Management Information System

Basic Definitions
System

A system is a set of interrelated components working together toward a common goal by

accepting inputs and producing outputs in an organized transformation process.

Business System

A business system refers to the coordinated procedures and processes within an organization
to achieve business goals.

Information

Information is processed data that is meaningful and useful for decision-making.

Information System (IS)

An IS is a set of interrelated components that collect, process, store, and distribute

information to support decision-making and control in an organization.

Information Technology (IT)

IT includes hardware, software, databases, and networks used to manage and process
information.

Information Management

The discipline of managing information as a resource, involving collection, organization,

storage, and dissemination to support operations and decision-making.

Types of Information System according to Organizational Hierarchy

Because there are different interests, specialties, and levels in an organization, there are different kinds of systems. No single
system can provide all the information an organization needs. Figure 2-1 illustrates one way to depict the kinds of systems
found in an organization.
1. Transaction Processing System
Transaction processing systems (TPS) are the basic business
systems that serve the operational level of the organization. A
transaction processing system is a computerized system that
performs and records the daily routine transactions necessary to
conduct business. Examples are sales order entry, hotel reservation
systems, payroll, employee record keeping, and shipping.

 Operation oriented system.

 Computer based system.
 Processing of business transaction.
 Improving the routine business activities.
 Provides speed and accuracy.
 2. Management Information Systems
Management : Perform Management Factions.
Information :Meaningful data in form of information.
System :Set of interrelated element that operates collectively to
accomplish common objective.

Definations: A Management Information System (MIS) is a structured,

integrated system that collects, processes, stores, and disseminates
information to support managerial functions such as planning, organizing,
directing, and controlling within an organization.

1.Management Oriented- For all level of mgt.

2. Management Directed & Internl focused

3. Integrated -all system and subsystems.

4. Common data flow use of common input/output, procedure and media.

5. Heavy Planning element -must be present for MIS development.

6. Sub-System concept breaking the MIS into subsystems.

7. Common data base- defines as super file.

8. Computerized- increase effectiveness.

9.Supports structured decisions and reports on existing operations

10. very less analytical capabilities

3. Decision Support System

Decision-support systems (DSS) also serve the management level of
the organization. DSS help managers make decisions that are
unique, rapidly changing, and not easily specified in advance.
They address problems where the procedure for arriving at a
solution may not be fully predefined in advance. Although DSS use
internal information from TPS and MIS, they often bring in
information from external sources, such as current stock prices or
product prices of competitors.

DSS can be defined as:

 A system
 That provide tools
 to managers to assist them
 in solving semi-structured and
 Unstructured problem
 in their own way (fkexible & easy to use).

Clearly, by design, DSS have more analytical power than other systems.
They use a variety of models to analyze data, or they condense large
amounts of data into a form in which they can be analyzed by decision
makers. DSS are designed so that users can work with them directly;
these systems explicitly include user-friendly software.
4. Executive Support Systems or Executive Information Systems
Senior managers use executive support systems (ESS) to help them
make decisions. ESS serves the strategic level of the organization.
They address non-routine decisions requiring judgment,
evaluation, and insight because there is no agreed-on procedure for
arriving at a solution.

ESS is designed to incorporate data about external events, such as

new tax laws or competitors, but they also draw-summarized
information from internal MIS and DSS. They filter, compress, and
track critical data, displaying the data of greatest importance to
senior managers.

EIS DIFFER FROM TRADITIONAL INFORMATION SYSTEMS IN THE

FOLLOWING WAYS ):
1) Specially tailored
2) Access data about specific issue
3) Extensive online analysis tool
4) Access internal & external data
5) Easy to use
6) Used without assistance
7) Screen based
8) Presented information in graphical form
9) Presented report in summary format
 10) Ability to manipulate data.

Expert Systems
Definition:

An Expert System is a computer-based application that mimics the decision-making ability

of a human expert. It uses a knowledge base (facts and rules) and an inference engine
(logic) to solve complex problems or provide recommendations in a specific domain.

Purpose:

To provide expert-level solutions, advice, or diagnosis in situations where human expertise is

limited or not always available.

Business Use Cases of Expert Systems

1. Legal

 Purpose: Assist in legal research and decision-making.

 Example: Suggest legal strategies, predict court outcomes, or generate legal
documents.
 Use Case: A system that recommends legal clauses based on case facts (e.g.,
LexisNexis tools).

2. Forecasting

 Purpose: Predict trends in finance, weather, or markets using historical data and
rules.
 Example: Stock market predictions, sales forecasting, demand planning.
 Use Case: A retail system predicting future inventory needs based on past sales
patterns.

3. Surveillance

 Purpose: Monitor and analyze data for security or compliance.

 Example: Detect unusual behavior or threats using pattern recognition.
 Use Case: Airport surveillance system identifying suspicious movement based on
behavior rules.
4. Diagnostic Systems

 Purpose: Diagnose problems in medical, mechanical, or IT systems.

 Example: Identify disease based on symptoms, or detect faults in machinery.
 Use Case: A medical diagnostic system suggesting diseases based on entered
symptoms (e.g., MYCIN, IBM Watson).

5. Project Management

 Purpose: Assist in planning, risk analysis, and resource allocation.

 Example: Identify project delays or suggest optimal scheduling.
 Use Case: A system that advises project managers on resource reallocation to avoid
delays.

6. Education and Training

 Purpose: Provide personalized learning paths and feedback.

 Example: Intelligent tutoring systems.
 Use Case: A training system that adapts to the learner's pace and suggests topics
needing review (e.g., AI-driven language apps).
Other Major Systems

A. Knowledge Work Systems (KWS)

Definition:
KWS are specialized systems designed to support the creation and integration of new
knowledge in an organization.

Purpose:

 To assist professionals like engineers, scientists, doctors, architects, and

researchers in developing new knowledge.
 Encourages innovation, research, and technical design.

Key Features:

 Support tasks that require extensive data processing and analysis.

 Often include advanced graphics, modelling tools, simulation software, etc.

Examples: AutoCAD, MATLAB, Research databases.

B. Office Automation Systems (OAS)

 Definition: Systems that assist in day-to-day office tasks and communication.

 Purpose: Improve efficiency in documentation, communication, and scheduling.
 Examples: MS Word, Gmail, Google Calendar.

C. Enterprise Resource Planning (ERP)

 Definition: Integrated software that manages all core business processes in one
system.
 Purpose: Streamline operations and improve coordination between departments.
 Examples: SAP, Oracle ERP, Microsoft Dynamics.

D. Customer Relationship Management (CRM)

 Definition: Systems used to manage a company’s interactions with current and

potential customers.
 Purpose: Enhance customer service and boost sales and retention.
 Examples: Salesforce, Zoho CRM, HubSpot.
1. Controls and Control Objectives

1.1 Reasons for Controls in Business

Controls are essential in business operations to reduce risk and ensure
proper governance. They serve several purposes:

- Safeguard Assets: Prevent theft, misuse, or unauthorized access.

- Ensure Accuracy of Financial Reporting: Provide reliable data for internal

and external stakeholders.

- Promote Operational Efficiency: Streamline operations and avoid waste.

- Encourage Policy Compliance: Ensure actions align with management

and regulatory policies.

- Prevent and Detect Errors and Fraud: Act as a mechanism for monitoring
irregularities.

1.2 Control Objectives

Control objectives are targets that internal controls aim to achieve. They
are designed to:

- Ensure compliance with laws and regulations

- Confirm the validity and authorization of transactions

- Maintain the accuracy and completeness of records

- Safeguard physical and digital assets against loss or damage

1.3 Limitations of Internal Controls

While internal controls are vital, they have certain limitations:

- Human Element: People can make mistakes due to fatigue,

misunderstanding, or negligence.

- Collusion: Employees may conspire to bypass controls.

- Unusual Transactions: Non-recurring or exceptional transactions may not

follow standard processes.
1.4 Internal Controls in Small Companies
Small businesses often face challenges like limited staffing, making
traditional segregation of duties difficult. To adapt:

- Owners/managers must be actively involved in oversight.

- Simplified but robust procedures are implemented.

- Independent reviews or external audits are sought to strengthen

oversight.

1.5 Control Environment

The control environment sets the tone of an organization, influencing
control consciousness. It consists of:

- Ethical values and corporate culture

- Management's approach and behavior

- Clear organizational structure

- Assigned roles and responsibilities

- Recruitment and training practices

1.5.1 Audit Committee

An audit committee is a subset of the board of directors that provides
oversight of:

- Financial reporting process

- Internal controls

- Internal and external audit activities

Its existence promotes transparency and accountability.

1.6 The Entity's Risk Assessment Process

Risk assessment involves identifying and addressing risks that may hinder
business objectives. It includes:

- Identifying Business Risks: Recognizing risks in operations, finance, legal,

and strategy.

- Assessing Risk Significance: Determining likelihood and impact.

- Addressing the Risk: Choosing appropriate mitigation methods (controls,
insurance, avoidance).

1.7 Control Activities

These are specific actions taken to prevent or detect errors and ensure
objectives are met:

- Approvals and authorizations of transactions

- Verification and reconciliation procedures

- Segregation of duties to prevent overlap of responsibilities

- Asset protection through physical security or encryption

1.8 IT Controls
Controls related to the use of technology in business operations:

- General Controls: Apply to all systems (e.g., backup procedures, access

restrictions, software development policies).

- Application Controls: Built into specific software programs to ensure

proper data input, processing, and output.

2. Risk Management & Control of IT

2.1 Why is Information Security Important?

Information Security involves protecting digital assets from unauthorized
actions. It is essential for:

- Continuity: Prevents business disruption

- Trust: Builds confidence among customers and partners

- Compliance: Meets legal and industry regulations

- Data Protection: Safeguards intellectual property and confidential

information

2.2 Ensuring the Security of Information

Effective security systems include:
- Prevention: Firewalls, antivirus software, secure passwords

- Detection: Log analysis, intrusion detection systems

- Deterrence: Security training, disciplinary policies

- Recovery Procedures: Regular data backups, recovery protocols

- Correction Procedures: Patches, updates, and remediation steps

- Threat Avoidance: Ongoing risk assessments and vulnerability

management

2.2.1 Qualities of a Secure Information System

- Availability: Systems and data must be accessible when needed

- Confidentiality: Sensitive data must be protected from unauthorized

access

- Integrity: Data must be accurate and unchanged

- Authenticity: Sources of data and users must be verifiable

- Non-repudiation: Users cannot deny actions they have performed

- Authorization: Only permitted users can access or modify data

2.2.2 Physical Access Controls

Measures to protect physical IT infrastructure:

- Locks, badges, biometric scanners

- CCTV and on-site guards

2.2.3 Security Controls

Administrative and technical tools used to enforce security policies:

- Access control software, encryption

- Firewalls, intrusion prevention systems

2.2.4 Integrity Controls
Integrity controls are designed to ensure that data is accurate, complete,
and unaltered throughout its lifecycle. They help prevent accidental or
intentional data corruption.

Important Types of Integrity Controls:

- Data Verification: Ensures that data entered into the system matches the
source documents.

- Data Validation Techniques:

- Check Digits: A digit added to a number to validate its accuracy.

- Control Totals: Summarized totals used to verify completeness of data.

- Hash Totals: Mathematical summaries used to ensure no unauthorized

changes.

- Range Checks: Ensure data falls within a specified range (e.g., date
between 1–31).

- Limit Checks: Ensures values do not exceed pre-defined limits (e.g.,

salary below $20,000).

- Processing Checks:

- Ensure accurate processing of data through consistency and logic

checks.

- Includes sequence checks, record counts, and comparison routines.

- Output Controls:

- Verify that the results of processing are accurate and sent to the right
recipient.

- Examples: Review of printed reports, screen display validation,

distribution logs.