Paper 2.

1
Information Systems

PART 2

MONDAY 2 JUNE 2003

QUESTION PAPER

Time allowed 3 hours

This paper is divided into two sections

Section A ALL THREE questions are compulsory and MUST

be answered

Section B TWO questions ONLY to be answered

Section A – ALL THREE questions are compulsory and MUST be attempted
The following information should be used in answering questions 1, 2 and 3
Scenario
In the late 1990s, Celia Berrington bought a number of specialised insurance companies divested from major financial
groups. By introducing new working practices and products, she successfully turned the Berrington Insurance Group into
a major world-wide niche insurance group, that by the end of 2002 had 30 companies in 18 countries.
The growth of the Group has begun to slow down and institutional investors are concerned about the Group’s structure
and performance. In an attempt to improve margins and regain the confidence of investors, Celia Berrington asked the
consultants Arthur Brown to undertake a Corporate Appraisal of the Group. Part of this appraisal included a review of
Information Systems (IS) and Information Technology (IT). The relevant paragraphs of the Management Summary in the
Corporate Appraisal document are summarised below.

Problem
Software fragmentation
Hardware fragmentation
Lack of information
Technical competency problems
Security problems
Description
Each company in the Group has developed its own bespoke software solutions
for important applications such as Claims Handling and Policy Administration.
In some instances, where it has failed to replace the original system completely,
a company uses two systems.
Many different hardware platforms are used throughout the Group. Several
proprietary and non-proprietary Operating Systems are also in use.
Incompatibility of information systems means that little accurate Group-wide
information is available on customers, products, policies and claims. Where
Group-wide information is available, specially written programs have to access
many different systems to compile it. Differences in the definition of terms,
make the accuracy of this data questionable.
In some of the companies in the Group, employees are competent in Windows
skills and confidently use a PC. In other companies, employees only have
limited access to character-based dumb terminals.
Poor levels of physical and logical security were noted at many sites.

As a response to the Corporate Appraisal, Celia Berrington has decided to replace the Claims Handling and Policy
Administration systems in the companies of the Group. She has decided that the replacement software should be an
off-the-shelf software package and it should be implemented at every company across the Group. She has also decided
that it should have a Graphical User Interface (GUI). ‘I want it to be good and look good’, she said at the project initiation
meeting. ‘We need to move quickly. I want to buy a package that looks and feels up-to-date. It will also come with high
quality documentation and effective training and I see these as key issues in successful implementation. The
standardisation of these systems will bring many important benefits’.
She has defined five key elements in the process of selecting and implementing the software package.
1. Decide what we want. We must be clear what we want the system to do.
2. Find out who supplies what we want.
3. Ask these potential suppliers to bid for the contract.
4. Select the most appropriate solution.
5. Purchase and implement the most appropriate solution.
She is also very concerned about the security issues identified in the Corporate Appraisal. Four recent incidents show the
scope of the problem. These are listed below:

2
Incident Date Description
1 12/01/2002 Anti-globalisation group, inflamed by remarks attributed to Celia Berrington, storms the
Washington office and wrecks the reception area and two administration offices before
being ejected by police.
2 15/06/2002 Aggrieved catering worker at the London office accesses the computer room and pours
tea over the processing unit, causing thousands of pounds worth of damage.
3 17/07/2002 IT contractor at the Singapore office enters fake insurance claims, leading to the
authorization of payment of 200,000 dollars into a private bank account.
4 19/09/2002 Hacker deletes customer and employee records at the Amsterdam Information Systems
site.

3 [P.T.O.
1 Celia Berrington claims that ‘the standardization of these systems will bring many important benefits’.

(a) Briefly discuss THREE benefits to the Group of implementing a standardized Claims Handling and Policy
Administration solution across the whole Group. (6 marks)

(b) Briefly describe THREE categories of costs (excluding the cost of purchasing the software package) to the
Group of implementing a standardized Claims Handling and Policy Administration solution across the whole
Group. Actual values are not required.
(6 marks)

(c) Explain how the costs and benefits could be formally compared to determine the economic feasibility of the
Claims Handling and Policy Administration project. (4 marks)

(d) Discuss the practical problems of undertaking a cost-benefit analysis of the Claims Handling and Policy
Administration project, with particular reference to the costs and benefits you have identified earlier in this
question. (4 marks)

(20 marks)

2 The Group has already decided that it will implement a software package for its Claims Handling and Policy
Administration system. Celia Berrington has described the process of software procurement in ‘common-sense’ terms
as follows.
(1) Decide what we want. We must be clear what we want the system to do.
(2) Find out who supplies what we want.
(3) Ask these potential suppliers to bid for the contract.
(4) Select the most appropriate solution.
(5) Purchase and implement the most appropriate solution.

(a) Based on this ‘common-sense’ framework describe a rigorous five-stage process for software package
selection, describing the key activities within each stage. (15 marks)

(b) (i) Briefly describe ONE risk of adopting the software package approach to systems development;
(2 marks)
(ii) Briefly describe TWO ways of reducing the impact or effect of this risk. (3 marks)

(20 marks)

4
3 (a) Celia Berrington is very concerned about the security of the software and the information system sites, particularly
since the incidents described in the scenario.

(i) Describe what measures might be taken to assist in the security of the physical sites (for example, with
reference to incident 1); (4 marks)
(ii) Describe what measures might be taken within a site to reduce the chance of unauthorized personnel
being able to access the computer equipment (for example, with reference to incident 2); (4 marks)
(iii) Describe what measures might be taken to reduce unauthorized access to the software applications (for
example, with reference to incidents 3 and 4). (4 marks)

(b) High quality documentation and effective training have been defined as key advantages of the software package
approach.

(i) Describe what documentation you would expect from the software supplier and discuss what constitutes
high quality documentation; (4 marks)
(ii) Briefly describe how the companies in the Group could deliver the ‘effective training’ assumed by Celia
Berrington. (4 marks)

(20 marks)

5 [P.T.O.
Section B – TWO questions ONLY to be attempted

4 The objectives of a project have been agreed in a Project Initiation Document. The project manager has now been
asked by the sponsor to provide a project plan for the project.

(a) Describe the process the project manager will follow to define a project plan. (8 marks)

(b) The project plan will define the critical path of the project.
(i) Briefly explain the meaning and principle of the critical path; (3 marks)
(ii) Briefly explain why it is important for the project manager to be aware of what deliverables are on the
critical path. (3 marks)

(c) Briefly describe THREE features of project management software that will assist the project manager in
planning and monitoring the project. (6 marks)

(20 marks)

5 (a) Explain the distinction between external and internal design. (4 marks)

(b) Briefly explain each of the following characteristics and explain how each assists in making an external
design ‘user-friendly’.
(i) Consistency; (3 marks)
(ii) Adherence to Industry Standards; (3 marks)
(iii) Context sensitive HELP. (3 marks)

(c) A popular way of defining the external design is to build and review prototypes in a facilitated user workshop.

(i) Explain why prototyping is a particularly effective way of defining an external design; (4 marks)
(ii) Briefly explain the meaning and conduct of a facilitated user workshop. (3 marks)

(20 marks)

6
6 (a) Quality assurance and testing are important activities in the development and delivery of a computer system.
Underpinning these activities is an expectation of what constitutes ‘quality’ in a computer software product.

Briefly describe THREE characteristics of quality which you would expect to find in a software product.
(6 marks)

(b) Quality assurance and testing are explicitly considered in the V model.

(i) Describe (with the aid of a diagram), the V model. (5 marks)

(ii) Explain how the V model assists in the quality assurance and testing of a software product.
(3 marks)

(c) Performance (load, stress, volume) testing is usually an important stage in a test methodology.

(i) Explain the purpose and importance of performance (load, stress, volume) testing. (4 marks)
(ii) Briefly explain the contribution and significance of automated testing tools to this stage of testing.
(2 marks)

(20 marks)

End of Question Paper