1(a) Data analytics initiatives support a wide variety of business use,
- Banking and credit card companies analyse withdrawal and spending patterns to prevent fraud and identity theft.
- E commerce companies and marketing services providers do click stream analysis to identify website visitors who are more likely to buy a product.
Mobile network operators examine customer data to forecast so they can take steps to prevent defections to business rivals
- Healthcare organizations mine patient data to evaluate the effectiveness of treatments for cancer and other diseases.
1(b) Types of Mortgage Loan
• Home Loan: This is a traditional mortgage where customer has an option of selecting fixed or variable rate of interest and is provided for the purchase of property. Top Up Loan: Here the customer already has an existing loan and is applying for additional amount either for refurbishment or renovation of the house.
• Loans for Under Construction Property: In case of under construction properties, the loan is disbursed in tranches / parts as per construction plan.
2(a)
Major Update Controls are as follows:
♦ Sequence Check between Transaction and Master Files Synchronization and the correct sequence of processing between the master file and transaction file is critical to maintain the integrity of
updating, insertion or deletion of records in the master file with respect to the transaction records. If errors, in this stage are overlooked, it leads to corruption of the critical data.
♦ Ensure All Records on Files are processed: While processing, the transaction file records mapped to the respective master file, and the end-of-file of the transaction file with respect to the end-of-file of the
master file is to be ensured.
♦ Process multiple transactions for a single record in the correct order: Multiple transactions can occur based on a single master record (e.g. dispatch of a product to different distribution centers). Here, the order in which transactions are processed against the product master record must be done based on a sorted transaction codes.
Major Report Controls are as follows:
♦ Standing Data: Application programs use many internal tables to perform various functions like gross pay calculation, billing calculation based on a price table, bank interest calculation etc. Maintaining
integrity of the pay rate table, price table and interest table is critical within an organization.
♦ Print-Run-to Run Control Totals: Run-to-Run control totals help in identifying errors or irregularities like record dropped erroneously from a transaction file, wrong sequence of updating or the application
software processing errors.
♦ Print Suspense Account Entries: Similar to the update controls, the suspense account entries are to be periodically monitors with the respective error file and action taken on time.
2(b) Risk management stratergies
♦ Tolerate/Accept the risk. One of the primary functions of management is managing risk. Some risks may be considered minor because their impact and probability of occurrence is low. In this case, consciously accepting the risk as a cost of doing business is appropriate. The risks should be reviewed periodically to ensure that their impact remains low.
♦ Terminate/Eliminate the risk. It is possible for a risk to be associated with the use of a technology, supplier, or vendor. The risk can be eliminated by replacing the technology with more robust products and by seeking more capable suppliers and vendors.
♦ Transfer/Share the risk. Risk mitigation approaches can be shared with trading partners and suppliers. A good example is outsourcing infrastructure management. In such a case, the supplier mitigates the risks associated with managing the IT infrastructure by being more capable and having access to more highly skilled staff than the primary organization. Risk also may be mitigated by transferring the cost of realized risk to an insurance provider.
♦ Treat/Mitigate the risk. Where other options have been eliminated, suitable controls must be devised and implemented to prevent the risk from manifesting itself or to minimize its effects.
♦ Turn back. Where the probability or impact of the risk is very low, then management may decide to ignore the risk.
3(a) Benefits of an ERP System
♦ Information integration: The reason ERP systems are called integrated is because they possess the ability to automatically update data between related business functions and components. For example - one needs to only update the status of an order at one place in the order-processing system; and all the other components will automatically get updated.
♦ Reduction of Lead-time: The elapsed time between placing an order and receiving it is known as the Lead-time. The ERP Systems by virtue of their integrated nature with many modules like Finance, Manufacturing, Material Management Module etc.; the use of the latest technologies like EFT (Electronic Fund Transfer), EDI (Electronic Data Interchange) reduce the lead times and make it possible for the organizations to have the items at the time they are required.
♦ On-time Shipment: Since the different functions involved in the timely delivery of the finished goods to the customers- purchasing, material management production, production planning, plant maintenance, sales and distribution – are integrated and the procedures automated; the chances of errors are minimal and the production efficiency is high. Thus, by integrating the various business functions and automating the procedures and tasks the ERP system ensures on-time delivery of goods to the customers.
♦ Reduction in Cycle Time: Cycle time is the time between placement of the order and delivery of the product. In an ERP System; all the data, updated to the minute, is available in the centralized database and all the procedures are automated, almost all these activities are done without human intervention. This efficiency of the ERP systems helps in reducing the cycle time.
♦ Improved Resource utilization: The efficient functioning of the different modules in the ERP system like manufacturing, material management, plant maintenance, sales and distribution ensures that the inventory is kept to a minimum level, the machine down time is minimum and the goods are produced only as per the demand and the finished goods are delivered to the customer in the most efficient way. Thus, the ERP systems help the organization in drastically improving the capacity and resource utilization.
♦ Better Customer Satisfaction: Customer satisfaction means meeting or exceeding customers‘ requirement for a product or service. With the help of web-enabled ERP systems, customers can place the order, track the status of the order and make the payment sitting at home. Since all the details of the product and the customer are available to the person at the technical support department also, the company will be able to better support the customer.
♦ Improved Supplier Performance: ERP systems provide vendor management and procurement support tools designed to coordinate all aspect of the procurement process. They support the organization in its efforts to effectively negotiate, monitor and control procurement costs and schedules while assuring superior product quality. The supplier management and control processes are comprised of features that will help the organization in managing supplier relations, monitoring vendor activities and managing supplier quality.
♦ Increased Flexibility: ERP Systems help the companies to remain flexible by making the company information available across the departmental barriers and automating most of the processes and procedures, thus enabling the company to react quickly to the changing market conditions.
♦ Reduced Quality Costs: Quality is defined in many different ways- excellence, conformance to specifications, fitness for use, value for the price and so on. The ERP System’s central database eliminates redundant specifications and ensures that a single change to standard procedures takes effect immediately throughout the organization. The ERP systems also provide tools for implementing total quality management programs within an organization.
♦ Better Analysis and Planning Capabilities: Another advantage provided by ERP Systems is the boost to the planning functions. By enabling the comprehensive and unified management of related business functions such as production, finance, inventory management etc. and their data; it becomes possible to utilize fully many types of Decision Support Systems (DSS) and simulation functions, what-if analysis and so on; thus, enabling the decisionmakers to make better and informed decisions.
3(b) To develop security architecture, following constraints consideration from the characteristics of grid environment and application.
♦ Secured Single Sign-on: Most of the distributed computing systems use identity-based, username and password, authentication and authorization control for accessing a computing system. To access resources from different administrative domains having different security mechanisms, the user needs to authenticate him/her to different domains. This is a very irritating and time-consuming process.
To resolve this issue, a mechanism should be established in which a user authenticates once only (e.g., at the point of starting a computation) and they are be able to acquire resources, use them, and release them and to communicate internally without any further authentication.
♦ Resource Management: Grid resources are from different administrative domains that have their own local resource managers and a grid does not have full control of these resources. Allocation of resources to co-users, prioritizing local jobs over system jobs, and managing these resources without ownership is a big issue.
♦ Data Management: The users’ data-intensive, high-performance computing applications in grid computing require the efficient management and transfer of huge data. Providing secure, efficient, and transparent access to distributed, heterogeneous pool of data is a big issue in grid computing.
♦ Management and Protection of Credentials: The multiple different systems involved in grid computing require different credentials to access them. The credential management and protection of users’ credentials such as passwords are big issues involved in grid computing.
♦ Interoperability with local security solutions: The grid security mechanism may provide access to different domains with a single sign-on, the access to a local resource will typically be determined by a local security policy at a local level. It is very difficult to modify every local resource to accommodate inter-domain accesses. Hence, despite of modifying every local resource there is an inter-domain security server for providing security to local resource.
♦ Standardization: Grid computing as a highly integrated system involves multi-purpose protocols and interfaces to resolve the issues explained above. Standardizing these protocols and interfaces is a big issue in grid computing.
♦ Exportability: The code should be exportable i.e. they cannot use a large amount of encryption at a time. There should be a minimum communication at a time.
♦ Support for secure group communication: In a communication, there are number of processes which coordinate their activities. This coordination must be secure and for this there is no such security policy.
♦ Support for multiple implementations: There should be a security policy which should provide security to multiple sources based on public and private key cryptography.
4(a) Some of the common IT risks related to CBS are as follows:
o Ownership of Data/ process: Data resides at the Data Centre. Establish clear ownership so that accountability can be fixed and unwanted changes to the data can be prevented.
o Authorization process: Anybody with access to the CBS, including the customer himself, can enter data directly. What is the authorization process? If the process is not robust, it can lead to unauthorized access to the customer information.
o Authentication procedures: Usernames and Passwords, Personal Identification Number (PIN), One Time Password (OTP) are some of the most commonly used authentication methods. However, these may be inadequate and hence the user entering the transaction may not be determinable or traceable.
o Several software interfaces across diverse networks: A Data Centre can have as many as 75-100 different interfaces and application software. A data center must also contain adequate infrastructure, such as power distribution and supplemental power subsystems, including electrical switching; uninterruptable power supplies; backup generators and so on. Lapse in any of these may lead to real-time data loss.
o Maintaining response time: Maintaining the interfacing software and ensuring optimum response time and up time can be challenging.
o User Identity Management: This could be a serious issue. Some Banks may have more than 5000 users interacting with the CBS at once.
o Access Controls: Designing and monitoring access control is an extremely challenging task. Bank environments are subject to all types of attacks; thus, a strong access control system is a crucial part of a bank’s overall security plan. Access control, however, does vary between branch networks and head office locations.
o Incident handling procedures: Incident handling procedures are used to address and manage the aftermath of a security breach or cyberattack. However, these at times, may not be adequate considering the need for real-time risk management.
o Change Management: Though Change management reduces the risk that a new system or other change will be rejected by the users; however, at the same time, it requires changes at application level and data level of the database - Master files, transaction files and reporting software.
4(b) Characteristics of Public Cloud
♦ Highly Scalable: The resources in the public cloud are large in number and the service providers make sure that all requests are granted. Hence public clouds are scalable.
♦ Affordable: The cloud is offered to the public on a pay-as-you-go basis; hence the user has to pay only for what he or she is using (using on a per-hour basis). And this does not involve any cost related to the deployment.
♦ Less Secure: Since it is offered by a third party and they have full control over the cloud, the public cloud is less secure out of all the other deployment models.
♦ Highly Available: It is highly available because anybody from any part of the world can access the public cloud with proper permission, and this is not possible in other models as geographical or other access restrictions might be there.
♦ Stringent SLAs: As the service provider’s business reputation and customer strength are totally dependent on the cloud services, they follow the SLAs strictly and violations are avoided.
5(a) ERM framework consists of eight interrelated components that are derived from the way management runs a business and are integrated with the management process. Six of these components are as follows:
(i) Information and Communication: Relevant information is identified, captured and communicated in a form and time frame that enables people to carry out their responsibilities. Information is needed at all levels of an entity for identifying, assessing and responding to risk. Effective communication also should occur in a broader sense, flowing down, across and up the entity. Personnel need to receive clear communications regarding their role and responsibilities.
(ii) Objective Setting: Objectives should be set before management can identify events potentially affecting their achievement. ERM ensures that management has a process in place to set objectives and that the chosen objectives support and align with the entity’s mission/vision and are consistent with the entity’s risk appetite.
(iii) Event Identification: Potential events that might have an impact on the entity should be identified. Event identification includes identifying factors – internal and external – that influence how potential events may affect strategy implementation and achievement of objectives. It includes distinguishing between potential events that represent risks, those representing opportunities and those that may be both. Opportunities are channeled back to management’s strategy or objective-setting processes. Management identifies interrelationships between potential events and may categorize events to create and reinforce a common risk language across the entity and form a basis for considering events from a portfolio perspective.
(iv) Risk Assessment: Identified risks are analyzed to form a basis for determining how they should be managed. Risks are assessed on both an inherent and a residual basis, and the assessment considers both risk likelihood and impact. A range of possible results may be associated with a potential event, and management needs to consider them together.
(v) Risk Response: Management selects an approach or set of actions to align assessed risks with the entity’s risk tolerance and risk appetite, in the context of the strategy and objectives. Personnel identify and evaluate possible responses to risks, including avoiding, accepting, reducing and sharing risk.
(vi) Control Activities: Policies and procedures are established and executed to help ensure that the risk responses that management selected are effectively carried out.
5(b)(i)
Preventive Controls: These controls prevent errors, omissions, or security incidents from occurring.
Detective Controls: These controls are designed to detect errors, omissions or malicious acts that occur and report the occurrence.
5(b)(ii)
A variety of activities are executed by Operating systems which include:
♦ Performing hardware functions: Operating System acts as an intermediary between the application program and the hardware by obtaining input from keyboards, retrieve data from disk and display output on monitors.
♦ User Interfaces: Nowadays, Operating Systems are Graphic User Interface (GUI) based which uses icons and menus like in the case of Windows. GUI objects include icons, cursors, and buttons that change color, size, or visibility when the user interacts with them. A GUI displays objects that convey information and represent actions that can be taken by the user.
or
Cryptography: It deals with programs for transforming data into cipher text that are meaningless to anyone, who does not possess the authentication to access the respective system resource or file. A cryptographic technique encrypts data (clear text) into cryptograms (cipher text) and its strength depends on the time and cost to decipher the cipher text by a cryptanalyst.
Three techniques of cryptography are transposition (permute the order of characters within a set of data), substitution (replace text with a key-text) and product cipher (combination of transposition and substitution).
6 Differentiation Strategy
To achieve differentiation, following strategies could be adopted by an organization;:
1. Offer utility to the customers and match products with their tastes and preferences.
2. Elevate/Improve performance of the product.
3. Offer the high quality product/service for buyer satisfaction.
4. Rapid product innovation to keep up with dynamic environment.
5. Taking steps for enhancing brand image and brand value.
6. Fixing product prices based on the unique features of product and buying capacity of the customer.
7(a) Divisional structure
A divisional structure has some clear advantages. First and the foremost, accountability is clear. That is, divisional managers can be held responsible for sales and profit levels. Because a divisional structure is based on extensive delegation of authority, managers and employees can easily see the results of their good or bad performances. As a result, employee morale is generally higher in a divisional structure than it is in centralized structure. Other advantages of the divisional design are that it creates career development opportunities for managers, allows local control of local situations, leads to a competitive climate within an organization, and allows new businesses and products in be added easily.
The divisional design is not without some limitations. Perhaps the most important limitation is that a divisional structure is costly, for a number of reasons. First, each division requires functional specialists who must be paid. Second, there exists some duplication of staff services, facilities, and personnel; for instance, functional specialists are also needed centrally (at headquarters) to coordinate divisional activities. Third, managers must be well qualified because the divisional design forces delegation of authority better-qualified individuals requires higher salaries. A divisional structure can also be costly because it requires an elaborate, headquarters-driven control system. Finally, certain regions, products, or customers may sometimes receive special treatment, and It may be difficult to maintain consistent, company wide practices. Nonetheless, for most large organizations and many small firms, the advantages of a divisional structure more than offset the potential limitations.
7(b) Strategic Control
According to Schendel and Hofer “Strategic control focuses on the dual questions of whether: (1) the strategy is being implemented as planned; and (2) the results produced by the strategy are those intended.” There is often a time gap between the stages of strategy formulation and its implementation. A strategy might be affected on account of changes in internal and external environments of organisation. There is a need for warning systems to track a strategy as it is being implemented. Strategic control is the process of evaluating strategy as it is formulated and implemented. It is directed towards identifying problems and changes in premises and making necessary adjustments.
Premise control: A strategy is formed on the basis of certain assumptions or premises about the complex and turbulent organizational environment. Over a period of time these premises may not remain valid. Premise control is a tool for systematic and continuous monitoring of the environment to verify the validity and accuracy of the premises on which the strategy has been built. It primarily involves monitoring two types of factors:
(i) Environmental factors such as economic (inflation, liquidity, interest rates), technology, social and legal-regulatory.
(ii) Industry factors such as competitors, suppliers, substitutes. It is neither feasible nor desirable to control all types of premises in the same manner. Different premises may require different amount of control. Thus, managers are required to select those premises that are likely to change and would severely impact the functioning of the organization and its strategy.
8(a) The following guidelines can be used to help make this decision:
♦ If the rate of technical progress is slow, the rate of market growth is moderate, and there are significant barriers to possible new entrants, then in-house R&D is the preferred solution. The reason is that R&D, if successful, will result in a temporary product or process monopoly that the company can exploit.
♦ If technology is changing rapidly and the market is growing slowly, then a major effort in R&D may be very risky, because it may lead to the development of an ultimately obsolete technology or one for which there is no market.
♦ If technology is changing slowly but the market is growing quickly, there generally is not enough time for in-house development. The prescribed approach is to obtain R&D expertise on an exclusive or nonexclusive basis from an outside firm.
♦ If both technical progress and market growth are fast, R&D expertise should be obtained through acquisition of a well-established firm in the industry.
8(b) There are several reasons why companies go global. These are discussed as follows:
♦ The first and foremost reason is need to grow. It is basic need of organisations. Often finding opportunities in the other parts of the globe organisation extend their businesses and globalise.
♦ There is rapid shrinking of time and distance across the globe thanks to faster communication, speedier transportation, growing financial flows and rapid technological changes.
♦ It is being realised that the domestic markets are no longer adequate and rich. Japanese have flooded the U.S. market with automobiles and electronics because the home market was not large enough to absorb whatever was produced.
♦ There can be varied other reasons such as need for reliable or cheaper source of raw-materials, cheap labour, etc.
For Example: Hyundai got competent engineers at lower cost, industry friendly Maharashtra Govt. which allowed them to setup a unit in India which supplies spare parts for all Hyundai Cars across the world.
♦ Companies often set up overseas plants to reduce high transportation costs. For Example: Making a car in Korea and exporting it in Europe and America is expensive and time consuming therefore India as a manufacturing hub for Hyundai proved to be better place.
9(a) Human resource management has been accepted as a strategic partner in theformulation of organization’s strategies and in the implementation of such strategies through human resource planning, employment, training, appraisal and reward systems. The following points should be kept in mind as they can have a strong influence on employee competence:
i. Recruitment and selection: The workforce will be more competent if a firm can successfully identify, attract, and select highly competent applicants.
ii. Training: The workforce will be more competent if employees are well trained to perform their jobs properly.
iii. Appraisal of performance: The performance appraisal is to identify any performance deficiencies experienced by employees due to lack of competence. Such deficiencies, once identified, can often be solved through counselling, coaching or training.
iv. Compensation: A firm can usually increase the competency of its workforce by offering pay, benefits and rewards that are not only attractive than those of their competitors but also recognizes merit.
9(b) Strategic vision
A Strategic vision is a road map of a company’s future – providing specifics about technology and customer focus, the geographic and product markets to be pursued, the capabilities it plans to develop, and the kind of company that management is trying to create.
Essentials of a strategic vision
♦ The entrepreneurial challenge in developing a strategic vision is to think creatively about how to prepare a company for the future.
♦ Forming a strategic vision is an exercise in intelligent entrepreneurship.
♦ A well-articulated strategic vision creates enthusiasm among the members of the organisation.
♦ The best-worded vision statement clearly illuminates the direction in which organisation is headed.
10(a)
♦ Governmental agencies and departments: Central, state, municipal agencies, Public Sector Units, departments are responsible for formulating, implementing, and evaluating strategies that use taxpayers’ money in the most cost-effective way to provide services and programs. Strategic-management concepts are increasingly being used to enable some organizations to be more effective and efficient. But strategists in governmental organizations operate with less strategic autonomy than their counterparts in private firms. Public enterprises generally cannot diversify into unrelated businesses or merge with other firms.
Governmental strategists usually enjoy little freedom in altering the organizations’ missions or redirecting objectives. Legislators and politicians often have direct or indirect control over major decisions and resources. Strategic issues get discussed and debated in the media and legislatures. Issues become politicized, resulting in fewer strategic choice alternatives.
But in government agencies and departments are finding that their employees get excited about the opportunity to participate in the strategic-management process and thereby have an effect on the organization’s mission, objectives, strategies, and policies. In addition, government agencies are using a strategic management approach to develop and substantiate formal requests for additional funding.
♦ Medical organizations: Modern hospitals are creating new strategies today as advances in the diagnosis and treatment of chronic diseases are undercutting that earlier mission. Hospitals are beginning to bring services to the patient as much as bringing the patient to the hospital. Pathological laboratories have started collecting door-to-door samples. Chronic care will require daytreatment facilities, electronic monitoring at home, user-friendly ambulatory services, decentralized service networks, and laboratory testing.
A successful hospital strategy for the future will require renewed and deepened collaboration with physicians, who are central to hospitals’ well being and a reallocation of resources from acute to chronic care in home and community settings.
Backward integration strategies that some hospitals are pursuing include acquiring ambulance services, waste disposal services, and diagnostic services. Millions of persons research medical ailments online, which is causing a dramatic shift in the balance of power between doctor, patient, and hospitals. The whole strategic landscape of healthcare is changing because of the Internet. For reference on how big an impact of technology on healthcare is, Intel recently began offering a new secure medical service whereby doctors and patients can conduct sensitive business on the Internet, such as sharing
results of medical tests and prescribing medicine. The ten most successful hospital strategies today are providing free-standing outpatient surgery centres, outpatient surgery and diagnostic centres, physical rehabilitation centres, home health services, cardiac rehabilitation centres, preferred provider services, industrial medicine services, women’s medicine services, skilled nursing units, and psychiatric services.
10(b)
or
10(b) A strategy audit is needed under the following conditions:
♦ When the performance indicators reflect that a strategy is not working properly or is not producing desired outcomes.
♦ When the goals and objectives of the strategy are not being accomplished.
♦ When a major change takes place in the external environment of the organization.
♦ When the top management plans:
(a) to fine-tune the existing strategies and introduce new strategies and
(b) to ensure that a strategy that has worked in the past continues to be in-tune with subtle internal and external changes that may have occurred since the formulation of strategies.
Adequate and timely feedback is the cornerstone of effective strategy audit.
Strategy audit can be no better than the information on which it is based.
Strategy Audit includes three basic activities:
1. Examining the underlying bases of a firm’s strategy,
2. Comparing expected results with actual results, and
3. Taking corrective actions to ensure that performance conforms to plans.
Comments
Post a Comment