Theories of Management Information System - Essay Example

Management Information System Name Course Lecturer 25th April, 2012. Contents Introduction……..…………………………………………………………………………………4 3 Introduction 4 Theories of [Information] communication 5 Assumptions of the AST 7 Application of AST 7 Synchronous and Asynchronous Communication 8 Highly Complex Interactions 8 Network Theory and Analysis (NTA) 9 Laws Governing use Of IS in the UK 11 Introduction 11 Data Protection Act 11  Computer Misuse Act 12 The copyright Designs and patents Act 13 Review of Information system control 15 Change and Configuration management 15 Information system operations and maintenance 16 Information security management 17 References 20 Introduction Information resource is a wide term which consists of items such as the printed materials, information kept in electronic mode and microforms. Management of these resources revolves around managing the resources themselves, machines and technology used in manipulation and the manpower used to distribute the information. Management of information has effects on various sections of the organization (Rainer 2009, p. 100). Information system allows those taking part in strategic decision making direct access to wide range of information from all over the world. They can get ideas from the publications and other materials from the world wide website that can aid in decision making. It also enables easy retrieval of all the materials stored and offers a better way of storing them. The introduction of expert systems has enabled creative ideas to be developed and solution to problems is effectively done by these expert systems relieving the strategic leader of this functions. Information system allows easy and efficient communication with other stakeholders in and outside the organization when gathering information for decision making. This is done through the internet and the intranet. Among this effect are planning and decision making. Planning is the integral part of an organization. Effective information management helps in an organized and well structured planning process since the information will be available at the right time and in the required form. This will facilitate faster decision making and planning which in effect lead to success in the organization. On the other hand, information resources which are not which are not well organized will lead to difficult retrieval causing delays in planning (appendix figure 7). Information systems help in monitoring the performance of other resources in an organization. Considering the human resource aspect, information system avails the staff turnover rate which will indicate the management of human resource in the organization whereby corrective measures can be taken incase high rate to make sure that the organization increases its output. Managing information resources enables the implementation of the relevant protection measures to safeguard against damages this includes controlling access to organization’s records and also information retrieval techniques that will ensure continuity if business in case of risk events. An organization with good management of information resources has the ability to lay down the rules and regulation to govern the information systems including penalties for non compliance thereof (Mouge and Contractor 2003, pp 217). Theories of [Information] communication The theory is also referred to as the adaptive structuration theory (AST) an extension of Antony Giddens structuration theory (Giddens 1984, pp.56). The theory is a reflection of the making and remaking of societal systems through the society’s use of regulations and resources. The theory condemns the application of IT technocratic ally only and argues for use among all of society (Anderson and Ross 1998, pp78). The theory emphasizes that the people and organization applying Information technology form attitudes towards the role and use of IS and the way it can be applied to their work. How people perceive IS in organization vary from one group to the next (Griffin 2000, p 203). These attitudes weigh on the way Technology will be applied and hence also impact on the outcomes of its use in the organization. Assumptions of the AST The AST has two perspectives of IT application in an organization: 1) structure types that come with the advanced technologies 2) the structures that result from the application of a technology on an organization or a group (Cragan and Shields 1998, pp.128). 1. Structuration Theory focuses on organizations and group’s evolution and development. 2. AST perceives organization as systems that have observable patterns of interrelated and communicative exchanges among individuals forming structures (Giddens 1984, pp.73). 3. Systems form from activities of people building structures (set of rules and resources) 4. Systems and structures exist in a relationship where they depend on each other they create and create each other in a cycle (“Structuration process”). 5. The Structuration process is sometimes very firm, or it can experience volatility as times goes on. 6. The structuration viewpoint offers the following advantages :( a) helps one appreciate the interrelated equilibrium of the deterministic impacts and wilful choice that expose a group’s distinct identity (Desanctis and Poole 1994, pp.167) Application of AST AST can be applied to examine the dawn Information Systems (IS) and how the structures of IS diffused into a certain society, impacting them, and how the society’s structure in turn influenced the innovation of IS (Chin and Salisbury 1997, pp.230). Thus AST can be used as an appropriate model for analyzing IS in an organization (see appendix fig 9). Computer Mediated Communication (CMC) The CMC theory is used for explanation and prediction of media impact CMS theory is used to describe the process of formation, exchanging, and perception of Information using interconnected telecommunication systems that enable coding, transmittal and decoding of communication CMC covers ways used to deliver the information and the significance of the interactions of individuals enabled by the technologies (Tanis 2003, pp.51) Synchronous and Asynchronous Communication CMC defines synchronous communication as a conversation between individuals where one gets immediate response from the other party of the communication for example a telephone call, face-to-face chat (Greenbaum and Kyng 1991, pp.90). In an organization this synchronous communication is common but mostly communication where they are some delay in getting response (asynchronous) is most common ( see appendix fig. 8) Highly Complex Interactions CMC provides for complexity in the communication processes between two parties. It brings together written discourse (which has its own complexity) and the dynamism and speed of spoken dialogue. Spoken communication on a telephone line provides parties in the communication with unlimited options for interfacing and feedback (Mouge and Contractor 2003, pp.41). On the other hand “electronic page turning” limits user to interact in a constrained number of ways. CMC views online communication as only constrained by a how creative a user is, their imagination, and the involvement levels of participating parties. Therefore CMC provides a lithe and richer way of computer interaction (Wieringa 1998) As seen figure 2 above the CMC theory assists in the transfer of knowledge in an organization. Information systems enable people to pass information around more easily. When communication is optimum in an organization the knowledge is readily available for acquisition by individuals. When this knowledge is understood in-depth and applied to the organization then it can be passed onwards in a richer form. Knowledge transferred to an organization its enables shifts in the way the organization works. An organization interaction with CMC leads organizations to accept new norms other the ones established in that society, they also increase the number of regions they can extend their work to. An organization interaction with CMCs enables organization to extend their working hours to a 24 hour format. Network Theory and Analysis (NTA) This is a theory that seeks to explain how relationships influence people in an organization (Knoke and Kublinski 1982, pp 467). Core assumptions: NTA or Social Network Theory looks into how the societal structure of relationship around a person, grouped individuals and organizations or organization that impact “beliefs or behaviors’. Underlying pressure is intrinsic in social structure. NTA is a combination of methods for sensing and quantifying the pressure. The maxim of each network approach is that certainty should be principally visualized and probed from a perspective of the relationship between units instead of dwelling on the characteristics of the units themselves (Rice and Gattiker. 2001 pp. 12). NTA is a relational model. In information Systems units refer to social units; persons, groups/organization and societies (see appendix fig. 10) . A communication network is said to comprise of intertwined individuals who are tied together by communication flow patterns. A CNA analyzes the interpersonal association resulting from the sharing of information in the interpersonal structure. By focusing on linkages between people instead of the people themselves, NTA is able to map the feelings of people to an organizations IS, it reveals the new and unofficial communication patterns in an organization. NTA can explain the position of employees in an organization’s IS that impacts their contact with and their power over information. Network theory and analysis enables its user while analyzing an information system to establish the official and none official uses of the IS. From its analysis one can identify Cliques within an organization. Network analyses techniques can be used to determine how effective discourse flows of an organizations IS are (Mouge and Contractor 2003, pp 217). The Shannon-Weaver Model (1949) The Shannon-Weaver model is characteristic of what it is referred to as transmission models of communication. You will noticed that some immediate methods of communication than face-to-face interaction, e.g. using the radio, newspapers or the telephone. In these cases, technology is introduced. When, for instance, the telephone is used, you speak, the phone turns the sound waves into electrical impulses and those electrical impulses are turned back into sound waves by the phone at the other end of the line. Shannon and Weaver's mathematical model of communication is widely accepted as one of the main seeds out of which communication studies have grown. Their work developed during the Second World War in the Bell Telephone laboratories in the US; their main concern was to work out a way in which the channels of communication could be used most efficiently (Mouge and Contractor 2003, pp 217). Laws Governing use Of IS in the UK Introduction The UK government has implemented various laws so as to govern the use of systems. Laws governing the use of information systems in the UK have been there for a long time and it dates back in late 1970s, in regard to that the laws ought to be constantly changed or altered so as to be able to be at par with the pace of innovation in that industry. Based on this it is evident that there exist a wide range of legal aspects that surrounds the use of information system. According to Adamski based on how one deals with available data and information it really determines how individuals functions based on the emphasis of been placed on freedom of information. Legal issues therefore play a vital role in regard to Information Systems and also in understanding the correlation that exists between the law and the information systems (Adamski 2007, p. 15). The major laws governing the use of information systems in the UK includes laws such as the data protection law, computer misuse act, copyright designs and patent act and the health and safety act. Data Protection Act The data protection act of 1998 is an act of parliament in the United Kingdom which rule in regard to the processing of information on exclusive individuals. In regard to this act, data obtained ought to be used for the sole purpose for which it was obtained for, also the data obtained will be adequate, applicable and not disproportionate to the purpose for which it is processed. All the personal data will be accurate and will require constant updating. Based on the act organizations need to put measures in place so as to ensure that there is no unauthorized access or unlawful processing of the data that they have and the information should be guarded from loss, damage as well as destruction. Also based on the act personal data will not be transferred to another territory outside the European economic areas and in instances when the personal data and information is transferred the territory must prove to have they have an sufficient level of protection for the personal data as well as for the rights and freedom of information in regard to the processing of the personal data. One of the recent enforcement of this act is the in regard to the ruling made by the ICO. The ICO offered a third as well as a fourth monetary punishment for stern infringement of the Data Protection Act to both Ealing Council and Hounslow Council.  Computer Misuse Act The law was implemented in the year 1990 and have three sections introduces certain criminal offences that were punishable by the law. One of them was in regard to unauthorized access to computer information; in regard to this one was jailed for six months or fine not over and above level 5 based on the standard scale. The other act that was punishable involved the unauthorized access of information with an intention of facilitating or committing other offences. This section covers aspects such as an attempt to use computer content to blackmail others, this seems to be a serious offence as compared to the others as and one is jailed for 5 years and have unlimited fine. Also based on the act it was illegal for one to make unauthorized changes as well as modifications of computer information (Perera 2008). This section of the act covers aspects such as the distribution of a virus or a spiteful deletion of files in the computer and some direct actions such as the alteration of accounts in the system so as to gain access to fraudulent credit. The most recent enforcement of this act is that of Simon Vallor. Simon was charged with the creation as well as the distribution of worms Admirer, Gokar and Redesi and it was an offence under section 3 of the Computer Misuse Act. He was imprisoned for two years (The register 2003) The copyright Designs and patents Act The copyright Designs and patents Act 1988 is one of the laws that govern the Use of Information users on the internet in the UK. It is aimed at ensuring that literary work, photographic art, artistic work, engravements, acted performances and musical work is not duplicated (ICT web.org 2011). In the use of IS the Act makes the duplication of software or use of non-original software a crime. However under this Law copyrights are temporary and can be transferred after a period of 70 years after the original owner’s death. The period for copyright materials for software is however shorter spanning only 50 years. The Act is very useful in controlling the usage of IS resources as it forces people to be more responsible while using information systems as they can be convicted on secondary offences. Secondary offences include bringing into the UK copies that violate the copyright Act, holding or trading with copies that violate the copyright act, consenting to the use of premises for purposes that infringe on performances and finally for provision of tools that enable others to infringe performances. Criminal offences under the Act include reproducing copies of copyrighted material with intention of gaining commercially by distributing or leasing them out, importation of illegal copies intended for commercial use, presenting for resale or hire, public exhibition of copies that infringe on copyright, presentation of work publically without consent from the copyright holders, distribution of large volumes of illegal copies of copyrighted work. In a Magistrates court a person found guilty of infringing on copyright by distributing unauthorised copies can be fined up to €5,000 and/or incarcerated for six months. A conviction from the Crown court is more severe with the fine unlimited and up to 10 years in prison. Recent enforcements David Hoffman v Drug Abuse Resistance Education (UK) Limited [2012] EWPCC 2) case before the Patents county Court the defendant was found guilty of copyright infringement for usage of the photographer’s pictures on their site illegally. The undisputed principle in this case was that 1) the defendant had used the pictures 2) the photographs were under copyright protection. However the defendant urged since the pictures was sourced from a government site they were under crown copyright (Rogers 1986, pp 84). Furthermore the defendant also urged that at he had not been aware that posting those pictures on their website would result in infringing on the rights of other individuals. The court rejected the two grounds that the defense had urged saying that the copyright for the pictures belonged to the plaintiff and it was not crown copyright. The court further stated that because the photos were accessed and copied by a third party does not make the defendant any lesser responsible for the usage of the photos on their website. The defendant was found guilty and required to pay the plaintiff damages resulting from infringing on his copyrighted photographs (Sloan Plumb Wood 2012) The judgment in this case reminds businesses to be cautious and consider carefully before they can publish any materials on the internet for their own benefit. A third party designer of a website that has copyright infringed materials does not make a defendant innocent of an infringement offence. Review of Information system control In reviewing IS control there are certain aspects that needs to be considered this includes: change and configuration management, information system operations and maintenance and information security management. Each of the three aspects will be reviewed separately staring with the change and configuration management followed by information system operations and maintenance and lastly information security management. Change and Configuration management Most information system goes through various changes at various stages within its lifetime. Most system changes are carried out by maintenance personnel in an organization who are not members of the team who developed the system and hence they are not always familiar with the system design (Buckland 1991, p.30). The modern day equipments have some complexity in that when a change occurs in one component there may be unexpected consequences in other components. Therefore changes in information system ought to be carried out very carefully this can be done by the adoption of systematic change management approaches. Changes to IS should be carried out based on the documented change management procedures and request of change need to be documented, certified and recorded. Upon approval of change the requests must be evaluated to come up with any significant risks that may hinder the correct operating of the changed system. All changes that may occur to a system need to be appropriately authorized (Wilson 2006, p. 665). In change management there need to be a clear definition of the roles to be performed and the authorized change need to be managed upon completion. All emergency changes made to the system should be accordance with the usual change management requirements and the effected changes should start to operate immediately. Though closely linked to the concept of change management the two terms seems to be different though at times a change manager in an organization performs the role of a configuration manager ( see appendix fig 4). Configuration management tackles all aspects that are contained in the information system such item include: software’s installed in the computer, system documentation, computer hardware as well as data communication equipment and circuits (UK Academy for Information Systems 1999, p. 5). Configuration management mainly involves various roles they include: identification, status accounting, control and verification. Change in a system ought to be managed so as to avoid various risks such as: system malfunction, unreliability, deliberate system misuse, system failure and business continuity failure (Rainer 2009, p. 100). Configuration management data ought to be adequately and accurately described so as to give the live as well as the status history of the configuration this will assist a lot in ensuring that the changes in a system are monitored. Information system operations and maintenance All computer operations ought to be performed proficiently and those roles that seem to be incompatible should be distinguished from based on the extent of practicability required. The management team should aim at ensuring that all system operations are authorized to conduct the core business needs. Also based on the operations and maintenance of IS all data inputs ought to be valid, accurate as well as complete. The financial stationery ought to be stores in a secure place and a person who wants to use it should account for it. The outputs derived after input and processing should be precise, complete and it should be distributed to the intended recipients only. In case an individual wants to use the system backs he should account for its use and the backups ought to be readable. IS should provide services that are consistent with the core business needs of the organization (Sacca 2009, p. 40). Based on the operation and maintenance of all information systems there ought to be a central point for resolving, reporting and recording incidents as well as operational failure that may occur in the system. Since most data in information system are stored in multiple user databases, there ought to be reliability as well as availability of the data when required. Information security management Corporate data, networks as well as computer system seems to be important aspects of a business. These three aspects of security are vital in enabling the effective functioning of almost all departments in an organization. In essence information security encompasses all those controls that are put in place to make certain business continuity and diminish the impact of the risks to be business if they occur (Currie 1999, p. 45). Information security management aims at ensuring the confidentiality, integrity, availability and no repudiation of information. Failure of one of aims of the information security management can have an adverse effect on the other aims (see appendix fig 2). An organization information security policy is the main building block in creating a valuable information security management. The policy ought to be addressed and made available to all those who are tasked with the duties of information security. All operations that are contained in the system ought to be auditable. Information system controls ought to be auditable and they should also be developed in such a way that they are apposite to the type as well as the risk that it should manage (see appendix fig 7). Security within information systems ought to be given based on the whether an employee is on contract basis or permanent, the type of job one performs and the security measures should be addressed upon recruitment as well as during firing. Therefore security measures of all information system ought to be addressed at all stages even during the employment period of an employee. All ICT facilities ought to be based in secure areas within the organization so as to enhance their security. In addition to been placed in a secure place all ICT facilities should be guarded against environmental risks such as fire. The management team ought to implement measures to prevent as well as detect when new softwares have been introduced to the system. Access to computer as well as data stored in the computer ought to be controlled and they should only be used to perform the core business activities only. So as to enhance security there ought to be business continuity plans in place so as to guard the core business processes within the organization from interference failures as well as natural disasters. Information security in an organization ought to be reviewed on a regular basis so as to ensure that there is compliance and effectiveness (Pollack 2006, p. 70). Conclusion Integrated system brings together all the components of the subsystem into one unit which can be managed from one location. This is where organization will be able to use the same data model. Implementation of this system allows easier monitoring since all the subsystems will be integrated in the sense that data entry in one component will be reflected throughout the whole system, this would curb wrong data input by those who want to defraud the organization (Mouge and Contractor 2003, pp 217). The system would enhance faster service delivery since the whole system is interlinked which allows fast retrieval of information .in addition adoption of the system reduces greatly the cost of administration in terms of staff for monitoring the system and facilities used. The driving force to the need of this system is the increasing amount of data that needs to be accommodated and processed. It is required to contain all the information about the students and staff and all the details of each category (Anderson and Ross 1998, pp78). This will eliminate the need to consult other departments since data will be easily available from one location ensuring faster delivery of services and eventually end user satisfaction. There is also need to eliminate errors that are associated with the current system. An integrated system ensures that minimal errors are made since this will be reflected throughout the system and can be easily detected (Mouge and Contractor 2003, pp 217). References A. Giddens 1984, The constitution of society: outline of the theory of structuration. University of, Berkeley, CA: California Press Adamski, A., 2007, Information Management: Legal and Security Issues, pp.1-17 Anderson, R. & Ross, V. 1998, Questions of Communication: A practical introduction to theory (2nd ed.). New York: St. Martin’s Press. Buckland, M., 1991, Information and Information Systems, London: Greenwood Publishing Caroll J.M. 1999, Scenario-based Design: Envisioning Work and Technology in System Development, NY: Wiley. Chin, A. W. & Salisbury, G. 1997, Advancing the theory of Adaptive Structuration: the development of a scale to measure faithfulness of Appropriation. Information Systems Research Volume 8, pp. 342-367. Cragan, J. F., & Shields, D.C. 1998, Understanding communication theory: The communicative forces for human action, Boston, MA: Allyn & Bacon, pp. 229-230. Currie, W., 1999, rethinking Management Information Systems. Oxford: Oxford University Press. Desanctis, G. & Poole, M. S. 1994. Capturing the Complexity in Advanced Technology Use: Adaptive Structuration Theory. Organization Science. Volume 5, pp. 121-147 Fulk, J. & Collins-Jarvis, L. 2001, Wired meetings: Technological mediation of organizational gatherings. In L.L. Putnam & F.M. Jablins (Eds.), New handbook of organizational communication (2nd ed., pp 624-703). Newbury Park, CA: Sage. Greenbaum J. and Kyng M., 1991, Design at Work: Cooperative Design of Computer Systems, Hillsdale, N.J: Lawrence Erlbaum Associates. Griffin, E. 2000, A first look at communication theory (4th ed.). Boston, MA: McGraw-Hill, pp. 209-210. ICT web.org 2011, Information Communication Technology - Unit 4 Legislation, 20th April 2012, http://www.spw-law.co.uk/blog-posts/copyright-in-photographs-new-case-law.html Knoke, D. & Kublinski, J.H. 1982, Network Analysis, Beverley Hills: Sage Publications Maznevski, M. L. & Chudoba, K. M. 2000, Bridging Space Over Time: Global Virtual Team Dynamics and Effectiveness, Organization Science. 11, 473-492 Mouge, P. & Contractor, N. 2003, Theories of Communication Networks, Cambridge: Oxford University Press. Perera, D 2008, The computer misuse act (UK) 1990. Available at Pollack, T., 2006, Ethical and Legal Issues for the Information Systems Professional. Proceedings of the 2006 ASCUE Conference, pp.172-180 Rainer, K., 2009, Introduction to Information Systems: Enabling and Transforming Business. London: Wiley Publishing Rice, R.E. & Gattiker, U.E. 2001, New media and organizational structuring. In F.M. Jablin & L.L. Putnam (Eds), The new handbook of organizational communication (pp. 544-581). Thousand Oaks, CA: Sage. Rogers, E. M. 1986, Communication Technology: The New Media in Society. New York: Free Press. Rogers, E.M. & Kincaid, D.L. 1981, Communication Networks: Toward a New Paradigm for Research. New York: Free Press. Sacca, D., 2009, Information Systems: People, Organizations, Institutions and Technologies. New York: Springer Publishing Sloan Plumb Wood 2012, Patents County Court gives non-binding opinion, 20th April 2012, http://www.spw-law.co.uk/blog-archive.html?month=201203 Tanis, M. 2003, Cues to Identity in CMC. The impact on Person Perception and Subsequent Interaction Outcomes. Thesis University of Amsterdam. Enschede: Print Partners Ipskamp. The register 2003, Welsh virus writer Vallor jailed for two years Not a nerd, a criminal, says judge. Available at UK Academy for Information Systems, 1999, The Definition of Information Systems, pp.1-6 Wieringa, P. R 1998, Subsystem Design Guidelines for Extensible General-Purpose Software. 3rd International Software Architecture Workshop (ISAW3); Orlando, Florida, pp. 49-52. Wilson, T., 2006, On User Studies and Information Needs. Journal of Documentation 62 (6), pp.658-670 Appendix Figure 1: The two-stream enquiry process of SSM (Source: Checkland & Scholes 1990 p.29) Figure 2: Rich picture of the problem scenario Figure 3: AFWA problematique utwente.nl/cw/theorieenoverzicht/Theory Clusters/Communication and Information Technology/Computer-Mediated Communication (CMC).doc/ Figure 4: The conceptual model for S1 based on RD1 Figure 5: Secondary level system: Understanding the organizational context Figure 6: Secondary level system: Developing IS strategies Figure 7: Secondary level system: Planning relevant computerized information and human activity systems http://www.spw-law.co.uk/blog-posts/copyright-in-photographs-new-case-law.html Figure 8: Role of IS in organization: The CMC perspective Source: http://www.utwente.nl/cw/theorieenoverzicht/Theory%20Clusters/Communication%20and%20Information%20Technology/Computer-Mediated%20Communication%20%28CMC%29.doc/ Figure 9: Illustration of use of AST theory as a tool of analyzing IS Source: http://www.utwente.nl/cw/theorieenoverzicht/Theory%20Clusters/Communication%20and%20Information%20Technology/Computer-Mediated%20Communication%20%28CMC%29.doc/ Figure 10: Conceptual Model (of a network society) Source: http://www.utwente.nl/cw/theorieenoverzicht/Theory%20Clusters/Communication%20and%20Information%20Technology/Computer-Mediated%20Communication%20%28CMC%29.doc/ Statements: Read More