St.

PETER’SENGINEERINGCOLLEGE
(UGC-Autonomous)
Affiliated to JNTUH, Approved by AICTE, Accredited by NBA &NAAC with “A” Grade
Maisammaguda Village, Dhulapally , Opp.to T.S. Forest Academy, Hyderabad-500100

Department of
Computer Science and Engineering

LECTURENOTES

ON
Management Information
System
EE832OE
IV / II

Prepared by
Mrs. Ch.Sandhya
B.Tech., M.Tech.,

Asst.Professor
 CONTENTS
S.N Topic as per lesson Plan Page No.
o
1 Unit-I Nolan Stage Hypothesis
2 IS Strategic Grid
3 Wards Model
4 Earl’s Multiple Methodology
5 Critical Success Factors
6 Soft Systems Methodology
7 Socio-Technical Systems Approach (Mumford)
8 System Develop Life Cycle
9 Prototype and End User Computing
10 Application Packages
11 Outsourcing
12 Deciding Combination of Methods
13 Types of Information Systems
14 Unit-II
IS Security, Control and Audit
15 System Vulnerability and Abuse
16 business value of security and control
17 Need for Security
18 Methods of minimizing risks IS Audit
19 ensuring system quality.
20 Unit-III Introduction to ERP
21 Overview of ERP
22 MRP
23 MRPII and Evolution of ERP
24 Integrated Management Systems
25 Reasons for the growth of ERP
26 Business Modeling
27 Integrated Data Model
28 Foundations of IS in Business
29 Obstacles of applying IT
30 ERP Market
31 ERP Modules
32 Finance
33 Accounting Systems
34 Manufacturing and Production Systems
35 Sales and Distribution Systems
36 Human Resource Systems
37 Plant Maintenance System
38 Materials Management System
39 Quality Management System
40 ERP System Options and Selection
41 ERP proposal Evaluation
42 Unit-IV Benefits of ERP
43 Reduction of Lead Time
44 On-Time Shipment
45 Reduction in Cycle Time
46 Improved Resource Utilisation
47 Better Customer Satisfaction
48 Improved Supplier Performance
49 Increased Flexibility, Reduced Quality Costs
50 Improved Information Accuracy and Design Making
Capabilities
51 Unit-V ERP Implementation and Maintenance
52 Implementation Strategy Options
53 Features of Successful ERP Implementation
54 Strategies to Attain Success
55 User Training
56 Maintaining ERP & IS
 Unit -1 : Introduction to IS Models

Models
•Model
–A model is a simplified, abstract representation of some real world system.
•Physical model:
–A model that can be constructed cheaply that looks like the original system.(building)
•Process model:
–Used to display business processes.(DFDs)
•Business modeling:
–The models of a business or business processes built to help managers make decisions.
•Uses: understand, optimization, simulation

ISM
Information System model is a conceptual framework that views Information System as a System that uses the
resources of hardware(machines & media) , software(programs & procedures), people(users & specialists) &
networks(communications media & network support) to perform input, processing, output, storage & control
activities that transform data resources(databases & knowledge bases) into information products.

Nolan stage Hypothesis

• 6 stages
1. Initiation
2. Contagion
3. Control
4. Integration
5. Data Administration
6. Maturity

Nolan’s six stages of Data Processing

Nolan’s Six-stage Model

4
Nolan (1979) indicated that there are six stages in the information system evolutionary process.
It is an improvement over the four-stage model. The stages
are:

1. 1.Initiation- in which the organization has an operational focus and tries to get operational
efficiency and thereby limited value from the information systems.
2. Contagion-in which the organization moves towards online systems after having tasted
success in the initiation stage. More users are added.
3. Control-in which the management exercises control and makes a cost-benefit type of
assessment.
4. Integration-in which the organization moves away from an ad hoc isolated solutions based on
information system to a service based information system. This is the stage when the
organization transitions from a data processing outlook about information systems to more
holistic information-based decision-making approach towards information systems. A more
comprehensive approach towards information systems results in changes in the
organization’s behavior towards information systems and initiates a new appreciation for data
and information.
5. Data administration-in which the organization begins to appreciate the value of information
and makes efforts to centralize the data management to take advantage of the benefits of
information based decision-making.
6. Maturity-in which the organization creates synergies in its corporate objectives and
information systems planning so that the two can work in a synchronized manner.

IS Strategic Grid

Strategic grid is a contingency approach that can be used to determine the strategic relevance of IT/IS to
the organization (Jiang & Klein, 1999). This grid is based on the current and future impact of IT/IS.
The axes of the IT strategic grid portray the current (shown as the Y-axis) and future (X-axis) strategic
importance of information systems activities to a firm. As shown in the figure, four quadrants are
identified as "Strategic", "Turnaround", "Factory" and "Support" (McFarlan et al., 1983; Nolan &
McFarlan, 2005).

Strategic organizations, where planned IT applications are critical for future success and IT
activities are critical to existing operations.

5
Turnaround organizations, which are not totally dependent on current IT to function but new IT
methods, essential for reaching organizational objectives, have been developed.

Factory organizations, which are dependent on IT for their day-to-day operations but will not gain
significant advantage from further development.

Support organizations, which are neither highly dependent on IT nor will be improved by them in
the future.

The four IT/IS environments defined by the IT strategic grid framework suggest that each environment
does require a different IT/IS management approach. IT/IS is of great strategic importance in some
organizations, while it has minimal importance in others. Therefore, it is inappropriate to expect both
types of organizations to place the same amount of emphasis on IT cost-cutting activities.

Earl’s multiple methodology

Earl wisely opts for a multiple methodology (figure 1) approach to IS strategy formulation.
This again helps us understand the aim of relating IT investments more closely with
the strategic aims and directions of the organisation and its key needs.

One element here is a top-down approach. Thus a critical success factor analysis might be
used to establish key business objectives, decompose these into critical success factors, then
establish the IS needs that will drive these CSFs.

A bottom-up evaluation would start with an evaluation of current systems. This may reveal
gaps in the coverage by systems, for example in the marketing function or in terms of
degree of integration of systems across functions. Evaluation may also find gaps in the
technical quality of systems and their business value. This permits decisions on renewing,
removing, maintaining or enhancing current systems.

The final leg of Earl's multiple methodology is inside-out innovation. The purpose here is to
identify opportunities afforded by IT that may yield competitive advantage or create new
strategic options. The purpose of the whole threefolded methodology is, through an internal
and external analysis of needs and opportunities, to relate the development of IS
applications to business and organisational need and strategy.

6
 Critical Success Factors

Identifying What Really Matters for Success

Sometimes it can be hard to get everyone in your team to focus on what really
matters. That's where Critical Success Factors (CSFs) can help.

Identifying Critical Success Factors enable you to track and measure your progress
toward achieving strategic goals - and, ultimately, to fulfilling your organization's
mission.

They also provide a common point of reference so that everyone knows exactly
what's most important, ensuring that tasks and projects are aligned across teams
and departments.
CSFs and Management Information

The concept of CSFs (also known as Key Results Areas, or KRAs) was first
developed by D. Ronald Daniel, in his article "Management Information Crisis"
(Harvard Business Review, September-October 1961). John F. Rockart, of MIT's
Sloan School of Management, built on and popularized the idea almost two
decades later.

Rockart defined CSFs as: "The limited number of areas in which results, if they are
satisfactory, will ensure successful competitive performance for the organization.
They are the few key areas where things must go right for the business to flourish.
If results in these areas are not adequate, the organization's efforts for the period
will be less than desired."

Rockart also concluded that CSFs are "areas of activity that should receive constant
and careful attention from management."

Four Types of CSFs

Rockart identified four main types of CSFs. Each of the CSFs that you establish in
your organization will likely fall into, and have been defined by, one of these groups.

1. Industry factors result from the specific characteristics of your industry. These are
the things that you must do to remain competitive within your sector. For example,
a tech start-up might identify innovation as a CSF.

2. Environmental factors result from macro-environmental influences on your

organization: the business climate, the economy, your competitors, and
technological advancements, for example.

3. Strategic factors result from the specific competitive strategy that your organization
follows. This could include the way your organization chooses to position and

7
 market itself, and whether it's a high-volume, low-cost producer, or a low-volume,
high-cost one.

4. Temporal factors result from the organization's internal changes and growth and are
usually short-lived. Specific barriers, challenges, directions, and influences will
determine these CSFs. For example, a rapidly expanding business might have a
CSF of increasing its international sales.

CSFs, KPIs and Strategic Goals

Critical Success Factors are derived from your organization's mission and strategic
goals. CSFs "drill down" into these objectives to get to the heart of what you need
to achieve, and how you will achieve it.

Once you've identified your CSFs, you can also develop Key Performance
Indicators (KPIs). KPIs are the specific, measurable criteria that managers use to
assess performance. They provide the data that enable organizations to decide
whether CSFs have been met, and if goals have been achieved.

KPIs are typically more detailed and quantitative than CSFs. For example, the CSF
"Substantially increase sales volume in Asian markets" could generate the KPI
"Increase sales revenue in Asian markets by 12 percent against previous year, by
year end."

Six Steps to Identify and Develop CSFs

To identify and develop CSFs for your organization, follow these six steps:

1. Establish your organization's mission and strategic goals .

2. For each strategic goal, ask, "Success in what area of business or project activity is
essential to achieve this goal?" The answers to the question are your potential (or
"candidate") CSFs.

3. Evaluate your list of candidate CSFs to identify the ones that are truly essential for
achieving your goals – these are your Critical Success Factors. As you identify and
evaluate candidate CSFs, you may uncover some new strategic objectives, or
refine existing ones. So, you may need to redefine your goals and CSFs as you go
along.

4. Work out how you will monitor and measure each of your CSFs.

5. Clearly communicate your CSFs to those responsible for delivering them and to
rest of the business.

6. Continually monitor and reassess your CSFs to make sure that you stay on track
toward your goals. Although CSFs can be less tangible than measurable targets or
KPIs, monitor each one as specifically as possible.

8
To identify and use CSFs, follow these six steps:
1. Establish your organization's mission and goals.
2. Identify your "candidate" CSFs.
3. Evaluate each candidate CSF to determine which ones are the most important –
these are your Critical Success Factors.
4. Work out how you will assess the progress of each of your CSFs.
5. Clearly communicate your CSFs to those responsible for delivering them and to
the wider organization.
6. Monitor your CSFs to make sure that you stay on target.

Soft Systems Methodology (SSM)

Understanding Very Complex Issues

Some problem solving tools can oversimplify the world when, in reality, it can be
complex and messy.

In cases where many different factors contribute to an issue, and there are lots of
different perspectives to consider, it can be difficult to tell where the root of the
problem really lies. All this confusion can make finding a solution seem impossible.
What you need is a problem solving approach that gives you a clear view of what's
involved, so that you can focus on what you can do to improve the situation. In
situations like this, Soft Systems Methodology (SSM) might be just what you need.
How SSM Was Developed

Soft Systems Methodology grew out of general systems theory, which views
everything in the world as part of an open, dynamic, and interconnected system.
The various parts of this system interact with one another, often in a nonlinear way,
to produce a result.

According to general systems theory, organizations consist of complex, dynamic,

goal-oriented processes – and all of these work together, in a coordinated way, to
produce a particular result. For example, if a company's strategy is to maximize
profits by bringing new products to market quickly, then the systems within the
company must all work together to achieve this goal.

When something goes wrong within the system, or any of its subsystems, you must
analyze the individual parts to discover a solution. In hard sciences, you can do this
in a very controlled, analytical way. However, when you add human or "soft"

9
elements – like social interaction, corporate politics, and individual perspectives –
it's a much more difficult process.

That's why Peter Checkland, a management scientist and systems professor,

applied the science of systems to the process of solving messy and confusing
management problems. The result was Soft Systems Methodology – a way to
explore complex situations with different stakeholders; numerous goals; different
viewpoints and assumptions; and complicated interactions and relationships.

“Soft Systems Methodology (SSM) is a cyclic learning system which uses models of human
activity to explore with the actors in the real world problem situation, their perceptions of
that situation and their readiness to decide upon purposeful action which accommodates
different actor’s perceptions, judgments and values.”(Checkland, 1999)

SSM attempts to learn and appreciate the problem situations between the groups of
stakeholders rather than set out to solve a problem that is pre-defined (Huaxia). This soft or
‘purpose exploring’ approach helps managers to improve their processes when it comes to
the decision making about their companies purpose (Torlak). There are two modes to SSM,
real world activities and systems thinking about real world. Most work involves interviews
and meetings to gain insight of the problem situation, this is represented by the use of ‘rich
pictures’ and/or ‘CATWOE’. Systems thinking will use concepts such as; emergent
properties, communication, hierarchy, and control to identify ‘relevant systems’ which
could provide useful information (IfM Management Technology Policy). SSM is a systemic
methodology that focuses on the whole, instead of the parts (Mehregan, 426).

The Origin of Soft Systems Methodology (SSM)

To better understand SSM, we must first consider why it was created in the first place. It
originated from the understanding that “hard” Systems Thinking such as, Operations
Research techniques, was inadequate for the complexity of large organizational issues
(Wang). Soft Systems Methodology was created by Peter Checkland for the main purpose
of dealing with these large issues. During his career, he had been working with many hard
systems methodologies. He saw how the current systems were inadequate for the purpose of
dealing with high levels of complex problems, which had a large social component. In the
1960s, he went to the University of Lancaster to research this area further (Checkland,
2000). This is where he would conceive his “Soft Systems Methodology” through his
research projects and years of applications and refinements. It wasn’t until 1981 that Peter
published the systems. Now, Peter is a professor and researcher in the field of Software
Engineering (Weeks).

Analyses and Techniques

What happens in an SSM intervention?

When you have a complex organizational problem, SSM intervention is used to help break
down the issue. SSM does have a clear structure, but it is up to the practitioner to use it in a
smart, flexible way. The user must see the problem they face as a system. After, they form it
into an unstructured problems, creating a conceptual model in decision making. The

10
 development model of the system can be done my discussion with the stakeholders and joint
problem solving .

The SSM intervention follows as such:

 Determine the situation

 Think about different systems which could or could not be employed in the situation

 Measure the thinking to the systems

 Take an action depending on previous information learned

One cannot simply perform these four stages and get a ‘right’ answer. They must take these
four stages as a bases for action, keeping each in mind (Hopkins).

How do you use SSM?

There are seven steps to the SSM model. They do not represent a single process that must be
followed from start to finish, after, giving you a ‘right’ answer. The seven step diagram is
shown below:

Step 1: Appreciate the problem situation

Step 2: Write the problem situation

Step 3: Formulate root definitions

Step 4: Build conceptual models

Formal system concepts

Other systems thinking

Step 5: Compare models with real world

Step 6: Define possible changes

Step 7: Recommend actions

Rich Pictures
Rich Pictures adds value to your system. It provides a more detailed visual representation of
a complex system. There are no real rules as to what to include in a Rich Picture, and there
are no syntaxes. Given its unrestricted nature, you can address or highlight key
considerations of the system .

There are many advantages to using Rich Pictures, some include:

 Excellent visual communication

 Improves understanding

11
 Efficient and simple

 Concise overview of complex systems

 Not restricted by notations

Benefits of SSM
Soft Systems Methodology helps structure a complex organizational and political situations.
It can allow the user to deal with them in an organized manner and forces them to look for
solution that can be more than just technical (Weeks).

Limitations of SSM
While the importance of this methodology has been realized, it also has a few limitation.
The fourth stage in the system has no modeling tool, along with a definite technique to
compare solutions in the real world. It also needs to factor in the effectiveness of system
thinking. If participants have little knowledge and experience with the so-called problem, it
will be harder to come up with a solution (Hanafizadeh, 326). When working with SSM, it
requires the user to adapt to a new approach that some may find difficult to do. The user
must also be careful not to narrow the scope of the investigation too early, this could cause
issues later on. It can also be difficult to assemble the richest picture without giving it a
particular structure and solution on the problem situation. The user can face difficulties
interpreting the world in a loose way (Weeks). Another limitation of this methodology is the
revising process. For example, when changes are implemented simultaneously, it may cause
conflicting results. This may result in adding other methodologies, such as Soft System
Dynamics Methodology (SSDM). Combining these methodologies together will create a
synergetic tool for solving soft problems .

Conclusion
The soft systems methodology targets the complex organizational business and process
models, identifying unstructured problems in a holistic view. It helps to provide a clear
approach to the changes that need to be made to prepare the ideal problem solution. Though
it is an older methodology, it has adapted and changed over the years and is still very much
alive today. When using SSM it has the potential to hold methodological lessons and
situations of concern. It gives us an understanding of how humans try to take purposeful
actions based on their own interpretations of the situation.

12
<<COURSE NAME>> <<COURSE CODE>>> SPEC

Unit - II
System Vulnerability and Abuse

When data are stored in digital form, they are more vulnerable than when they exist in manual form.

Security refers to the policies, procedures, and technical measures used to prevent unauthorized access,
alteration, theft, or physical damage to information systems.

Controls consist of all the methods, policies, and organizational procedures that ensure the safety of the
organization's assets; the accuracy and reliability of its accounting records; and operational adherence to
management standards.

Threats to computerized information systems include hardware and software failure; user errors; physical
disasters such as fire or power failure; theft of data, services, and equipment; unauthorized use of data;
and telecommunications disruptions. On-line systems and telecommunications are especially vulnerable
because data and files can be immediately and directly accessed through computer terminals or at points
in the telecommunications network.

Why Systems Are Vulnerable

Figure illustrates the most common threats against contemporary information systems. They can stem
from technical, organizational, and environmental factors compounded by poor management decisions.
In the multitier client/server computing environment illustrated here, vulnerabilities exist at each layer
and in the communications between the layers. Users at the client layer can cause harm by introducing
errors or by accessing systems without authorization. It is possible to access data flowing over networks,
steal valuable data during transmission, or alter messages without authorization. Radiation can disrupt a
network at various points as well. Intruders can launch denial of service attacks or malicious software to
disrupt the operation of Web sites. Those capable of penetrating corporate systems can destroy or alter

corporate data stored in databases or files.

Contemporary security challenges and vulnerabilities

The architecture of a Web-based application typically includes a Web client, a server, and corporate
information systems linked to databases. Each of these components presents security challenges and
vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any
point in the network.

Systems malfunction if computer hardware breaks down, is not configured properly, or is

13
<<COURSE NAME>> <<COURSE CODE>>> SPEC

damaged by improper use or criminal acts. Errors in programming, improper installation, or unauthorized
changes cause computer software to fail. Computer systems can also be disrupted by power failures,
floods, fires, or other natural disasters.

Domestic or offshore outsourcing to another company adds to system vulnerability because

valuable information will reside on networks and computers outside the organization’s control. Without
strong safeguards, valuable data could be lost, destroyed, or could fall into the wrong hands, revealing
important trade secrets or information that violates personal privacy. Some worry that outsourcing
application development to offshore companies might provide opportunities for programmers to insert
hidden code that would later enable someone to gain control over an application or its data.

INTERNET VULNERABI LITIES

Large public networks such as the Internet are more vulnerable than internal networks because they are
virtually open to anyone. The Internet is so huge that when abuses do occur, they can have an
enormously widespread impact. When the Internet becomes part of the corporate network, the
organization’s information systems are even more vulnerable to actions from outsiders.

Computers that are constantly connected to the Internet by cable modems or Digital Subscriber
Line (DSL) are more open to penetration by outsiders because they use fixed Internet addresses where
they can be easily identified. (With dial-up service, a temporary Internet address is assigned for each
session.) A fixed Internet address creates a fixed target for hackers.

Telephone service based on Internet technology can be more vulnerable than the switched voice
network if it does not run over a secure private network. Most Voice over IP (VoIP) traffic over the
public Internet is not encrypted, so anyone linked to a network can listen in on conversations. Hackers
can intercept conversations to obtain credit card and other confidential personal information or shut down
voice service by flooding servers supporting VoIP with bogus traffic.

Vulnerability has also increased from widespread use of e-mail and instant messaging (IM). E-
mail can contain attachments that serve as springboards for malicious software or unauthorized access to
internal corporate systems. Employees may use e-mail messages to transmit valuable trade secrets,
financial data, or confidential customer information to unauthorized recipients. Popular instant messaging
applications for consumers do not use a secure layer for text messages, so they can be intercepted and
read by outsiders during transmission over the public Internet. IM activity over the Internet can in some
cases be used as a back door to an otherwise secure network. (IM systems designed for corporations,
such as IBM’s SameTime, include security features.)

WIRELESS SECURITY CHALLENGES

Wireless networks using radio-based technology are even more vulnerable to penetration because radio
frequency bands are easy to scan. Although the range of Wireless Fidelity (Wi- Fi) networks is only
several hundred feet, it can be extended up to one-fourth of a mile using external antennae. Local area
networks (LANs) that use the 802.11b (Wi-Fi) standard can be easily penetrated by outsiders armed with
laptops, wireless cards, external antennae, and freeware hacking software. Hackers use these tools to
detect unprotected networks, monitor network traffic, and in some cases, gain access to the Internet or to
corporate networks.

Wi-Fi transmission technology uses spread spectrum transmission in which a signal is spread over
a wide range of frequencies, and the particular version of spread spectrum transmission used in the
802.11 standard was designed to make it easier for stations to find and hear one another. The service set
identifiers (SSID) identifying the access points in a Wi-Fi network are broadcast multiple times and can
be picked up fairly easily by intruders’ sniffer programs (see Figure 10-2). Wireless networks in many
locations do not have basic protections against war driving, in which eavesdroppers drive by buildings or
park outside and try to intercept wireless network traffic.
14
<<COURSE NAME>> <<COURSE CODE>>> SPEC

FIGURE Wi-Fi security challenges

Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address
to access the resources of a network without authorization.

Intruders can also use the information they have gleaned about Internet Protocol (IP)
addresses and SSIDs to set up rogue access points on a different radio channel in physical locations
close to users to force a user’s radio NIC to associate with the rogue access point. Once this association
occurs, hackers using the rogue access point can capture the names and passwords of unsuspecting
users.

The initial security standard developed for Wi-Fi, called Wired Equivalent Privacy (WEP), is not
very effective. WEP is built into all standard 802.11 products, but its use is optional. Users must turn it
on, and many neglect to do so, leaving many access points unprotected. The basic WEP specification
calls for an access point and all of its users to share the same 40-bit encrypted password, which can be
easily decrypted by hackers from a small amount of traffic. Manufacturers of wireless networking
products are now beefing up their security by offering stronger encryption and authentication systems.

Malicious Software: Viruses, Worms, Trojan Horses, and Spyware

Malicious software programs referred to as malware include a variety of threats such as computer
viruses, worms, and Trojan horses. A computer virus is a rogue software program that attaches itself to
other software programs or data files in order to be executed, usually without user knowledge or
permission. Most computer viruses deliver a “payload.” The payload may be relatively benign, such as
the instructions to display a message or image, or it may be highly destructive—destroying programs or
data, clogging computer memory, reformatting a computer’s hard drive, or causing programs to run
improperly. Viruses typically spread from computer to computer when humans take an action such as
sending an e-mail attachment or copying an infected file.
15
<<COURSE NAME>> <<COURSE CODE>>> SPEC

Many recent attacks have come from worms, which are independent computer
programs that copy themselves from one computer to others over a network. (Unlike viruses,
they can operate on their own without attaching to other computer program files and rely less
on human behavior in order to spread from computer to computer. This explains why
computer worms spread much more rapidly than computer viruses.) Worms can destroy data
and programs as well as disrupt or even halt the operation of computer networks.

Worms and viruses are often spread over the Internet from files of downloaded
software, from files attached to e-mail transmissions, or from compromised e-mail messages.
Viruses have also invaded computerized information systems from “infected” disks or
infected machines. Today e-mail attachments are the most frequent source of infection,
followed by Internet downloads and Web browsing.

Over 80,000 viruses and worms are known to exist, with about 25 new ones detected each day.
Over the past decade, worms and viruses have caused billions of dollars of damage to corporate
networks, e-mail systems, and data. According to the research firm Computer Economics, viruses and
worms caused an estimated $12.5 billion in damage worldwide in 2003.

A Trojan horse is a software program that appears to be benign, but then does something other
than expected. The Trojan horse is not itself a virus because it does not replicate, but is often a way for
viruses or other malicious code to be introduced into a computer system. The term Trojan horse is based
on the huge wooden horse used by the Greeks to trick the Trojans into opening the gates to their fortified
city during the Trojan War. Once inside the city walls, Greek soldiers hidden in the horse revealed
themselves and captured the city.

An example of a modern-day Trojan horse is Trojan. Xombe, which was detected on the Internet
in early 2004. It masqueraded as an e-mail message from Microsoft, directing recipients to open an
attached file that purportedly carried an update to the Windows XP operating system. When the attached
file was opened, it downloaded and installed malicious code on the compromised computer. Once this
Trojan horse was installed, hackers could access the computer undetected, steal passwords, and take over
the machine to launch denial of service attacks on other computers (Keizer, 2004).

Some types of spyware, can also act as malicious software. These small programs install
themselves on computers to monitor user Web surfing activity and serve up advertising. Some Web
advertisers use spyware to obtain information about users’ buying habits and to serve tailored
advertisements. Many users find such spyware annoying and some critics worry about its infringement
on computer users’ privacy.

Other forms of spyware, however, are much more nefarious. Key loggers record every keystroke
made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to e-
mail accounts, to obtain passwords to protected computer systems, or to pick up personal information
such as credit card numbers. Other spyware programs reset Web browser home pages, redirect search
requests, or slow computer performance by taking up too much memory. Nearly 1,000 forms of spyware
have been documented.

Hackers and Cybervandalism

A hacker is an individual who intends to gain unauthorized access to a computer system.

Within the hacking community, the term cracker is typically used to denote a hacker with
criminal intent, although in the public press, the terms hacker and cracker are used
interchangeably. Hackers and crackers gain unauthorized access by finding weaknesses in
the security protections employed by Web sites and computer systems, often taking
16
<<COURSE NAME>> <<COURSE CODE>>> SPEC

advantage of various features of the Internet that make it an open system that is easy to use.

Hacker activities have broadened beyond mere system intrusion to include theft of
goods and information, as well as system damage and cybervandalism, the intentional
disruption, defacement, or even destruction of a Web site or corporate information system.
Early in 2003, hackers introduced the Slammer worm, which targeted a known vulnerability
in Microsoft SQL Server database software. Slammer struck thousands of companies;
crashed Bank of America cash machines, especially in the southwestern part of the United
States; affected cash registers at supermarkets such as the Publix chain in Atlanta, where
staff could not dispense cash to frustrated buyers; and took down most Internet connections
in South Korea, causing a dip in the stock market there (CNN, 2003). Some hackers,
motivated by “hacktivism,” launch politically motivated attacks with the same effect. For
instance, after the October 12, 2002, terrorist nightclub bombings in Bali, Indonesian hackers
hacked or defaced more than 200 Australian Web sites to protest security raids targeting
Indonesian families in Australia.

SPOOFING AND SNIFFING

Hackers attempting to hide their true identity often spoof, or misrepresent themselves by
using fake e-mail addresses or masquerading as someone else. Spoofing also can involve
redirecting a Web link to an address different from the intended one, with the site
masquerading as the intended destination. Links that are designed to lead to one site can be
reset to send users to a totally unrelated site, one that benefits the hacker. For example, if
hackers redirect customers to a fake Web site that looks almost exactly like the true site, they
can then collect and process orders, effectively stealing business as well as sensitive customer
information from the true site. We provide more detail on other forms of spoofing in our
discussion of computer crime.

A sniffer is a type of eavesdropping program that monitors information traveling over a

network. When used legitimately, sniffers can help identify potential network trouble-spots or
criminal activity on networks, but when used for criminal purposes, they can be damaging and
very difficult to detect. Sniffers enable hackers to steal proprietary information from
anywhere on a network, including e-mail messages, company files, and confidential reports.

DENIAL OF SERVICE ATTACKS

In a denial of service (DoS) attack, hackers flood a network server or Web server with many
thousands of false communications or requests for services to crash the network. The network
receives so many queries that it cannot keep up with them and is thus unavailable to service
legitimate requests. A distributed denial of service (DDoS) attack uses numerous computers to
inundate and overwhelm the network from numerous launch points. For example, on June 15,
2004, Web infrastructure provider Akamai Technology was hit by a distributed denial of
service attack that slowed some of its customers’Web sites for over two hours. The attack
used thousands of “zombie” PCs, which had been infected by malicious software without
their owners’ knowledge (Thomson, 2004). Microsoft, Apple, and Yahoo! were among the
sites affected.

Although DoS attacks do not destroy information or access restricted areas of a

company’s information systems, they can cause a Web site to shut down, making it
impossible for legitimate users to access the site. For busy e-commerce sites such as eBay and
Buy.com, these attacks are costly; while the site is shut down, customers cannot make
purchases.

17
<<COURSE NAME>> <<COURSE CODE>>> SPEC

Computer Crime and Cyberterrorism

Most hacker activities are criminal offenses, and the vulnerabilities of systems we have just described
make them targets for other types of computer crime as well. We introduced the topic of computer crime
and abuse in Chapter 5. The U.S. Department of Justice defines computer crime as “any violations of
criminal law that involve a knowledge of computer technology for their perpetration, investigation, or
prosecution.” The computer can be a target of a crime or an instrument of a crime. Table 10-2 provides
examples of both categories of computer crime.

No one knows the magnitude of the computer crime problem—how many systems are
invaded, how many people engage in the practice, or the total economic damage. According to one
study by the Computer Crime Research Center, U.S. companies lose approximately $14 billion
annually to cybercrimes. Many companies are reluctant to report computer crimes because the
crimes may involve employees or the company fears that publicizing its vulnerability will hurt its
reputation.

The most economically damaging kinds of computer crime are DoS attacks, introducing
viruses, theft of services, and disruption of computer systems. Traditionally, employees—insiders—
have been the source of the most injurious computer crimes because they have the knowledge,
access, and, frequently, job-related motives to commit such crimes. However, the Internet’s ease of
use and accessibility have created new opportunities for computer crime and abuse by outsiders.

IDENTITY THEFT

With the growth of the Internet and electronic commerce, identity theft has become especially
troubling. Identity theft is a crime in which an imposter obtains key pieces of personal information,
such as social security identification numbers, driver’s license numbers, or credit card numbers, to
impersonate someone else. The information may be used to obtain credit, merchandise, or services
in the name of the victim or to provide the thief with false credentials. According to a 2003 U.S.
Federal Trade Commission report, 9.9 million cases of identity theft were reported in the United
States in the 12 months ending in April 2003, causing consumer losses of about $5 million

The Internet has made it easy for identity thieves to use stolen information because goods
can be purchased online without any personal interaction. Credit card files are a major target of
Web site hackers. Moreover, e-commerce sites are wonderful sources of customer personal
information—name, address, and phone number. Armed with this information, criminals can
assume a new identity and establish new credit for their own purposes.

One increasingly popular tactic is a form of spoofing called phishing. It involves setting up
fake Web sites or sending e-mail messages that look like those of legitimate businesses to ask users
for confidential personal data. The e-mail message instructs recipients to update or confirm records
by providing social security numbers, bank and credit card information, and other confidential data
either by responding to the e-mail message or by entering the information at a bogus Web site.

For example, Dan Marius Stefan was convicted of stealing nearly $500,000 by sending e-
mail messages that appeared to come from the online auction site eBay to people who were
unsuccessful auction bidders. The message described similar merchandise for sale at even better
prices. To purchase these goods, recipients had to provide bank account numbers and passwords
and wire the money to a fraudulent “escrow site” that Stefan had set up.

Phishing appears to be escalating. Brightmail of San Francisco, a company that filters e-mail
for spam, identified 2.3 billion phishing messages in February 2004, representing 4 percent of the
e-mail it processed; this figure is up from only 1 percent in September 2003 (Hansell, 2004).
Phishing scams have posed as PayPal, the online payment service, online service provider America
Online (AOL), Citibank, Fleet Bank, American Express, the Federal Deposit Insurance Corporation,
the Bank of England, and other banks around the world. British security firm mi2g estimates the
worldwide economic damage from phishing scams exceeded $13.5 billion in customer and
productivity losses, business interruptions, and efforts to repair damage to brand reputation .

18
<<COURSE NAME>> <<COURSE CODE>>> SPEC

The U.S. Congress responded to the threat of computer crime in 1986 with the Computer
Fraud and Abuse Act. This act makes it illegal to access a computer system without authorization.
Most states have similar laws, and nations in Europe have similar legislation. Congress also passed
the National Information Infrastructure Protection Act in 1996 to make virus distribution and hacker
attacks to disable Web sites federal crimes. U.S. legislation such as the Wiretap Act, Wire Fraud Act,
Economic Espionage Act, Electronic Communications Privacy Act, E-Mail Threats and Harassment
Act, and Child Pornography Act covers computer crimes involving intercepting electronic
communication, using electronic communication to defraud, stealing trade secrets, illegally
accessing stored electronic communications, using e-mail for threats or harassment, and
transmitting or possessing child pornography.

19
<<COURSE NAME>> <<COURSE CODE>>> SPEC

Unit III

Enterprise Resource Planning (ERP):

Enterprise resource planning – more commonly referred to as ERP – is a software system used to manage
and maintain the functions of a business. The tasks are typically done in real-time.

 Enterprise resource planning (ERP) is software designed to help companies store, manage, and use data
regarding their daily and regular processes.
 ERP keeps track of a wealth of information, including payroll, raw materials, business commitments,
purchase orders, and capacity for production.
 ERP software is part of the IT sector, and because of its usefulness and success, it is now considered a
multi-billion-dollar industry.

Components of ERP Software:

ERP programs are commonly known as business management software. They involve a host of
applications that work together to

 Gather data
 Store it for future reference
 Manage and sort the information for easier access
 Interpret the data for use by the business

Primary Functions of ERP:

ERP provides a host of services for companies trying to improve how efficiently they operate. The
systems are constantly being updated by the proprietors to offer the speediest and most reliable services.

As the name suggests, ERP’s primary goal is to manage the various resources within the company to
make sure they are being utilized in a cost-effective way. It is also designed to make sure that all
resources are being used efficiently.

ERP works particularly well for tracking and managing things such as a company’s capacity for
production, cash levels, raw materials at its disposal, payroll information, and purchase

Flow of Information:

20
<<COURSE NAME>> <<COURSE CODE>>> SPEC

ERP software covers a lot of different areas within a company – accounting, sales, purchasing,
manufacturing. One of the most important needs it addresses is the need to communicate all pertinent
information to the many departments that may require the data.

The software, being continuously updated and watched in real-time, ensures needed information is
accessible by each appropriate department. It is also designed to pass information between departments.
For example, manufacturing may need to know about purchase orders on deck. Or, accounting may need
to know the status of payroll and business commitments that are lined up to keep the company’s cash
flow up to date.

ERP software can also pass the information along to outside stakeholders. Their investment in the
company is dependent, typically, on how efficiently a company is running and how financially strong it
is. The data within an ERP system reveals the relevant information to all stakeholders to keep them
abreast of the company’s capacity to function and generate revenue.

Enterprise Resource Planning in the IT Industry:

ERP systems and software are an industry unto themselves, located at the heart of the technology space.
Because of ERP systems efficiency, success – and therefore, desirability – it is an industry worth several
billions of dollars today.

Investments in information technology boast the distinction of being the category responsible for the
largest expenditures within the U.S. Within the past decade specifically, ERP systems skyrocketed in
terms of use and, therefore, began to dominate the IT sector. Though the earliest ERP systems were
designed specifically for use by large enterprises, they can now be found in a growing number of smaller
companies because of their usefulness.

Manufacturing Resource Planning:

Manufacturing resource planning is a system that is used to effectively plan the use of a manufacturer’s
resources. It enables manufacturers to develop a precise production schedule for the future that
minimizes costs and maximizes the use of the resources available at their disposal.

Sales forecasting helps a manufacturer estimate the expected demand for a product so that they can
source the proper amount of raw materials and schedule deliveries and quantities on time. It also provides
a target production level to determine the number of machine units and labor required during a given
production cycle.

Manufacturing resource planning arrives at the optimal order quantity and frequency for raw materials by
adding the average use for a planned replenishment lead time with the safety stock that is required to
protect against stock-outs.

Thus, “When to Order” = Average Use Time + Safety Stock

 Manufacturing Resource Planning is a system that is used to effectively plan the use of a manufacturer’s
resources.
 The integrated information system facilitates the decision-making process for management by
centralizing, integrating, and processing information related to the manufacturing process.
 Together, MRP I and MRP II gave rise to the Enterprise Resource Planning (ERP) system.

21
<<COURSE NAME>> <<COURSE CODE>>> SPEC

Manufacturing Resource Planning (MRP II):

The term manufacturing resource planning refers to an information system that is used by businesses
involved in manufacturing goods. The integrated information system facilitates the decision-making
process for management by centralizing, integrating, and processing information related to the
manufacturing process.

It enables management to make an accurate visualization of the scheduling and inventory process and
design engineering and to effectively employ cost-control measures.

The MRP II was developed in 1980 after a need for a software that integrates accounting systems while
making forecasts about inventory requirements. The earlier version, MRP I, was developed in 1964, and
the first company to use it was Black and Decker.

MRP I vs. MRP II:

 MRP II software is considered a functional replacement of MRP I. It is because the MRP II information
system includes all the functionality of its predecessor; it offers inventory tracking, bill of materials

22
<<COURSE NAME>> <<COURSE CODE>>> SPEC

(BOM), and master production scheduling. In addition to such characteristics, it also enables the
involvement of logistics, marketing, and finance.
 MRP II is also able to account for the human resources of an organization, thus providing a holistic view
of the real operating capacity of a company, unlike MRP I. It includes machine capacity and personnel
capacity.
 MRP II also enables effective demand forecasting. It also allows its operators to enter data into the
system and see what variables will produce a downstream effect. The MRP II system enables them to
arrive at the optimal level of sales. Moreover, it can also provide feedback based on the variables entered
for a given operation, which is why it is also known as a closed-loop system.

Evolution of Enterprise Resource Planning:

Enterprise resource planning (ERP) has evolved as a strategic tool, an outcome of over four decades. This is
because of continuous improvements done to the then available techniques to manage business more
efficiently and also with developments and inventions in information technology field.

1 Pre Material Requirement Planning (MRP) stage

Prior to 1960s businesses generally relied on traditional ways of managing inventories to ensure smooth
functioning of the organizations. These theories are popularly known as ‘Classical Inventory
Management or Scientific Inventory Control Methods’. Most popularly used among them were Economic
Order Quantity (EOQ); Bill of Material (BOM) etc. However these systems had very limited scope.

ERP system has evolved from the Material Planning System of 1980’s. There are various phases through
which this evolution process has gone through. The various phases of development of resource planning
system in relation to time and evolution of concept of ERP.

 Figure 1.1


 Stages of ERP Evolution

23
<<COURSE NAME>> <<COURSE CODE>>> SPEC

An Integrated Management System (IMS) integrates all of an organization’s systems and processes
into one complete framework, enabling an organization to work as a single unit with unified objectives.

IMS = QMS + EMS + SMS + EnMS + FSMS + ISMS

(etc)

Organizations often focus on management systems individually, often in silos and sometimes even in
conflict. A quality team is concerned with the QMS, often an EHS manager handles both Environmental
and Health and Safety issues, or a SHEQ Manager handles Safety, Health, Environment and Quality, etc.

Integrated Management Systems can include:

QMS – Quality Management System

A quality management system (QMS) is a set of policies, processes and procedures required for planning
and execution (production, development, service) in the core business area of an organization, (i.e. areas
that can impact the organization’s ability to meet customer requirements). ISO 9001:2015 is an example
of a Quality Management System.

 ISO 9001 Quality Management Systems

 AS9100 Aerospace and Defense
 ISO 13485 Medical Devices
 IATF 16949 Automotive

EMS – Environmental Management System

24
<<COURSE NAME>> <<COURSE CODE>>> SPEC

An Environmental Management System (EMS) determines and continuously improves an organization’s

environmental position and performance.

 ISO 14001 Environmental Management Systems

SMS – Safety Management System

An SMS (or OHSMS) determines and continually improves an organization’s Health and Safety position
and performance. It follows an outline and is managed like any other facet of a business, such as with
marketing or engineering functions.

 ISO 45001 Occupational Health and Safety Management Systems

EnMS – Energy Management System

An EnMS determines and continually improves an organization’s energy usage and impact.

 ISO 50001 Energy Management System

FSMS – Food Safety Management System

A Food Safety Management System confirms that corporations in the food industry follow certain
procedures and guidelines to ensure their products for customer safety.

 FSSC 22000 Food Safety Certification

 ISO 22000
 SQF

ISMS – Information Security Management System

An Information Security Management System determines how your organization should organize and
manage its information security.

 ISO 27000 Internet Security Management System

Reason for the Growth of ERP Market

Since 1970, ERP is growing every year which you can find ERP history report. Growing rate of ERP in
the market is 30% every year. There are many reasons behind this whose list, I am given below.

1.Good Inventory Control

In any ERP package, you will find the inventory control system. With inventory control system, you can
add and raw data of raw material, work in process and finished goods in the database from anywhere. On
basis of this database you can find, you can track the information of inventory availability. It is possible
because ERP records are directly link with the records of all purchasing, beginning and closing stock.

2. Produce the Products Fastly

In ERP, both production department and sales department are inter-connected. So, when production
department tracks the demand from sale department, it can fastly produce the products without any delay.
It will reduce the production cost because correct and fast information will help to keep small produced
stock and less invests money in stock.

25
<<COURSE NAME>> <<COURSE CODE>>> SPEC

3. New Product Development

When developer sees all the information together, they get more idea to create new product development.
For example, recently, I saw in YouTube analytics, comparison of one video in two countries. When this
option will see the YouTube video maker, he can take the development of new video for specific
location. YouTube analytics are also developing the developers. ERP is also online software when they
will develop its update, it will be helpful for businessman and working team to develop new product
which increase the profit and decrease the losses.

4. Support of Multiple Languages and Currencies

ERP systems support multiple languages and currencies. So, more and more employees in different
branches can work together because they can understand database language through better translation
support. Better multiple currencies support will be helpful to do international business. When ERP
software has started to give the multiple currencies support, then it can be helpful to calculate net gain
from all the branches which are working in different countries whose currency is different. For example,
SBI has its branches in almost all the countries. It uses bank link for managing the business in different
countries in different languages and different currencies.

5. Vertical Market Solution

Before understanding the usages of ERP in vertical market solution, we should understand what is
vertical market? As per Wikipedia,
A vertical market is a market in which vendors offer goods and services specific to an industry, trade,
profession, or other group of customers with specialized needs. It is distinguished from a horizontal
market, in which vendors offer a broad range of goods and services to a large group of customers with
wide range of needs, such as businesses as a whole, men, women, households, or, in the broadest
horizontal market, everyone.
Now, you have understood what is vertical market? Software developer can develop as per the need of
vendor. Bank Vendor Company’s requirement will be different from automotive vendor.
Telecommunication vendor’s requirement for managing his business will be different from transportation
Vendor Company’s requirement.

6. Client Server

SAP, Oracle and Microsoft are the top client server ERP. One of main benefit, all files will be stored
same store. All files will have automatically back up. If there is any bug, we can restore the back up.

A business model describes the rationale of how an organization creates, delivers, and captures value,[2]
in economic, social, cultural or other contexts. The process of business model construction and
modification is also called business model innovation and forms a part of business strategy.[1]

In theory and practice, the term business model is used for a broad range of informal and formal
descriptions to represent core aspects of a business, including purpose, business process, target
customers, offerings, strategies, infrastructure, organizational structures, sourcing, trading practices, and
operational processes and policies including culture.

What is Integrated data model

1.
The integrated management of information leads to Integrated Data Model which supports a
26
<<COURSE NAME>> <<COURSE CODE>>> SPEC

centralized data repository. This data repository gives up to date status of the organization at any point
of time without data redundancy and assuring total integrity. Learn more in: ERP and Beyond
2.
A central repository system used for the storage of data and processes required by various disciplines
during the life cycle of a project

Foundations of Information Systems in Business I. LECTURE OVERVIEW Foundation Concepts:

Foundations of Information in Business presents an overview of the five basic areas of information
systems knowledge needed by business professionals, including the conceptual system components and
major types of information systems. Why Information Systems Are Important – An understanding of the
effective and responsible use and management of information systems and technologies is important for
managers, business professionals, and other knowledge workers in today’s internetworked enterprises.
Information systems play a vital role in the e-business and e-commerce operations, enterprise
collaboration and management, and strategic success of businesses that must operate in an
internetworked global environment. Thus, the field of information systems has become a major
functional area of business administration. An IS Framework for Business Professionals – The IS
knowledge that a business manager or professional needs to know is illustrated in Figure 1.2 and covered
in this chapter and text. This included (1) foundation concepts: fundamental behavior, technical,
business, and managerial concepts like system components and functions, or competitive strategies; (2)
information technologies: concepts, developments, or management issues regarding hardware, software,
data management, networks, and other technologies; (3) business applications: major uses of IT for
business processes, operations, decision making, and strategic/competitive advantage; (4) development
processes: how end users and IS specialists develop and implement business/IT solutions to problems
and opportunities arising in business; and (5) management challenges: how to effectively and ethically
manage the IS function and IT resources to achieve top performance and business value in support of the
business strategies of the enterprise. System Concepts – A system is a group of interrelated components
working toward the attainment of a common goal by accepting inputs and producing outputs in an
organized transformation process. Feedback is data about the performance of a system. Control is the
component that monitors and evaluates feedback and makes any necessary adjustments to the input and
processing components to ensure that proper output is produced. An Information System Model – An
information system uses the resources of people, hardware, software, data, and networks to perform
input, processing, output, storage, and control activities that convert data resources into information
products. Data are first collected and converted to a form that is suitable for processing (input). Then the
data are manipulated and converted into information (processing), stored for future use (storage), or
communicated to their ultimate user (output) according to correct processing procedures (control). IS
Resources and Products - Hardware resources include machines and media used in information
processing. Software resources include computerized instructions (programs) and instruction for people
(procedures). People resources include information systems specialists and users. Data resources include
alphanumeric, text, image, video, audio, and other forms of data. Network resources include
27
<<COURSE NAME>> <<COURSE CODE>>> SPEC

communications media and network support. Information products produced by an information system
can take a variety of forms, including paper reports, visual displays, multimedia documents, electronic
messages, graphics images, and audio responses. Business Applications of Information Systems -
Information systems perform three vital roles in business firms. Business applications of IS support an
organization’s business processes and operations, business decision-making, and strategic competitive
advantage. Major application categories of information systems include operations support systems, such
as transaction processing systems, process control systems, and enterprise collaboration systems, and
management support systems, such as management information systems, decision support systems, and
executive information systems. Other major categories are expert systems, knowledge management
systems, strategic information systems, and functional business systems. However, in the real world most
application categories are combined into cross-functional information systems that provide information
and support for decision-making and also perform operational information processing activities.

Enterprise Resource Planning Marke

The global enterprise resource planning market is expected to progress at a steady growth rate over the
forecast period. Enterprise Resource Planning (ERP) is business management software that binds the
different corporate functions and enables a company to efficiently manage its resources. A striking
feature of ERP is its ability to integrate organizational activities. The enterprise resource planning market
is made up of varied business sizes. Such systems help boost competitiveness and improve the operating
process. Globalization, regulatory compliance, and centralization have been the key drivers for ERP
investment by large corporations. Small business segments have also positively contributed to the market
in order to meet new customer requirements. Large companies benefit from ERP software as it helps to
manage their day-to-day operations more efficiently.

It is anticipated that cloud computing will facilitate enterprise resource planning market growth. Other
growth factors include new emerging markets, penetration of new industry, economic growth, acquisition
of small software companies by larger ERP companies, expansion of ERP product portfolio to cater new
vertical markets. The restraint for the market’s growth, however, lie in the high cost of implementation
and a high degree of competition within the market forcing companies towards constant innovation in
order to gain market share. Recession has also been one of the growth inhibiting factors as it reduced the
spending on IT services by different public and private sectors.

The ERP market can be segmented as per type and size of industry such as large companies that require
global functionality and large scalability, upper mid-market companies that require multinational
functionality with less scalability, lower mid-market companies that require multinational functionality
with minimal scalability and smaller businesses that have a single location and hence require
standardized packages with low complexity. ERP market can also be segmented on the type of vertical it
caters to such as manufacturing, software solutions, insurance, hospitality, healthcare, education,
governmental, pharmaceutical, automotive, and others. Within these verticals, it may be used for supply
chain management, product configuration, web-based ordering, financial accounting, human resource
planning, project management, order processing, and others.

What is ERP System Modules?

It is a system consisting of various ERP departmental modules that manage the core business functions in
a unified manner. These system modules are designed to facilitate a seamless flow of information
28
<<COURSE NAME>> <<COURSE CODE>>> SPEC

between multiple departments such as sales, inventory, customer relationship management, human
resources, and finance.

ERP system modules can streamline all the major operations of the business. They also automate the
administrative back-office work and increase operational efficiency between departments.

Benefits of Enterprise Resource Planning Software

Now that we know what ERP software is mostly used for by many organizations, here are a few benefits
of ERP to help you understand the need for the same to manage your company departments well:

#1 Increased productivity

ERP System modules are an asset to the organization. If integrated properly, they can reduce the time and
effort required by your workforce to carry out routine activities. The software will eliminate repetitive
manual processes and let your team focus on the revenue-generating task.

Also, since all the business functions are managed under a single portal, overall efficiency is increased.
Visual dashboards allow managers to have a quick glance at parameters and make better decisions.

#2 Promotes a culture of collaboration

ERP modules break down the walls between various departments of the company by establishing a
proper communication method. Such a cross-departmental collaboration ensures a smooth flow of
information and helps the team to work in an atmosphere of collaboration which will, in turn, minimize
wastage of resources, and boost innovative ideas.

#3 Data protection

One of the most significant advantages of using ERP system modules is data security. It allows sharing
data across multiple functional departments but, at the same time, controls who can see and edit the very
same data.

Further, the ERP system provides for a single input system that gives authority to a single repository.
Such a process of data protection increases the accuracy and consistency of data input thus avoiding any
conflict.

#4 Facilitates regulatory compliance

One of the most challenging things for any business is maintaining perfect financial records and
reporting. ERP system modules ensure timely compliance of various regulatory provisions by validated
data combined with built-in reporting, which ensures you don’t get penalized for any non-compliance.

#5 Accurate business forecasting

Advanced database and real-time analysis of data are some features of ERM modules that provide
accurate business forecasts. They help to calculate expected sales, revenues, and cash flows well in
advance that helps an organization to plan well in advance and reduce the wastage of resources

What are ERP Modules and How Do They Help an Organization?

ERP software comes integrated with multiple system modules that are meant to be purchased
individually by the organization according to the utility in their business. These various system modules
help manage an area of business processes such as human resources, inventory, supply chain
management, etc.
29
<<COURSE NAME>> <<COURSE CODE>>> SPEC

Such ERP modules help an organization in numerous ways like –

 Automating and centralizing business processes

 Unifying many systems into one system to access data from all the sources at one place
 Helps in building collaboration between employees
 Improved resource planning
 Improved workflow by streamlining the business processes

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-

height: 0;" class="lazy lazy-hidden mce_SELRES_start"></span>

Now since you know how different ERP modules can help organizations, check out the following ERP
modules to manage your operations.

12 Types of ERP System Modules with their Uses

Most ERP systems have several sophisticated modules. These ERP system modules handle a vast and
diverse range of organizational functions. They are scalable, meaning that organizations can add more or
additional modules as they grow in size or operations.

At this point, organizations need to be well aware of their needs to select ERP modules most suited to
their workflow. Here are some of the essential ERP modules:

1. Financial and Accounting module

This module is generally considered to be the most important out of all the ERP business modules. It's
because keeping accounts, monitoring transactions, and control costs are basic functions that need to be
carried out by both — small and large firms. Also, different countries follow diverse accounting
principles. A multinational company that has offices in multiple countries needs to adhere to the laws of
30
<<COURSE NAME>> <<COURSE CODE>>> SPEC

the country that it's operating in. The financial accounting module keeps a tab on the business framework
set up by the government of the respective country. It carries out functions — such as accounts
receivables, accounts payables, general ledger, tax, etc. This module of ERP consists of the following
sub-modules.

Cost Control

This sub-module allows for systematic management of liquidity, portfolio, and risk. It generates reports
and analysis paths that help control costs in both — short and long run. It also has a treasury component
that manages cash and funds and also analyzes market risk.

Investment management

This sub-module assists through all the stages in the investment process — from planning to settlement.
It takes care of investments happening across all projects and orders. It also distributes budgets that are
used during the capital spending process and monitor it to avoid budget overruns.

Enterprise controlling

This sub-module consists of systems — such as business planning and budgeting, executive information
system, and profit accounting. It helps meet pre-decided objectives for growth and investment and
increases shareholder value.

2. Sales and Distribution Management

ERP software manages sales and distribution (S&D) effectively. It does this by increasing customer
response time, improving service level, reducing lead time, decreasing shipping cost, and by developing
good vendor and distributor relationships. A good S&D strategy ensures that your business remains
competitive and profitable. You can configure the ERP system and allocate how many functions will be
automated and how many of them will be done manually. As far as delivery and billing are concerned,
the S&D module interacts with other modules — such as warehouse management, billing, sales, master
31
<<COURSE NAME>> <<COURSE CODE>>> SPEC

data management, pricing, order management, foreign trade, shipment, vendor management, etc. —
simultaneously.

3. Production Management

Production activities vary from industry to industry. It entails varying production methods, different
types of raw materials, distinct quality-checking methods, and diverse packaging styles. For example, if
you look at chemical industries, you will find that it involves the mixing of chemicals, heating and
cooling of solutions, use of reagents to speed up the process, and preservatives to slow down the decay.
If you look at the manufacturing industry, then it involves the use of machines for performing functions
—such as rolling, welding, pressing, forging, extrusion, casting, etc. Similarly, the oil industry comprises
of processes such as the extraction and refining of crude oil, etc. The production management module of
the enterprise resource planning software takes care of all these activities and manages them
conveniently. It adopts either of the three production styles — continuous, job, or batch basis. It assigns
jobs to machines, schedules their turn, prioritizes customer order, and performs division of labor. The
ERP system contains various sub-modules for the production package including shop floor control,
engineering data management, lot control, capacity management, tooling, configuration management,
Just In Time (JIT), cost management, engineering change control, etc.

4. Human Resources Management (HRM)

Human resources are the pillars of any organization. They are the ones who execute tasks, build plans,
brainstorm future strategies, and develop business processes. Without them, an organization cannot even
think of functioning, lest reaching its optimum potential. ERP system contains a Human Resource
Management module that takes care of the following operations: Tracking employee records, updating
employee information, conducting performance reviews, tracking time & attendance, creating job
descriptions, calculating reimbursements and travel expenses, etc. The two most important tasks carried
out by the HRM module is managing employee salaries and generating payment reports. The HRM
module can be easily adapted according to your business requirements that include parameters like
currency, language, legal requirements, and accounting systems that differ from one country to another.

5. Quality Management System (QMS)

The quality management system of an ERP enables the quality team to frame rules and specifications of
the manufacturing process. It also ensures that the finished products adhere to the set standards. If they
don't, it automatically rejects such products and stops them from passing to the next stage. Since the
QMS monitors the functioning of every process — such as procuring raw materials from the vendor,
assessing the quality of materials in the inventory and storage, recalibration and tool setting, an
inspection of finished products, etc. — it needs to be seamlessly integrated with the ERP system. This
allows employees working in different departments to share and assess important documents. The QMS
helps the quality inspector to take corrective actions by providing reliable graphs and charts — including
p chart, np chart, and X bar chart. Some other features of QMS module are as follows:

32
<<COURSE NAME>> <<COURSE CODE>>> SPEC

a. Review of each
control unit
b. Designation of attribute values for each review plan
c. Suggestion of change in raw materials based on quality clearance feedback
d. Determination of standard operating procedures
e. Can override the status of sample results
f. Conformance of certificates
g. Generation of audit trails
h. Monitoring business activities
i. Ensuring user security
j. Corrective action requests (CARs) that help meet customer requirements
k. Facilitates continuous improvement in quality based on collected data.

6. Plant maintenance management

This module deals with the maintenance of the plant and other allied functions — such as preventive
maintenance and breakdown maintenance. Apart from playing a vital role in managing issues related to
production and cost control, it also reduces the setup time. The following are the features of the plant
maintenance management sub-module: a. Equipment tracking: Every equipment in the production
process is defined by a different serial number and model. Since it's imperative to store such information,
it's stored in datasheets that churn useful data for transportation control and maintenance. b. Preventive
maintenance: This feature helps program, strategize, and handle equipment and control facilities. It keeps
the maintenance cost to a bare minimum. This sub-module also takes care of component replacement,
uptime, downtime, equipment lubrication, and machine breakage. c. Component tracking: Many
components that are used in machines are too sensitive. They require regular maintenance because if they
fail, it's expensive to replace them. So it's imperative to monitor and protect them safely. This includes
tracking the component service life and component exchange history.

7. Supply Chain Management (SCM) module

The supply chain module of the ERP system handles the incoming of raw materials from the vendor and
the outgoing of finished products through the distributor. If due to any reason there is a break in the
supply chain and it's cut off, your company will suffer heavy losses. Also, your customers will be unable
to find your products in departmental stores which will allow your competitors to leap forward. The
33
<<COURSE NAME>> <<COURSE CODE>>> SPEC

SCM module connects all the stakeholders — customers, suppliers, business partners, manufacturers, and
retailers — together to manage the supply chain effectively. It creates smart contracts for both the supply
side and supplier side and checks whether they are being complied with. It collects and analyzes
customer data and forecasts what kind of customer campaigns would create the strongest impact. It
constantly updates the stocks available in your warehouse and automatically makes an order to your
vendor if it falls below the set threshold. MRP (Master Production Schedule) and MPS (Material
Requirements Planning) are two of the most important bundles of SCM that help an ERP system to meet
increased demands. The basic difference between the two is that MPS deals with the production of items
that have independent demand whereas MRP deals with the production of items that have dependent
demand. For example, a pen is an MPS item because it has market demand. But items such as the barrel,
spring, cap, and refill that are required to produce a pen do not have any individual market demand. So,
these four items are MRP items. The following are the functions carried out by MRP and MPS:

Planning and control

It decreases inventory carrying costs and monitors the production process by analyzing when to buy,
what to buy, and how much to buy. It determines the quantity and cost of inventory required for
manufacturing purposes by examining data. It monitors whether the production schedule is going as
intended. Whenever there is a shortage of supply, it automatically places orders. It identifies bottlenecks
and revamps the production line accordingly.

Resource management & Scheduling

34
<<COURSE NAME>> <<COURSE CODE>>> SPEC

It determines the expected yield and estimates the time taken to produce products. It enables managers to
gauge the labor time and cost associated with it, and products manufactured per hour. It also sends
automatic alerts to the manager about the unavailability of important equipment or material.

Data management

An ERP system coupled with MRP/MPS can gather, store, interpret, and present a huge amount of data.
It does this by converting inventory data into comprehensible invoices and receipts.

8. Manufacturing module

The manufacturing modules in an ERP system play an important role in a business. First, it makes the
business processes cost-effective by ensuring quality management and reducing the number of discarded
products. Second, it makes use of the most in-demand skills such as analytics, machine learning, and
artificial intelligence to gain real-time business visibility and provide timely insights. Third, it
streamlines the manufacturing processes and allows employees working in different departments to gain
a 360-degree view of the entire process. Also, the manufacturing module makes operations completely
transparent. It allows for tracking the entire inventory in real-time and enables shop floor supervisors to
check the quantity of each product. Moreover, this ERP module can be tweaked to provide access to
information to all the stakeholders — customers, employees, vendors, suppliers, and distributors. It
makes the system more agile by generating market performance reports and customer purchase trends.

9. Customer Relationship module

Owing to the growing influence of customers in business affairs, the customer relationship module has
become one of the most important ERP modules. Although a stand-alone CRM system has more
functions, the ERP software provides basic functionalities. It gathers useful customer information —
such as name, email id, past purchase behavior, previous buying history, wishlists, gender, income, age,
religious beliefs, demographic, and geographic details — and analyzes them to make custom reports.
These reports throw light on what people want and would spend their money on. Managers focus on such
reports and plan strategies. These reports indicate what products/services have the highest selling
potential. Furthermore, the CRM module also allows companies to collect customer feedback and send
personalized messages to them. It also sends automated updates regarding new product launches and
allows customers to get in touch with service agents instantly.

35