IS personnel generally need to perform six sequential steps to properly operate an IS.46 Figure 17.5 summarizes the steps and indicates the order in which they are performed. The first step is to determine what information is needed within the organization, when it will be needed, and in what form it will be needed. Because the basic purpose of the IS is to assist management in making decisions, one way to begin determining management information needs is to analyze the following:

1. Decision areas in which management makes decisions

2. Specific decisions within these decision areas that management must actually make

3. Alternatives that must be evaluated in order to make these specific decisions

For example, insights regarding what information management needs in a particular organization can be gleaned by understanding that management makes decisions in the area of plant and equipment, that a specific decision related to this area involves acquiring new equipment, and that two alternatives relating to this decision that must be evaluated are buying newly developed, high-technology equipment versus buying more standard equipment that has been around for some time in the industry.

The second major step in operating the IS is pinpointing and collecting data that will yield needed organizational information. This step is just as important as determining the information needs of the organization. If the collected data do not relate appropriately to the information needs, it will be impossible to generate the needed information.

After information needs of the organization have been determined and appropriate data have been pinpointed and gathered, summarizing the data and analyzing the data are, respectively, the third and fourth steps that IS personnel generally should take to properly operate an IS. It is in the performance of these steps that IS personnel find computer assistance to be the most beneficial.

The fifth and sixth steps, respectively, are transmitting the information generated by the data analysis to the appropriate managers and getting those managers to actually use the information. The performance of these last two steps results in managerial decision making. Although each of the six steps is necessary for an IS to run properly, the time spent on performing each step will naturally vary from organization to organization.

For maximum benefit, an IS must collect relevant data, transform that data into appropriate information, and transmit that information to the appropriate managers. However, appropriate information for one manager within an organization may not be appropriate information for another manager. Robert G. Murdick suggests that the degree of appropriateness of IS information for a manager depends on the activities for which the manager will use the information, the organizational objectives assigned to the manager, and the level of management at which the manager functions.48 All of these factors are closely related. Murdick’s thoughts on this matter are best summarized as shown in Figure 17.6 . As you can see from this figure, because the overall job situations of top managers, middle managers, and first-line managers are significantly different, the kinds of information these managers need to satisfactorily perform their jobs are also significantly different.

One of the most important determinants of IS effectiveness is the degree to which employees, or users, are satisfied with the IS. The degree of user satisfaction with the IS is determined by two main factors: (1) the quality of the IS and (2) the quality of the information. The quality of the IS refers to its ease of use. If a company’s employees consider an IS easy to use, that IS would be labeled a high-quality IS. The quality of information, on the other hand, measures the degree to which the information produced by the IS is accurate and in a format required by the user. Taken together, then, users are satisfied with an IS when the IS is of high quality and provides high-quality information.

User satisfaction is important because of its direct influence on IS effectiveness. When users are satisfied with an IS, they will integrate the IS throughout their work routines and will become increasingly dependent on the IS. As users become increasingly dependent on the IS and increasingly integrate the IS into their routines, the IS becomes increasingly effective. These relationships are depicted in Figure 17.7 .

In recent years, executives have faced various obstacles in managing the IS workforce. During the economic and technological boom of the late 1990s, executives faced tremendous hurdles in terms of hiring and retaining IS employees.51 Compared to other professionals during that period, IS professionals were considered more difficult to hire and retain because the economic and technological boom created a multitude of job prospects for IS professionals. Moreover, executives found it quite expensive to replace the IS professionals who left; some estimates suggest that the cost of replacing an IS employee is 1 to 2.5 times his or her annual salary.52

In more recent years, however, companies have started to use workers in other countries to staff their IS departments—and many expect this trend to continue.53 One survey indicated that almost half of firms outsource work to workers in other countries to reap the cost advantages.54 Specifically, the cost of IS employees in other countries is much less than the cost of IS employees in the United States. This issue of lower costs partly explains why EDS, a Texas-based firm that offers its clients IT-based solutions, employs about 1,000 IS workers in India but expects this number to increase to nearly 20,000 in the near future.

Despite the cost advantages associated with these overseas workers, this practice creates other problems, such as integrating domestic and nondomestic workforces, managing several languages and cultures, and defining global work expectations. In addition, U.S. firms might face a backlash from their U.S. customers who view the practice of outsourcing IS work to other countries as unpatriotic.

As corporations rely more heavily on information systems, they become more susceptible to security issues involving these systems. In particular, companies might lose valuable financial, employee, or customer data due to security breaches involving IS. In addition, companies become increasingly vulnerable to viruses, worms, and Trojan horses designed to paralyze information systems. As technology continues to change rapidly, it becomes more difficult for IS employees to prevent and eliminate these security threats.

In response to the increasing threat of security issues to information systems, private and public organizations around the world came together in 1992 to form the International Information Security Foundation. This committee produced a document known as the Generally Accepted System Security Principles (GASSP), which includes a set of best practices for IS managers.55 The best practices listed within the GASSP provide a good starting point for managers when they are attempting to prevent security threats. Table 17.1 provides an overview of some of the broad principles outlined in the GASSP.