question 38

Malware

Answer 38

Malicious software (viruses, worms, trojans) designed to disrupt, damage, or gain unauthorized access.

Question 39

Four threats to information assets:

Answer 39

Malware (viruses, worms). Phishing/social engineering. Unauthorized access/hacking. Hardware failure/data loss.

Question 40

Four controls to reduce risks:

Answer 40

Install antivirus/firewall software. Use strong passwords + multi-factor authentication. Regular backups (cloud/external). Physical security & access controls.

Question 41

ERP implementation

Answer 41

A typical ERP implementation involves planning, analyzing business processes, configuring the system, migrating data, testing, training users, going live using an appropriate strategy, and providing post‑implementation support.

Question 42

End-user development

Answer 42

allows non‑programmers to build or modify simple applications using tools that require little technical expertise.

Question 43

Expert systems

Answer 43

use AI rules and knowledge bases to mimic human expert decision‑making in specialized fields such as medicine or finance.

Question 44

Alternatives to SDLC for SCM System

Answer 44

Agile: Iterative development with continuous feedback and rapid adaptation. DevOps: Integrates development and operations to automate deployment and improve speed. Rapid Application Development (RAD): Uses prototyping and fast iterations. CI/CD: Automates testing and deployment for frequent releases. Recommendation: Agile is most suitable because a supply chain system requires flexibility, continuous stakeholder input, and the ability to adapt quickly to changing business needs.

Question 45

Allocating Limited Security Budget

Answer 45

Identify all systems and assets Identify threats Assess vulnerabilities Evaluate likelihood and impact Rank systems by risk score Allocate budget to the highest‑risk, highest‑impact systems first

Question 46

IT Infrastructure for Fast‑Food Chain

Answer 46

POS systems for fast transactions and real‑time inventory Mobile ordering and payment for convenience CRM system for personalization and loyalty programs Employee management system for scheduling and payroll Supply chain management system for inventory and delivery tracking Cybersecurity tools to protect customer and business data

Question 47

Best implementation srategy for fast food operations

Answer 47

For fast‑food operations, direct cut‑over is suitable because it minimizes confusion, reduces costs, and allows all locations to switch quickly—critical in a fast‑paced, high‑volume industry.