Building Successful

Information Systems

Building Successful
Information Systems
Five Best Practices to Ensure
Organizational Effectiveness
andProfitability
Second Edition
Michael J. Savoie, PhD

Building Successful Information Systems: Five Best Practices to Ensure

Organizational Effectiveness and Profitability, Second Edition
Copyright Business Expert Press, LLC, 2016.
All rights reserved. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or by any
meanselectronic, mechanical, photocopy, recording, or any other
except for brief quotations, not to exceed 400 words, without the prior
permission of the publisher.
First published in 2012 by
Business Expert Press, LLC
222 East 46th Street, New York, NY 10017
www.businessexpertpress.com
ISBN-13: 978-1-63157-465-8 (paperback)
ISBN-13: 978-1-63157-466-5 (e-book)
Business Expert Press Information Systems Collection
Collection ISSN: 2156-6577 (print)
Collection ISSN: 2156-6593 (electronic)
Cover and interior design by Exeter Premedia Services Private Ltd.,
Chennai, India
Second edition: 2016
10 9 8 7 6 5 4 3 2 1
Printed in the United States of America.

Abstract
Information systems are a critical component of business success today.
Unfortunately, many companies do not truly understand what an information system is; where, when, and how it should be implemented; or
the effects of integrating it into the organization. As such, we continue
to see implementation horror stories of projects run amuckgoing over
time and over budgetor information systems that never get fully implemented, requiring work-arounds by employees in order to get things
done.
Why is this the case? Are information systems so poorly developed,
or is it more a case of companies not understanding what information
systems are and how to integrate them into their business processes?
The premise of this book is that it is the latter. If decision makers better
understood what information systems are, how they worked, and, most
importantly, what constitutes a successful information system; then implementations would be smoother, and benefits from information systems
would be greater and last longer.
The intent of this book is to help organizations better utilize their
information systems by understanding the fundamental purpose of these
systems within the business organization. This book will help readers a nalyze
business processes with an eye toward how data is created, transferred,
analyzed, and used within the organization. From this u
nderstanding,
the user can then design, build, and implement information systems that
accurately reflect the flow of the business processes, adjust quickly to
support critical functions, and provide efficient and effective value-added
services to employees to maximize the profitability of the company.

Keywords
agility, BYOD, business, business processes, cyber security, data, effectiveness, efficiency, information, information systems, information strategy,
information technology, innovation, integration, Internet of Things
(IoT), mobility, networks, security, strategy, technology, timeliness

Contents
Prefaceix
Acknowledgmentsxi
Chapter 1

Introduction1

Chapter 2

Where Do We Start?5

Chapter 3

The Information Ladder15

Chapter 4

What Constitutes the Right Data?23

Chapter 5

How Do We Get Information to the Right Place?33

Chapter 6

When Is the Right Time?37

Chapter 7

How Do We Identify the Right Person?45

Chapter 8

What Is the Right Format for the Information?55

Chapter 9

Security61

Chapter 10 The Internet of Things75

Chapter 11 Putting It All Together83
Chapter 12 Making It Work93
Glossary99
Notes101
References103
Index105

Preface
In December of 2012, when the first edition of this book was published,
the Internet of Things (IoT) was still in the concept phase. Over the last
three years, IoT has become the issue for companies wishing to compete
in the global market. Much has been written about ways to address and
implement IoT into an organizations information strategy. More than
ever, the principles laid out in this book form the foundation for successful information systems.
The second edition continues to follow the format of the first edition
in that short, direct chapters address a key issue for creating successful
information systems. Each chapter ends with specific steps the C-Suite
can take to ensure information systems are aligned with, and contribute
to, the strategic direction and success of the organization.
The second edition takes part of the Preface and creates a new
Chapter1 Introduction. It updates key chapters to reflect changes in the
organization landscape. Most notably in Chapter 9 Security. The book
also adds a new chapter addressing the Internet of Things and its growing
impact on strategic decision making throughout the organization.
I want to thank the many readers who have provided input on how
the first edition has helped their individual, organizational, and C-Suite
decision making. Your feedback is invaluable and can be seen in the
updates to this new edition.
Michael

Acknowledgments
This book would not have been possible without the help and support of
a number of people. In particular, I wish to thank my assistants, Foram
Vyas and J. Michelle Abuda, without whose constant encouragement this
book would still be in my mind and not on paper. Special thanks to
Robert Jorgensen for his help in updating Chapter 9 Security.
I would also like to thank the editors and staff at Business Expert
Press. Special thanks to Scott and the Production Team at Exeter Premedia
Services for their diligence throughout the process.
Finally, I would like to thank my family for their love and support
without which none of this would be worthwhile.

CHAPTER 1

Introduction
When Im hired by a company as a consultant, the first question I generally ask is What do you do? What percentage of companies do you
think can answer that question accurately?
The reality is that only about 50 percent of the companies I ask can
accurately describe what they do. Notice I dont ask them What do
you make? Most companies when I say What do you do? will answer
with We make this. However, that is not the question I am asking.
Consequently, a conversation with a typical employee (entry level to
CEO) might go like this.
Me:
Employee:
Me:
Employee:
Me:
Employee:
Me:
Employee:
Me:
Employee:
Me:
Employee:
Me:
Employee:

What do you do?

What do you mean what do we do?
Well, you come to work, right?
Yeah.
What do you do?
Well I take this product and move it right there.
Well, why do you do that?
I dont know.
You dont know why you do that?
No.
Well, why not?
They give me a paycheck to move the product.
But what happens when you move the product
over there?
I dont know.

And therein lies the crux of the problem. For an organization to be

successful, all of its resources must be directed toward the same goal.

BUILDING SUCCESSFUL INFORMATION SYSTEMS

Yet, in most organizations, there is a lack of information, either because

people dont know or dont care what is happening around them. This lack
of information translates into poor quality, lower productivity, security
breaches, misuse of equipment and the list goes on. As a result, more
and more of the corporate effort is spent addressing these symptoms and
less time is spent rooting out and correcting the causes.

The Goal of Information Systems

Information systems exist (or should exist) to enhance the flow of information throughout the organization. Not for the sake of information
flow, but specifically to get the right data to the right place and right
person at the right time and in the right format so it can be used to benefit
the organization.
The goal is better decision makingmeeting the needs of a customer
as quickly as possible or developing new products and services to meet the
future needs of our target market. It may involve providing data on the
quality of our products as they are manufactured, or pricing of our raw
materials from various suppliers.
Regardless of the individual goal, the information system is the equivalent of the central nervous system of our bodies. It doesnt matter how
strong our muscles or how active our brain, if the signal (information)
cant be sent along the nervous system (network) in a timely manner, the
body simply wont work. The same holds true for our organizations.

Difference Between Information Systems

andComputers
Computer technology is one of the tools we use to enhance the flow of
information throughout the organization. However, information systems
are not computers. Computers and other digital technologies are tools
used to make information systems work, but they are just tools. Like any
tool, computers require knowledgeable users to wield them in order to
get the desired results. So, for an information system to truly b enefit the
organization, it must be comprised of both technology (computers) and
people.

 Introduction 3

As you read this book, youll gain the knowledge and insight necessary
to build and use information systems in such a way as to maximize their
value to your organization. And by doing so, youll better your companys
ability to compete in the rapidly changing markets of today and in the
future.

Index
Amazon Web Services, 79
Analysis paralysis, 23
Assumptions, bad, 67
Availability, defined, 63
Big data, defined, 23, 2528
Bring your own device (BYOD), 67,
70, 72, 84, 91, 97
Internet of Things (IoT) and, 6869
Business
assumptions, 67
cloud platforms and, 80
Internet of Things (IoT) and,
7677
Business process management, 5
BYOD. See Bring your own device
Career building, with company data,
64
CEO
fault, 4951
and system, 85
CIO, 45, 85, 91
Cloud computing, 33
Combined matrix, 47, 48
Computer domain
data, 21
information, 21
Computer, usage, 7
Confidentiality, defined, 63
Corporate information systems, 30,
68, 84, 91
Corporate strategy, 30, 8586, 89,
90, 94
Cost-benefit analysis, 89
Crystal reports, 55
C-suite
CIA triad, 6263
availability, 62, 63
confidentiality, 62, 63
integrity, 62, 63
Cisco, 65

CIO, to include, 9091

information ladder for, 2122
Internet of Things for, 8081
right data for, 30
right format for, 5960
right person, 5253
right time for, 4243
and security, 7273
Customer service, 8, 4546
current process, 86
information map, 87
revised process, 86
Cybercrime, 61
Cyber attacks, 6465, 80
Cyber mapping, 63
Cyber security, 33, 45, 49, 5253, 64,
69, 70. See also Data breach
CIA triad, 6263
defense-in-depth, 6566
well-meaning insiders, 64
targeted attacks, 64
malicious insiders, 64
Cyber-terrorism, 69
Dashboards, 5758
Data, 1516, 93
big, 2528
breach, 6170
defined, 16
dumps, 58
facts, 15
information, 1516
lack of control, 3435
misrepresentation of information,
35
ranking system, 36
security issues, 34
timeliness of, 41
timing of, 40
Data breach, 6170
causes of, 6465
changing the thinking, 7172

106 Index

malicious insiders, 64
preventing, 6972
response plan, 70
targeted attacks, 64
well-meaning insiders, 64
Data dumps, 58
Dell, sales person, 3738
Decision making, 13
Defense-in-depth, 6566
Device-driven reporting, 5859
Digital universe, 2
EDI. See Electronic Data Interchange
Electronic Data Interchange (EDI)
system, 10
Enterprise resource planning (ERP)
system, 11, 96
ERP. See Enterprise resource planning
Facts, data, 15
FedEx, 37, 40
FIN4, 62
Five rights, information system, 8, 16,
30, 42, 56, 80
CIA triad and, 6263
importance of, 88
improvement of system, 9091, 97
presentation by CIO, 91, 97
protecting, 73
using, 73
Flowchart, 5
Fortune 500, 37, 53
Free service plans, internet, 7879
Gartner, Inc., 68
Geolocation, 52, 72, 73
Geotracking, 72, 91, 97
Google AppEngine, 79
Hacking, 34, 39, 6162
Human domain
Knowledge, 21
wisdom, 21
IBMs Blue Cloud, 79
IDC Digital Universe Study, 25

Indicators of Compromise (IOCs), 67

Industrial espionage, 6465
Industry strategy, 30
Inflight magazines, 85
Information, 1617, 9394. See also
Data; Information ladder
access, 47
data breach, 6170
defined, 17
flowing in organization, 8586
fresh, 4042
hacking, 34, 39, 6162
instantaneous access to, 39
levels of, 15
misrepresentation of, 35
right data for, 2332
right format for, 5560
right person, 4554
right place for, 3336
right time for, 3743
timing of, 3940
transfer, tools of, 7
Information ladder, 1522
data, 1516, 93
following, 96
information, 1617, 9394
knowledge, 1719, 94
levels of, 1521, 9394
transition of, 9496
wisdom, 1921, 94
Information maps, 2829, 31, 85, 87.
See also Workarounds
Information security, 63
Information system. See also Data
access, 47
changes, 83
dashboards, 5758
defined, 89, 93
designing, 55, 8384
effectiveness of, 25
efficiency of, 25
and expenses, 28
five rights, 30, 6263, 73
and future, 84, 91
geolocation, 72
measuring the success of, 8990
and revenue, 27

 Index 107

right format for, 58

rules and reality, difference
between, 49
security, 6173
and viewing devices, 55
Information transfer tools, 7
In-house servers, 25, 34
Integrating technology, 93
Integration of humans and things, 76
Integrity, defined, 63
Intellectual property (IP), 61
Interactive voice recognition (IVR)
systems, 4546
Internet
access to, 34
business and, 7677
shutting down, 2324
Internet of Things (IoT), 25
business and, 7677
BYOD and, 6869
defined, 68, 7576
free services plan, 7879
hydrid cloud, 7980
private cloud service, 79
public cloud service, 79
Inventory control problem in Red
velvet carpet, 913
Inventory control system, 11, 1819
IoT. See Internet of Things
IP. See Intellectual property
IVR. See Interactive voice recognition
Key Performance Indicators (KPIs),
97
Knowledge, 1719, 94
and computers, 1719
defined, 17
KPIs. See Key Performance Indicators
Lack of control, 3435
Local area network (LAN), 67
Malicious insiders. See also Data
breach; Cyber security
career building with company data,
64
industrial espionage, 6465

terminated employees, 64
white collar crime, 64
MAPSCO, 76
Matrix, 4748. See also Specific matrix
Microsoft, 65
NC. See Numerical control
Network
perimeter, 67
vulnerability of, 6869
Nortel, sales person, 3738
Nuclear powered data, 5657
Numerical control (NC), 40
OEM. See Original equipment
manufacturer
Open Web Application Security
Project (OWASP), 65
Web Application Security Flaws
20042013, 66
Operating system, 28, 73, 88
Original equipment manufacturer
(OEM), 28
Organization, information flow
current process, 86
model of, 87
information maps, 28, 87
response plan, 70
revised process, 86
upgrade versus new system, 89
OWASP. See Open Web Application
Security Project
Personal experiences Red velvet
carpet, 913
Personal health information (PHI), 61
Personally identifiable information
(PII), 61
Personnel matrix, 47
PHI. See Personal health information
Phishing, 69
PII. See Personally identifiable
information
Point of sale (POS) system, 18, 67,
68
POS. See Point of sale
Position matrix, 47

108 Index

Private cloud service, 79

Production strategy, 30
Public cloud service, 79
benefits of, 79
examples of, 79
QA. See Quality assurance
Quality assurance (QA), 40
Response plan, creating, 70
Right data, 2332
constitution of, 27
defined, 25, 27
goal of, 27
to right place, delivery of, 3536
Right format, 5560
dashboards, 5758
device-driven reporting, 5859
Right person, 4554
access of information to, 4749
and customer service, 46
defining, 5152
identifying, importance of, 45
Right place, 3336
security issues, 34
lack of control, 3435
misrepresentation of information,
35
Right time, 3743
benefits of, 41
drawbacks of, 42
information, 3940
when is, 3743
Right to achieve, 5557
Security, 6173, 90, 97
advanced, 52
behavior-based, 49
cloud-based, 35
cyber, 33, 45, 49, 5253, 64, 69,
70
designation, 47, 48
ensuring, 5354
incident, 61
issues, 34
options, 73
parameters, 36

for protecting five rights, 6263, 73

set of policies in, 68
Security issues, 34
addressing problem, 6465
data breach, 6170
ensuring, 5354
hacking, 34, 39, 6162
options, 73
Servers, 23, 25, 34, 69, 91, 97
Smart Virtual Personal Assistants
(SVAPs), 7778
Smoke signals, 8
Social network, 4951
Success, of information system, 8990
cost-benefit analysis, 89
morale, 89
organization, 94
productivity, 89
profitability, 8990
Technology, business and, 56
Telegraph, 8
Telephone, 8
Terminated employees, 64
Timeliness, of data costs and, 41
Transition
data and information to knowledge
and wisdom, 9496
Verizon, data breach investigations
report, 61, 67, 69
Walmart, 19
Website, 61, 91, 97
Wide area network (WAN), 67
Wi-Fi, 76
Wikipedia, 75
Wisdom, 1922, 94
and computers, 1920
humans, 20
White collar crime, 64
Windows Azure Services Platform, 79
Workarounds, 8, 29, 31, 33, 51,
88,96
Y2K problem, 23