You are here:



Dear Sir,

Please help me on the below for my MBA Assignment

1.   Define information Technology, Discuss IT capabilities and their impact on organizations, with reference to a Bank like HDFC bank Ltd., or ICICI Bank Ltd.
2.   Distinguish between Data and Information. Give the attributes of information and illustrate the strategic information required by director (Marketing) of Tata Motors Ltd.

3.   Discuss the importance of security in I.T. / Information System and explain the various measures which could be initiated to minimize, if not eliminate altogether the threats to system security.

4.   Draw report layouts for the following and elaborate the use of these reports in the process of decision making.
a)   Stock register
b)   Pending Purchase Requisition (Submitted to Purchase dept)
c)   Material Inspection Report


Define information Technology, Discuss IT capabilities and their impact on organizations, with reference to a Bank like HDFC bank Ltd., or ICICI Bank Ltd.

Stands for "Information Technology," and is pronounced "I.T." It refers to anything related to computing technology, such as networking, hardware, software, the Internet, or the people that work with these technologies. Many companies now have IT departments for managing the computers, networks, and other technical areas of their businesses. IT jobs include computer programming, network administration, computer engineering, Web development, technical support, and many other related occupations. Since we live in the "information age," information technology has become a part of our everyday lives. That means the term "IT," already highly overused, is here to stay.

There are five dimensions of IT capability.
1. IT Infrastructure: This includes physical IT assets in terms of hardware, software and networks  on which systems are built. It provides the technical basis for carrying out IT based product and process innovation. Infrastructure also includes the extent to which the assets are integrated
2. IT Human Resources: These include technical and managerial skills of IS employees, such as
programming, systems analysis, network administration, database management, project management,
co-ordination and leadership, interaction with use community and effective management of IS
functions . These skills are highly firm specific and difficult to imitate -
hence they serve as a source of competitive advantage.
3. IT-related Intangible Resources: Sustained use of IT can lead to the creation of various intangible
benefits, which can serve as the basis for additional capabilities. For example, the effective use of CRM systems for tracking customer preferences can increase the customer orientation of the firm
Similarly, the use of knowledge management
technologies can help in knowledge formalization, consolidation and dissemination. This can lead to
the creation of inimitable knowledge assets . IT- enabled sharing of resources
can increase the flexibility of different organizational units by eliminating temporal and spatial
limitations to communications. IT enabled business process integration with partners can similarly
result in close relationships and help in collaborative commerce .
4. IT Coordination:  recognizes IT coordination as an independent construct in the
measurement of IT capability. Coordination runs the continuum from a low level, in which transaction
processing systems within different functions are independent, to a second level, in which data flows
across functions, to a third level described by processing interdependence, work flow, and the use of
IT for integrated activities such as CRM.
5. IT Governance: Governance describes the authority, control, and audit in the allocation and delivery of IT resources and services. The existence of IT governance systems has been shown to affect firm
profitability and strongly influences the value that an organization generates from IT .

BANK’S  Organizational Capability:
•   focuses on internal processes and systems for meeting customer needs
•   creates organization-specific competencies that provide competitive advantage since they are unique
•   ensures that employee skills and efforts are directed toward achieving organizational goals and strategies
Traditional Sources of Competitive Advantage:
•   Economic / financial capability: able to produce good or service at lower cost than competitors
•   Strategic / marketing capability: products or goods that differentiate a firm from its competitors, typically by “adding-value” or “product-portfolio mix.”
•   Technological capability: products or services that customers receive are innovative, high-quality, state-of-the art, typically in how they are built or delivered.
Strategic planning typically focuses on resource allocation.
Organizational capability focuses on achieving goals through employee commitment and competence.
Two criteria for competitive advantage:
1) adding perceived value to the customer
2) offering uniqueness that cannot be easily imitated by a competitor
Organizational Capability enhances perceived customer value in three ways:
1) Responsiveness: the ability of the business to understand and meet customer needs more quickly than competitors
2) Relationships: the ability of a business to develop enduring relationship between customer and employee
3) Service quality: the ability of business to design, develop and deliver service that meets or exceeds customer expectations.
Organizational Capability enhances uniqueness because it is difficult to imitate:
•   Imitation requires changing the way people think, act, and interact.
•   Social engineering of complex social processes such as culture, teamwork, leadership are neither well-understood nor easily replicated.
•   Four critical elements of capable organizations:
•   Shared mindset
•   Management practices
•   capacity for change through understanding and managing organizational systems
•   Leadership at all levels in the organization
•   Common understanding and goals of ends (strategies) and means (processes, work systems, activities)
•   Congruence between customer and employee expectations
•   Policies, programs, operating procedures, and traditions that guide work
•   Transform individual behavior to create customer satisfaction and consistency in how customer is treated
•   Complement and integrate with one another to create common expectations, behaviors, and goals
•   Ability to reduce cycle time of all activities
•   Four Principles:
o   Symbioses: ability to cope with external change; a bridge between internal action and external conditions
o   Reflexiveness: ability to learn from past experiences; self-assessment and continuous learning
o   Alignment: ability to integrate tasks, structures, processes, and systems with political, technical, and cultural aspects of the firm.
o   Self-renewal: ability to change over time successfully when needed.
•   Owns passionately a vision which is promoted both within and outside the organization
•   Translates external conditions into vision for organization and how employee must act to attain vision
•   Empowers individuals at all levels within the organization to act within his or her domain


2. Distinguish between Data and Information. Give the attributes of information and illustrate the strategic information required by director (Marketing) of Tata Motors Ltd.

Facts, statistics used for reference or analysis.
Numbers, characters, symbols, images etc., which can be processed by a computer.
Data must be interpreted, by a human or machine, to derive meaning
"Data is a representation of information" *
Latin 'datum' meaning "that which is given"
Data plural, datum singular (M150 adopts the general use of data as singular. Not everyone agrees.)
Knowledge derived from study, experience (by the senses), or instruction.
Communication of intelligence.
"Information is any kind of knowledge that is exchangeable amongst people, about things, facts, concepts, etc., in some context." *
"Information is interpreted data" *
11 Attributes of Information


1.Political (incl. Legal)   

-Environmental regulations and protection
[what  are  the  government regualtions/ protection laws  that  must be  observed ]

-Tax policies
what tax  hinder the business and what  taxes  incentives  are available]

-International trade regulations and restrictions
[ does  the  government    encourage  exports / with  high tariffs  on  imports]

-Contract enforcement law/Consumer protection
[does  the  government  enforce  on  consumer  protection ]

-Employment laws]
[ is the  government    encouraging  skilled  immigrants  with  temp. permits]

-Government organization / attitude
[ does  the  government  have  a   very  positive  attitude  towards  this   industry]

-Competition regulation
[ are  there   regulation  for  limiting  competition]

-Political Stability
[ politically ,  does the   government    have   a  very   stable  government ]

-Safety regulations
[ has  the  government      adopted  some  of  the  modern  safety regulations]

-Economic growth
[  what  is  the economic growth rate  /  what  are  the  reasons ]

-Interest rates & monetary policies
[ are  the  interest  rates    under control /  is there   a  sound  monetary  policies]

-Government spending
[is  government  spending  is  significant   and  is it   under control ]

-Unemployment policy
[what  is  the  employment / unemployment  policies  of the government ]

[  has  the  taxation    encouraged  the  industry ]

-Exchange rates
[ is   there  well  managed   exchange  controls  and  is it  helping  the  industry]

-Inflation rates
[ is  the  inflation  well   under  control ]

-Stage of the business cycle
[ is  your    industry  is  on  the   growth  pattern]

-Consumer confidence
[ is  the  consumer  confidence   is   high/ strong and  if  not, why ]


-Income distribution
[is there   balanced   income  distribution   policy ]

-Demographics, Population growth rates, Age distribution
[ what  is   population   growth  and  why ]

-Labor / social mobility
[ what   are the  labor  policies  and  is  there  labor  mobility]

-Lifestyle changes
[ are  there  significant  lifestyle   changes     taking  place--more  modernization/ why  ]

-Work/career and leisure attitudes
[ are  the  population      career  minded  and  are  seeking  better  lifestyle]

[ what  are  the  education  policies /  is  it  successful ]

-Fashion, hypes
[are  the   people    becoming  fashion  conscious ]

-Health consciousness & welfare, feelings on safety
[ are  the  people     becoming  health  consciousness]

-Living conditions
[ is the  living  conditions   improving  fast  and  spreading  rapidly]


Government research spending
[is  the  government    spending  on research  and  development]

Industry focus on technological effort
[are  the   industries    focused  on  using  improved  technology]

New inventions and development
[ are  new  inventions     being   encouraged  for  developments]

Rate of technology transfer
[ is  the  rate  of  technology  transfer  is  speeding  up ]

(Changes in) Information Technology
[ is  the   information  technology    rapidly  moving  and  is  there  government  support]

(Changes in) Internet
[ is the   internet  usage    rapidly  increasing   and  why]

(Changes in) Mobile Technology
[is  the   Mobile   technology    rapidly developing  and  is there  government  support]
5.External Assessment---

Areas for opportunities and threats

* Markets [ what  is  the market  situation, which is forcing the change requirements
*Customers [ how can service the customer -internal / external -better .          
* Industry  [ is  the  industry  trend ]
* Competition [ is  it the  competitive situation      
*Factors of  business [ causing  the change]
* Technology [ is  it  technology  change ]

Internal Assessment

Areas  for strengths, weaknesses, and barriers to success

*Culture  [ is the  working  culture  change ]
* Organization [  is the  organization  demanding  change ]
* Systems  [ is it  the  systems change ]
* Management practices  [ change in  managemement process]


*Cost efficiency[  is it for  cost efficiency ]
* Financial  performance  [ is  it for  financial  performance improvement ]
* Quality [ is  it for  quality  performance improvement
*Service [ is  it for  service   performance improvement
*Technology[ is  it for  technology   performance improvement
* Market segments [ is  it for  sales  performance improvement
* Innovation[ is  it for    performance improvement
*new products[ is  it for new product   performance improvement
*Asset condition[ is  it for  financial  performance improvement
*productivity[ is  it for  financial  performance improvement





-change  the organization  structure  to  a  matrix  format,
to  enable  the product managers  to concentrate  on
product development/ planning/ product marketing.

-change  the distribution systems  to introduce
more channels  to  widen  the  market  coverage.

[ to  stay close to  the  customers and  provide  extended service]

[ to  bring  maximum  satisfaction  to  the customers]

[to extend  the  market  coverage  and gain  sales ]

   Your   Core markets;
[defence -major customers like  mines-medium  industries]

  Your  CORE  strategic thrusts.
[ productline  extension - extended market coverage-channel  exploitation]


The arena of products, services, customers, technologies, distribution methods, and geography in which you'll compete to get results.

-CUSTOMER   behaviors
-CUSTOMER   spending
-CUSTOMER    usage
-pricing  analysis
-distribution points
-market potential / size
-geographical  spread  of   the  market
-promotional  spending  analysis
-market analysis
etc etc
-sales  analysis
-territory  analysis
-customer analysis
-distributors  sales  analysis
etc etc

-procurement  analysis
-production  cost  analysis
-production  planning
-material  analysis
-R&D  cost  analysis
-inventory  holding
-inventory  cost analysis
-transport  cost  analysis
-warehousing  cost analysis
etc etc
-budgetory  control
-expenses  analysis
-profit /  analysis
-balance sheet
-wages  analysis
-product  cost  analysis
-break even analysis
etc etc









-production  rejects  analysis
-customer  rejects  analysis
-rejection   cost  analysis
-customer complaints analysis
etc etc

1.1 Planning and organising Is there a clear mission statement? Is there a strategic plan which is understood? Is the organisation structure suited to strategies? Is the external environment monitored regularly? Is an internal analysis regularly undertaken? Are competitors monitored? Are there clearly st#d company objectives? Are there clear goals and plans for the current year? Are goals communicated throughout the organisation? Are reports timely and decision useful? Is there an unhealthy dominance by one functional area (e.g. marketing or finance)? Eh eck management team competence and business function performance.

mment on strengths and weaknesses in management.

1.2 Organisation structure

Does the structure indicate: I dual subordination? I wide spans of control? F overlapping responsibilities? F ineffectiveness? Are staff involved in decisions?
Are position and person specifications prepared
Are they regularly reviewed with staff?.
Have projected staffing needs been identified?
I diversification?
I growth?
I retirements?
I separations?
Other comments regarding:
I structure
I improvements

1.3 Motivation andmorale

Is there adequate delegation and team decision making? Is there complacency or low morale? What is the level of staff turnover? What is the level of absenteeism (check Monday and Friday absences)? Check amount of overtime worked. Check workload on key staff. Is there tolerance of poor performance? Check and comment on quality of leadership. Are there unresolved conflicts? How many hours are lost through industrial action? Why? How many hours are lost through industrial accidents? Why?

1.4 Personnel management
Review and comment on:
I recruitment procedures
I induction programs
I training programs
Review and comment upon remuneration:
I market relativity?
I award levels?
Review and comment on employee:
I performance evaluation systems
I involvement and empowerment (see earlier)
I grievance procedures
I disciplinary procedures
I health and safety programs
I union management relationships

employee opportunity plans

I promotion and staff development plans
List the key considerations (strengths and weaknesses)

and matters for follow up.


2.1 Use ratios as a diagnostic tool and comment on:

I trends
I relativeperformance with the industry

I      relative performance with benchmark enterprises.

2.2 Check accounting methods

Check classification of items:

I      which may have been capitalised rather than

I      discounts given may be treated as an expense
  or deductions from revenue

I      check distinction between current and
  non current assets

I   when is revenue 'recognised' in the accounts?
    at time of order?
    at time of delivery?
    at time of payment or progress payment?

I check inventory valuation method
I check method of calculating depreciation

I   check if assets have been revalued and method
  of revaluation.

2.3 Financing of assets

Is the industry in which the entity competes:

I   declining?

I   volatile9

What is the level of gearing?

Is the entity at the limit of its borrowing capacity? What would be the effect of.I a decline in cash flows? I loss of a major customer? Is the entity able to finance planned growth due to: I real growth rates? I inflation?

2.4 The management information system
Is performance measured against budget? What period control reports are generated? Does management understand the information? Do reports show unexplained fluctuations? Are variances: I followed up? I explained? I acted upon? Are there delays in: I producing financial reports? I recognition of losses? Do financial reports enable assessment of gross profit by product and market? Are there deteriorating trends in working capital?

2.5 Management of capital expenditure
Is a capital equipment register maintained? Is there a capital expenditure approval policy? What are the approval criteria (DCF, payback, IRR)? Is there post approval follow up? Is there excessive reliance on lease finance?

P 1  ---  Product
Marketing is about identifying,
anticipating and satisfying customer
needs. You need to be sure that your
products and services continue to meet
your customers. needs.
1. Carry out simple research by
asking your customers .
_ What they think of each
_ How satisfied are they
with the quality
_ How satisfied are they
with any support services
you may provide
_ How effective it is in
meeting their needs
_ How they see their needs
changing in the short and
long term future
2. Carry out step 1 for each product
or service you offer
3. Have a system for collecting and
analysing feedback from your
customers so that ideas are fed into
a new product development process
that is ongoing.
4. Ask yourself what stage of the
product life cycle your products or
services have reached. The .product
life cycle. is one way of looking at
how the marketing mix links
together. Products are said to go
through stages . an introductory
stage, a growth stage, a mature
stage and a decline stage. At each
stage a slightly different mix is
appropriate . see the .What you
need to know. section of this
material for more information.
5. Analyse the profitability of each
product/service you offer. For more
information on calculating this, take
a look at the 10-minute 80/20 Rule.
Which products/services make the
biggest contribution or provide the
highest profitability? What support
services do you offer with each
product? Could it be improved,
adding value with little cost?

Historically, the thinking was: a good product will sell itself. However there are no bad products anymore in today's highly competitive markets. Plus there are many laws giving customers the right to send back products that he perceives as bad. Therefore the question on product has become: does the organization create what its intended customers want? Define the characteristics of your product or service that meets the needs of your customers.
Functionality; Quality; Appearance; Packaging; Brand; Service; Support; Warranty.
P 2  ---  Price

Price generates profit so is an
important element of the mix. You
need to consider -
1. What your target group of
customers will be prepared to pay
for your product or service. It is
important not to set the price too
low as customers may think there is
something wrong with the product.
Equally, if you set the price too
high, customers may think that it
is too expensive for the benefits
offered. Think about how you have
.positioned. your product in terms
of quality. This will help you to
assess how to price it.
1. What it costs you to produce it.
This will show you what you need
to charge and not what you could
or should charge. However, if you
do not calculate what it costs you
to produce your product correctly,
the more you sell, the more you
will lose. Don.t forget to make an
allocation for costs such as selling
which are usually treated as fixed.
(See item 1 for more information.)
3. What your competitors charge.
Look at your competitors. web sites,
or simply phone them and ask for
a price list or quotation.

How much are the intended customers willing to pay? Here we decide on a pricing strategy - do not let it just happen! Even if you decide not to ask (enough) money for a product or service, you must realize that this is a conscious decision and forms part of the pricing strategy. Although competing on price is as old as mankind, the consumer is often still sensitive for price discounts and special offers. Price has also an irrational side: something that is expensive must be good. Permanently competing on price is for many companies not a very sensible approach.
List Price; Discounts; Financing; Leasing Options; Allowances.
P 3  ---  Place
.Place. is the means of distribution
you select depending on the type of
product or service you are marketing.
Your choice will impact on your pricing
and your promotion decisions.
1. Are the customers for your
products and services consumers or
businesses? If they are consumers
you will have three main options .
_ Selling to wholesalers who will
sell to retail outlets who will sell
on to the consumer
_ Selling direct to retail outlets
_ Selling direct to the customer
If your customers are businesses you
will probably sell to them direct
through your own sales force.
2. If you sell through wholesalers and
retailers, remember when you price
your products that they will each
want their own mark-up to cover
their overheads. You will also need
to promote your products and
services to all members of the
channel. Wholesalers and retailers
will have to be persuaded to stock
your product and end customers
to buy them.
3. If you are selling to businesses you
will have to cover the cost of a sales
force. This can be an expensive
overhead and will again impact
on your pricing.

Available at the right place, at the right time, in the right quantities? Some of the recent major changes in business have come about by changing Place. Think of the Internet and mobile telephones.
Locations; Logistics; Channel members; Channel Motivation; Market Coverage; Service Levels; Internet; Mobile.
P 4  ---  Promotion

The promotional mix is made up
of 5 elements:
_ advertising
_ sales promotion
_ public relations
_ direct marketing
_ personal selling
The combination of tools you use
depends on the budget you make
available, the message you wish
to communicate and the group of
customers you are targeting
(How) are the chosen target groups informed or educated about the organization and its products? This includes all the weapons in the marketing armory - advertising, selling, sales promotions, Direct Marketing, Public Relations, etc. While the other three P's have lost much of their meanings in today's markets, Promotion has become the most important P to focus on.
Advertising; Public Relations; Message; Direct Sales; Sales; Media; Budget.
P 5  ---  People
The people employed in your
organisation will determine the quality
of service your customers receive. This
is truer for services, but also impacts on
businesses making tangible products.
Happy, skilled and motivated staff make
happy customers. They are more likely
to think about the customer and deliver
good customer service if they are well
trained and are recruited for their
positive attitude to customers.
You can achieve a competitive
advantage over your competitors
through offering a high level of
pre-sales and after-sales support and
advice. Again, this can impact on the
price you set, as customers are likely to
be prepared to pay more for the service
they receive but there may be a higher
cost for you to take into account.
Identify those staff who come into
contact with customers, either face-toface
or by phone.
1. Carry out a task analysis of what
they do in terms of customer
2. Involve your staff in setting
standards for customer service.
For more information on customer
service, look at the 10-minute
Customer Service Programme.
3. Prioritise training needs
for these staff and provide
appropriate training

An essential ingredient to any service provision is the use of appropriate staff and people. Recruiting the right staff and training them appropriately in the delivery of their service is essential if the organisation wants to obtain a form of competitive advantage. Consumers make judgements and deliver perceptions of the service based on the employees they interact with. Staff should have the appropriate interpersonal skills, aptititude, and service knowledge to provide the service that consumers are paying for. Many British organisations aim to apply for the Investors In People accreditation, which tells consumers that staff are taken care off by the company and they are trained to certain standards.
P 6  ---  Process
The processes involved in delivering
your products and services to the
customer have an impact on the way in
which your customers perceive you.
1. Look at all the processes involved in
getting your products to the
customer. Start with the
identification of prospects and work
through to after-sales support. Does
any stage cause a delay? How can
you improve this?
2. Are your customers kept informed
about what is happening?
3. Do your staff keep their promises to
4. How effectively are you handling
customer complaints?

Refers to the systems used to assist the organisation in delivering the service. Imagine you walk into Burger King and you order a Whopper Meal and you get it delivered within 2 minutes. What was the process that allowed you to obtain an efficient service delivery? Banks that send out Credit Cards automatically when their customers old one has expired again require an efficient process to identify expiry dates and renewal. An efficient service that replaces old credit cards will foster consumer loyalty and confidence in the company.
P7  ---  Physical Evidence
Physical Evidence
Physical evidence is a term used to
describe the type of image that your
business portrays through its physical
presence, namely its premises, the
appearance of its staff, its vehicles, etc.
When customers do not have anything
that they can touch, see or try before
they buy, they are more likely to assess
you by the image you put across. It is
therefore particularly important if you
offer services rather than tangible
1. How tangible is the product you
market? If it is heavily dependent on
the service element (for example, a
restaurant, or hotel, or window
cleaning service, or hairdressing)
then you should pay particular
attention to this element of the mix.
Even if you are a manufacturer, this
element is important if customers
visit your premises.
2. Ensure that the image portrayed by
your organisation is consistent with
the type of product or service you
3. Look at your reception area, your
car park (are there spaces for
visitors near to the entrance), the
appearance of your delivery staff or
customer service staff, that
condition of your vehicles, etc.
Where can you make

Where is the service being delivered? Physical Evidence is the element of the service mix which allows the consumer again to make judgements on the organisation. If you walk into a restaurant your expectations are of a clean, friendly environment. On an aircraft if you travel first class you expect enough room to be able to lay down!
Physical evidence is an essential ingredient of the service mix, consumers will make perceptions based on their sight of the service provision which will have an impact on the organisations perceptual plan of the service.

People - People refer to the customers, employees, management and everybody else involved in it. It is essential for everyone to realize that the reputation of the brand that you are involved with is in the people’s hands.
Process - It refers to the methods and process of providing a service and is hence essential to have a thorough knowledge on whether the services are helpful to the customers, if they are provided in time, if the customers are informed in hand about the services and many such things.
Physical (evidence) - It refers to the experience of using a product or service. When a service goes out to the customer, it is essential that you help him see what he is buying or not. For example- brochures, pamphlets etc serve this purpose.

Consider a document containing a table of numbers indicating product sales for the quarter. As they stand, these numbers are Data. An employee reads these numbers, recognizes the name and nature of the product, and notices that the numbers are below last year’s figures, indicating a downward trend. The data has become Information. The employee considers possible explanations for the product decline (perhaps using additional information and personal judgment), and comes to the conclusion that the product is no longer attractive to its customers. This new belief, derived from reasoning and reflection, is Knowledge. Thus, information is data given context, and endowed with meaning and significance. Knowledge is information that is transformed through reasoning and reflection into beliefs, concepts, and mental models.

3. Discuss the importance of security in I.T. / Information System and explain the various measures which could be initiated to minimize, if not eliminate altogether the threats to system security.

Basic Protection:
Many security specialists focus on significant improvement to commercial information systems by encouraging basic protection mechanisms. Experts focus on the most important security processes so that clients spend their resources where there will be the greatest return on their investment. This approach is a simple application of optimization theory, from which we know that in any field, there is likely to be a small number of factors that predominate in determining results; some people refer to the Pareto Principle, claiming that 80% of everything is the result of 20% of the causal factors.
The basic problems security specialists see in the field are inadequate security policies, poor training, inadequate security awareness, bad management, improper use of security technology, inadequate maintenance of security and operating system software, and lack of computer emergency preparedness.
3.1 Policy, Power and Position
Many firms have no security policy all; others have policies that are so old that no one remembers their details (or sometimes even their location). Policies are an expression of an organization's values; if security is relegated to shelfware, employees will act accordingly. Too often, security is an after-thought; someone is assigned the task of managing security but lacks defined responsibilities, has no authority, and can serve solely as a figurehead. One of the most innovative measures in the industry is the recognition of information systems security as a responsibility equivalent to stewardship of financial resources or of operations. The Chief Information Security Officer (CISO) reports at the same institutional level as the CEO, CFO, and CIO. Making the information security officer report to the head of information technology is a conflict of interest; one would not want the chief auditor to report to the head of financial operations; the same principle of separation of duties should apply to security.
3.2 Training & Awareness
Some organizations make new employees go through training in their first weeks on the job. unfortunately, fewer organizations bother to continue the process of training. Even if technology were not constantly changing, it would make sense to refresh the memory of employees on critical issues such as security. In addition to formal courses, employees should be stimulated to consider security an intrinsic component of their work. Like quality, security is a process, not an end-point. We know that many intrusions or abuses of secured systems are accomplished by so-called social engineering: employees are too often willing to give away valuable information to strangers in response to a personable voice and friendly tone. It is lack of awareness that allows criminals to take advantage of innocent and overly trusting people. Security awareness programs should involve committed, repeated germane examples in of security violations in organizational newsletters or bulletins, and occasional security drills that can be turned into an enjoyable exercise in perspicacity and intelligent response.
3.3 Hiring, Management & Firing
Although management issues such as hiring and firing are not as exciting as criminal hackers and industrial spies, it remains true that an organization's security is in a hands of its employees. All applicants for positions with responsibilities for or even contact with corporate information systems should have their backgrounds thoroughly verified. Managers should remain sensitive to changes in behavior in their employees; the classic sign of crooked employees is exaggerated fear of being absent from the systems they are diddling. All employees should be required to take their vacations; one wants to see that systems continue functioning normally in the absence of any specific person. When employees, contractors or subcontractors are fired, it is essential that information security staff protect corporate resources against future unauthorized access by these ex-employees.
3.4 System Administration
This is not a place to discuss technical aspects of security in detail. Managers should fulfill their legal and professional obligations by supporting technical staff at least for basic system hygiene: establishing a sound security architecture; staying up to date in the versions of security software and operating systems; monitoring intrusions using widely available auditing and intrusion-detection software; and establishing computer emergency response teams so that the organization can intelligently respond to accidents and attacks. Managers may also want to investigate the growing number of security assessment or evaluation services.
3.5 Establish Effective Security Configuration
Any system with links to the Internet should have a properly-configured firewall to implement security policies governing access to corporate data. A firewall is a device that filters packets to and from the Internet, allowing control over what kinds of commands can be carried out on corporate systems by remote users. Many firewalls are improperly configured; many Internet-visible systems are often undocumented and therefore poorly protected. Another frequent problem in network design is that there are no internal barriers to access; firewalls should be placed strategically within an organization to reduce violations of security policies by employees and to limit the damage that can be caused if the external firewalls are breached.
3.6 Maintain Software
Perhaps the single most important problem we face in managing security is that system personnel fail to keep their software up to date. Every system manager must subscribe to the alert services from their vendors and from the Computer Emergency Response Team Coordination Center (CERT-CC at <>) and must implement all security patches as soon as possible. Almost all the intrusions carried out by criminal hackers take advantage of known vulnerabilities; failing to heed the free warnings from CERT-CC and one's own vendors is simply asking for trouble. In my opinion as a non-lawyer, such failure to keep current constitutes negligence.
3.7 Detect Security Breaches
One of the changes in the security paradigm over the last few years has been a realization that we will not succeed in achieving perfect security. Our perimeters will be breached; authorized personnel will make mistakes; there will occasionally be problems stemming from dishonesty or from revenge. It is therefore appropriate for us to detect such breaches and be prepared to respond intelligently to them.
The least responsive approach to detecting problems is to examine log files or audit trails. The disadvantage of this approach is that one detects problems long after they have occurred. A better tool — one that complements a good audit trail — is a modern intrusion-detection system. These software tools identify unusual patterns of system use. Depending on their sensitivity, they can flag anomalous behavior by internal personnel (e.g., having an accountant login to the financial system at three in the morning) as well as spotting intruders by recognizing attack profiles. Such software can be programmed to alert system management to a potential problem using a variety of tools; e.g., alarms, e-mail, pagers and even telephone calls.
3.8 Respond Intelligently
There is no point in detecting a problem if we don't have a response in hand. A computer emergency response team (an internal CERT — distinct from the CERT-CC) should be in place before there is a direct need for it; an emergency is hardly the time during which to define and refine procedures. The CERT should include legal staff with expertise event damaging the evidence that law enforcement will require for effective prosecution of the malefactors. Emergency response involves more than a technical battening down of the electronic hatches; organizations should prepare for liaison with law enforcement authorities and have a well-organized public relations plan to keep employees, stockholders, and the public accurately informed of events when conditions allow such disclosure. Some organizations include mechanisms for entrapping external attackers in simulated areas with supposedly sensitive information; these so-called honeypots give the CERT and law enforcement experts more time to locate the intruders and plan for their arrest. All of these plans have to be sought through and tested many times for they are used. Ideally, the CERT will be part of the corporate disaster recovery team because so much of their work will overlap. However, many aspects of the CERT plans must remain secret to maintain effectiveness against internal attackers.
3.9 Use Independent Security Evaluations
Many organizations recognize the benefits of using formal guidelines and methodologies from neutral third parties in establishing their security policies. Some groups have never developed policies; others have been unable to devote enough time to maintaining those policies. Sometimes the information technology staff lack expertise in information security; other times upper management have refused to support the measures known by the staff to be important for protecting corporate information assets. In all these cases, external organizations such as consultants, professional associations and certifying authorities can serve a useful purpose to alter the corporate culture and make the best use of security expertise.
4 Concluding Comments
In summary, managers must understand that security cannot come by buying and installing a gadget, no matter how good. Security is a process, much like quality assurance. Security can and must be woven into the corporate culture of every organization, with due attention to the changing landscape of market advantage, threats, vulnerabilities, risks of damage and extent of damage.

The Importance of IT Security
Due to advances in technology, communicaton and the university's decentralizd nature, it is increasingly difficult to ensure that this information is provided in such a way that its integrity is ensured.
To protect  COMPANY  integrity
To protect COMPANY  assets.
Assets are not just physical computing hardware, but include the information stored on computers and networks. Years of critical research data, personal information and sensitive documents can be lost or destroyed without a plan for securing them and a good backup and recovery plan.
How many research grants would be awarded to the ORG. if data were compromised on a routine basis? How many distinguished professors would seek University employment if the computing environment was unreliable? Developing and maintaining effective security measures enables trust and stability of a great university.
To comply with regulatory requirements and fiduciary responsibility
COMPANY  leadership has responsibility to ensure the safety and soundness of its organizations. The protection and management of of non-public personal information (NPPI) must comply with a variety of state, federal and COMPANY  laws. Accurate and reliable reporting according to these laws has an impact on the ORGANIZATIONAL and financial health of the COMPANY . Failure to comply with these guidelines can have direct effects on the COMPANY’s ability to do business and continue its mission.
To improve efficiency
Good security practices can be a force multiplier. By integrating security tasks into job descriptions; installing and updating anti-virus software to local desktops and servers; backing-up important files and storing them in a secure offsite location; insuring processes and procedures are in place; and educating the user population about responsibilities pit falls and time lost by system compromises can be avoided. Although no system connected to the network is 100% secure, your ability to rapidly recover from a compromise can make the difference in the department’s productivity.
Information technology and computing pervades every aspect of daily life. Collectively, we use technology to teach and learn, to communicate and collaborate, to manage operations and finances, to access and deliver information and services. However, in this age of dynamic technological change, COMPANY’S  are prime targets for compromise. Information security experts acknowledge the importance of policies in helping to mitigate liability, reduce costs, cope with regulations and assure proper audit and control procedures for securing our critical infrastructure and assets. Confidentiality, integrity and availability are the three predominant principles of information protection. Compromising these principles leaves systems in jeopardy.
Expected Standards
organizational structure is decentralized and departments are responsible for many administrative operations. Expectations:
•   Be responsible and accountable.
•   Be good stewards of COMPANY  assets, revenues, and resources.
•   Conduct their work with integrity and high ethical values.
•   Exercise sound judgment
Best Practices
A department security posture and plan should be established and policies created to address security concerns and other IT issues such as:
•   Remote access
•   Equipment/software removal
•   Acceptable software
•   File-sharing
•   System/file access
•   Document and log retention
•   Back-up of critical information/systems
•   Virus protection
•   Competent primary and backup personnel
•   Clear and complete job descriptions
•   Proper operating procedures
•   Training
•   Segregation of duties
•   Proper design of controls
•   Disaster planning and recovery
IT planning should include roles & responsibilities which will support the use of information technology.
Provide staff access to only necessary accounts and non-public personal information (NPPI) discuss roles and responsibilities. Appoint staff to back-up these individuals.
Identify a departmental Systems Administrator and/or Unit Computing Specialist to accept responsibility (under your direction) for the care and maintenance of your systems. Discuss your department's security posture, policies, roles and responsibilities. Work with through the Security Q & A Project with your technical staff to understand and direct the basics of IT security.
4. Draw report layouts for the following and elaborate the use of these reports in the process of decision making.
a) Stock register

Stock balance record
A very simple stock register, where stock changes can be entered manually, can be created using an Excel spreadsheet.

The following example uses a PLU, or stock code, a stock description, a minimum stock level, stock in, stock out and a field displaying the total stock balance.

After opening a new blank workbook, type the name for each column into the first row, ie in field A1 type PLU, B1 is Description, in C1 type Minimum_Stock, D1 is Stock_in, E1 for Stock_out and F1 is Current_Stock.

Next, enter the first PLU, description etc in the second row. Enter incoming stock in the next column, then stock going out. The current stock column needs a formula. Double click on the field, then type =SUM(C2:D2)-E2 into it.

For the next row, the formula entered has to be =SUM(C3:D3)-E3, the =SUM(C4:D4)-E4, etc. Alternatively, highlight column F and type Current_Stock!(C:D)-E. This saves a lot of time as it applies the formula to all rows at once. The value for each row will then be automatically inserted.

A completed row will look like this, for instance:

PLU Description Minimum_Stock Stock_In Stock_Out Current_Balance(C:D)-E
123 Watnot 5 10 2 13

As in or outgoing stock are entered, the current stock will be adjusted automatically. Clicking on 'Data' at the top of the screen and selecting 'Form' will produce a small panel displaying a single PLU at a time. Entering the required PLU will bring up the corresponding data and entries can be made without searching through the whole sheet.

b) Pending Purchase Requisition (Submitted to Purchase dept)

The purchase requisition status is displayed on the purchase requisition header in the Purchase requisitionsform. The following table describes the various statuses that purchase requisitions can have until they are approved.
Status   Description
Draft    The purchase requisition was created, but not yet submitted to Workflow, or the purchase requisition was recalled from Workflow.
Submitted    The purchase requisition was submitted to Workflow. At this point, no pending approval or task has been created.
Pending completion    The purchase requisition was submitted, resubmitted, or delegated, but the completion task has not been carried out.
Pending request for quote    A request for quote was created based on the purchase requisition, but no request for quote reply has been received.
Completed    The completion task for the purchase requisition has been completed in Workflow.
Pending approval    The purchase requisition was submitted, resubmitted, or delegated, and is awaiting approval.
Rejected    The purchase requisition was rejected.
Change requested    A change was requested for the purchase requisition, and was sent to a user.
Approved    The purchase requisition was approved in Workflow.
A purchase requisition reaches the status of Approved, when the approval is performed in Workflow.
Approved statuses
When the purchase requisition is approved and purchase order lines are created (referenced) from purchase requisition lines, the purchase requisitions has different types of Approvedstatuses, depending on the status of the purchase order lines. The status of the purchase requisition is the highest status from the purchase requisition lines.
The following table describes the various statuses that purchase requisitions can have when they are approved. The table lists the statuses from lowest to highest.
Status   Description
Approved - Cancelled    All purchase requisition lines have references to purchase order lines with a status of Cancelledor to deleted purchase order lines.
The Cancelledstatus is the lowest possible status.

Approved - Partially cancelled    At least one purchase requisition line has a reference to a purchase order line with a status of Cancelled, and purchase order lines have not yet been created for one or more purchase requisitions.
Approved - Partially ordered    At least one purchase requisition line has a reference to a purchase order line with a status of Open order. No other purchase order line that is referenced from the purchase requisition has a status higher than Open order. One or more purchase requisition lines have not yet resulted in purchase order lines, or the purchase order lines were canceled or deleted.
Approved - Ordered    At least one purchase requisition line has a reference to a purchase order line with a status of Open order. All other lines have a status of Cancelledor were deleted. No other purchase order line that is referenced from the purchase requisition has a status higher than Open order.
Approved - Partially received    At least one purchase requisition line has a reference to a purchase order with a status of Received. No other purchase order line that is referenced from the purchase requisition has a status higher than Received.
Approved - Received    At least one purchase requisition line has a reference to a purchase order line with a status of Received. All other lines have a status of Cancelled. No other purchase order line that is referenced from the purchase requisition has a status higher than Received.
Approved - Partially invoiced    At least one purchase requisition line has a reference to a purchase order line with a status of Invoiced.
Approved - Invoiced    At least one purchase requisition line has a reference to a purchase order line with a status of Invoiced. All other lines have a status of Cancelled.

Purchase order line status - Line 1   Purchase order line status - Line 2   Purchase order line status - Line 3   Purchase requisition status
Cancelled    Cancelled    Cancelled    Approved - Cancelled
Cancelled    Cancelled    Purchase requisition line is Approved, and is pending purchase order creation   Approved - Partially cancelled
Cancelled    Cancelled    Open order    Approved - Ordered
Cancelled    Cancelled    Received    Approved - Received
Cancelled    Cancelled    Invoiced.   Approved - Invoiced
Cancelled    Purchase requisition line is Approved, and is pending purchase order creation   Purchase requisition line is Approved, and is pending purchase order creation   Approved - Partially cancelled
Cancelled    Purchase requisition line is Approved, and is pending purchase order creation   Open order    Approved - Partially ordered
Cancelled    Purchase requisition line is Approved, and is pending purchase order creation.   Received    Approved - Partially received
Cancelled    Purchase requisition line is Approved, and is pending purchase order creation   Invoiced.   Approved - Partially invoiced
Cancelled    Open order    Open order    Approved - Ordered
Cancelled    Open order    Received    Approved - Partially received
Cancelled    Open order    Invoiced    Approved - Partially invoiced
Cancelled    Received    Received    Approved - Received
Cancelled    Received    Invoiced.   Approved - Partially invoiced
Cancelled    Invoiced    Invoiced    Approved - Invoiced
Purchase requisition line is Approved, and is pending purchase order creation.   Purchase requisition line is Approved, and is pending purchase order creation   Purchase requisition line is Approved, and is pending purchase order creation   Approved
Purchase requisition line is Approved, and is pending purchase order creation   Purchase requisition line is Approved, and is pending purchase order creation   Open order    Approved - Partially ordered
Purchase requisition line is Approved, and is pending purchase order creation   Purchase requisition line is Approved, and is pending purchase order creation   Received    Approved - Partially received
Purchase requisition line is Approved, and is pending purchase order creation   Purchase requisition line is Approved, and is pending purchase order creation   Invoiced.   Approved - Partially invoiced
Purchase requisition line is Approved, and is pending purchase order creation   Open order    Open order    Approved - Partially ordered
Purchase requisition line is Approved, and is pending purchase order creation   Open order    Received    Approved - Partially received
Purchase requisition line is Approved, and is pending purchase order creation.   Open order    Invoiced.   Approved - Partially invoiced
Purchase requisition line is Approved, and is pending purchase order creation   Received    Received    Approved - Partially received
Purchase requisition line is Approved, and is pending purchase order creation.   Received    Invoiced.   Approved - Partially invoiced
Purchase requisition line is Approved, and is pending purchase order creation   Invoiced.   Invoiced.   Approved - Partially invoiced
Open order    Open order    Open order    Approved - Ordered
Open order    Open order    Received    Approved - Partially received
Open order    Open order    Invoiced.   Approved - Partially invoiced
Open order    Received    Received    Approved - Partially received
Open order    Received    Invoiced.   Approved - Partially invoiced
Open order    Invoiced.   Invoiced.   Approved - Partially invoiced
Received    Received    Received    Approved - Received
Received    Received    Invoiced.   Approved - Partially invoiced
Received    Invoiced.   Invoiced.   Approved - Partially invoiced
Invoiced.   Invoiced.   Invoiced.   Approved - Invoiced

c) Material Inspection Report
The Material Inspection Receiving Report provides you information about incoming material inspection at the shop and site.
This report applies in shop and site inspections and controls all incoming materials to the shop and site for construction.
As soon as equipment and material are delivered at shop/site, the receiving inspection must be performed by the material controller. After the receiving inspection, the material controller shall prepare the Material Receiving Report.
If any loss, damage or quality faults are found, a Shortage/Damage or Non-conformity Report shall be made and reported to the shop/site manager using a " Shortage/Damage or Nonconformity Report”.
This report is tabulated form and contain following information:
•   Proforma Invoice No.:
•   Purchase Order No.:
•   Inspection Notice No.:
•   Location:
•   Item No.:
•   Material Description:
•   Condition of Packing: Good ( ), Not Good ( ), Remark:
•   Condition of Contents: Good ( ), Not good ( ), Remark:
•   Quality of Contents: Good ( ), Not good ( ), Remark:
•   Spare of Contents:
•   Comments and Recommendations:
•   Distribution of Report to:Material controlling, Project planning, production/ site management
When there is non-conformance in received material, the material must be marked or tagged. A non-conformance report showing the cause and recommended corrective action must be prepared by quality control/inspector.
Minor nonconformance might be accepted by the shop/site authority. For major non-conformities, the material may either be returned or corrected by approved repair procedure.
Required inspection in sufficient details must be done during the execution of repairs.  

Management Consulting

All Answers

Answers by Expert:

Ask Experts


Leo Lingham


management consulting process, management consulting career, management development, human resource planning and development, strategic planning in human resources, marketing, careers in management, product management etc


18 years working managerial experience covering business planning, strategic planning, corporate planning, management service, organization development, marketing, sales management etc


24 years in management consulting which includes business planning, strategic planning, marketing , product management,
human resource management, management training, business coaching,
counseling etc




©2016 All rights reserved.