Information Systems Management Opportunities and Risks InforDlation SysteDls ManageDlent Opportunities and Risks o. Ian Angell Steve Smithson Department of Information Systems London School of Economics Macmillan Education ISBN 978-0-333-53681-0 ISBN 978-1-349-21555-3 (eBook) DOI 10.1007/978-1-349-21555-3 © I. O. Angell and S. Smithson 1991 All rights reserved. For infonnation. write: Scholarly and Reference Division. S!. Martin's Press. Inc .• 175 Fifth Avenue. New York. N.Y. 10010 First published in the United States of America in 1992 ISBN 978-0-312-07941-3 (paperback) Library of Congress Cataloging-in-Publication Data Angell. Ian O. Infonnation systems management: opportunities and risks / Ian O. Angell. Steve Smithson. p. em. Includes index. 1. Infonnation resources management. I. Smithson. Steve. 1949- . II. Title. T58.64.A44 1992 658.4'038-dc20 91-46131 CIP Contents Preface vi 1 Introduction: the need for balance 1 2 Understanding information systems 12 3 Strategy and tactics 29 4 The organization of the information systems function 52 5 Information technology and information systems 77 6 The integrity of information systems 94 7 Databases and the management of information 115 8 Data communication and network services 128 9 Office information systems 146 10 Information systems development 166 11 Evaluation, monitoring and control 189 12 Managing function and phenomena 213 List of abbreviations 228 Index 230 v Preface Managers of Information Systems (IS) are being pulled in two directions. On the one hand within much of the information technology (IT) industry, the' Spirit of the Age' is still one of unbridled hype and optimism, where computer-based systems are seen as a first response and an instant solution to any problem. Information technology is promoted as an agent of change that can deliver competitive advantage in terms of better quality products, enhanced control, reduced costs and increased flexibility. On the other hand, there seems to be no sign of any let-up in the 'horror stories', and the consequences of faulty computer-based systems still grab the newspaper headlines. In Paris, in September 1989, the Court computer mailed out 41,000 summonses for parking violations. Due to a mistake, or perhaps to a deliberate act of malice, the actual summonses sent were for prostitution, living off immoral earnings, burglary, even manslaughter. Pandemonium resulted from the embarrassment and family recriminations heaped on these victims of circumstance. We should not be surprised, such examples are legion: a few weeks later a British bank inadvertently transferred two billion pounds in less than half an hour to various international institutions; luckily the money was returned. IS managers have to steer a difficult course between the 'hype' and the 'horror'. It could be argued that this situation is not new, it was the case ten (or even twenty) years ago; computer salesmen were just as plausible then and information systems failures also made the headlines. However, we would contend that the situation is rather different today. Firstly, the risks are much greater as systems become larger, more integrated, and thus more complex, so that it is very much more difficult to isolate particular failures and to limit the 'knock-on' effects. Furthermore, organizations have become more vulnerable; many depend crucially upon information technology because their basic transactions and much of their more sensitive information is now held on computers. Secondly, information technology is no longer 'new' and, whilst past mistakes could be written off against experience, we should now be seeing organizations using the technology in a mature fashion. The 'stage' theory (Gibson, C.F. & Nolan, R.L., 'Managing the four stages of EDP growth', Harvard Business Review, Vo1.52, No.1, Jan-Feb 1974) suggests that by now most organizations should be managing their 'information resource', rather than trying to control errant application programs. Many IS managers, who were told that they would be managing change, find instead that they are managing crisis, a crisis of control. vi Preface vii We will try to give substance to the often unexpressed fears and uncertainty felt by many user managers and IS managers, and by laying the issues before them, guide them towards sensible decisions. We will question the limits of this technology in the managerial context, but leave it to individual managers, in their own particular situations, to decide what is appropriate and inappropriate for their organization's specific needs. Our aim is to encourage the 'thinking manager' towards a more critical evaluation of computer-based IS. Notwithstanding the countless books and articles emphasizing the benefits of IT, our message is that decision-makers must re-examine the assumptions under which systems are justified, and they must become aware of the risks inherent in the introduction of information technology and balance them against the many benefits. Above all, this book is about balance. It is about recognizing the 'pros' and the 'cons' of applying computers. Managing computerized information systems will involve capitalizing on the many opportunities made available by IT to the benefit of the organization, while at the same time avoiding the risks that can be detrimental to its well-being. In this respect, and as a general principle, the management of IS is little different to other areas of management. However, where it does differ is in coping with the all-embracing systemic nature of information, and with the effective use of this resource in dealing with the uncertainty that pervades every aspect of the commercial environment. With this message of balance, we have organized the book into twelve chapters, starting with an introduction that lays out the scenario of opportunity and risk in information systems. In Chapter 2, we propose a theoretical basis for understanding and managing this opportunity and risk, while Chapter 3 describes the concept of strategy as a sensible approach to the management of IS. The organizational issues· of IT are considered in Chapter 4, and the effects on, and maintenance of, the integrity of an organization and its information systems are outlined in Chapter 5. Chapter 6 examines the promises and pitfalls of information technology in the context of information systems. Chapters 7, 8 and 9 discuss the key infrastructural technologies of databases, networks and office information systems. Chapter 10 considers questions of the development of information systems, and Chapter 11 discusses the evaluation, monitoring and control of operational systems. In Chapter 12 we culminate with a look at the need for people amidst all this automation, and finish with an unequivocal recognition that the successful implementation of computer-based information systems is totally dependent on quality human intervention. Top quality management and staff, well trained and highly motivated, can harness the power of the technology to provide a range and quality of services, undreamt-of a few years ago. Without such people, and without the technology, organizations are on a road to nowhere. 1 Introduction: the need for balance • The crisis of confidence • Systemic risk • Complexity • Uncertainty • The introduction of information systems • Measurability, Predictability, Rationality • Coping with the crisis The crisis of confidence Throughout a large number of very different industries, IT decision-takers are confronting a growing crisis as the time approaches to authorize new computer based information systems. Here, we use the term 'crisis' advisedly. The Oxford English Dictionary defines crisis to be: A vitally important or decisive stage in the progress of anything; now applied in times of difficulty, insecurity and suspense in politics or commerce. To psychologists a crisis is: when the individual is in a situation where past experience and old reaction patterns are no longer adequate. A time of danger and suspense. In medicine it is: a point in the progress of a disease when a development or change takes place which is decisive of recovery or death; a turning point for better or worse. The backdrop to this situation is a widespread faith, throughout much of industry and academia, in the inherent virtue, almost omnipotence, of the technology. Despite a whole catalogue of incidents, businesses are still encouraged to seek the 'Holy Grail' of competitive advantage through the employment of this seductive technology [1]. Yet, they are rarely warned that they may be unwittingly gambling with their futures. Since the earliest days, there has been criticism of the self-proclaimed benefits of computerization (Ackoff [2], Roszak [3], Weizenbaum [4]), but these have largely been ignored. Newspapers, television, radio and film stress, explicitly and implicitly, the merits of computerization. Governments invest huge amounts in computer education and in high-technology industrial collaboration. But computing has often not lived up to expectations and there is a sense of irritation, even dissatisfaction, in the business community. Is it right that this self-evident certainty goes unchallenged, 1 2 Information Systems Management or have we reached that decisive stage in the development of information technology, a time of difficulty, insecurity and suspense, a time of crisis? Is this a turning point, for better or worse? Much will depend on the recognition of many more variables and marginal issues within information systems. The recognition of this crisis and its implied new behaviour patterns will not be easy for managers of information systems, who have been trained in the technologies and machine-centred requirements of the past. Awareness of the crisis is vital, even for those that are at present successful users of information systems. For the indications are that organizations cannot rely on past experiences and old reaction patterns for future success: a totally new mode of IS management is needed. Systemic risk It is not enough to apply traditional cost-benefit analysis to IT projects. As well as to appreciate the opportunities attached to the project, it is important to analyze the risks. These risks are usually associated with systems' failures or unforeseen adverse consequences of the introduction of new information systems. Such risks seem to be endemic to information technology. For example, American Airlines clearly gained a major commercial advantage and substantial income with their SABRE Reservation System. Unfortunately together with this success is the possibility of major unforeseen legal battles over unfair competition, with huge financial liabilities. The airline also lost fifty million dollars by flying planes well below capacity, when customers were transferred to their competitors after a software bug incorrectly informed booking clerks that aircraft were full! Systemic risk is a result of the complexity implicit in all large systems, but particularly in socio-technical systems where people interact closely with the technical system. This realization is not new. Murphy's Law "if it can go wrong, it will go wrong," and the accompanying lemma "Murphy was an optimist," sums up the situation succinctly. No technology always behaves in the way we expect and believe it should; instead it almost appears to have a destructive purpose of its own: 'Gremlins'. Gall, in his highly amusing book Systemantics [5], gives many examples where blind optimism and a lack of understanding of the way that systems function have led to devastating conclusions and, with tongue in cheek, he outlines a number of profound 'laws' relating to the misbehaviour of systems. It is a surprising side of human nature that we treat the inevitability of uncertainty with humour. Perhaps this is the mechanism that has made the human race so successful in dealing with these dilemmas. And we have been successful, although, to listen to some proselytes of artificial intelligence and decision analysis, we would gather that humans are somewhat inadequate in this respect. Introduction: the need for balance 3 Complexity Sheer complexity, not just in the technology itself but in its interaction with any application environment, throws up inevitable, yet unpredictable, emergent phenomena, many of which are likely to cause problems. The KISS advice, Keep It Simple, Stupid, is too often ignored in the grandiose schemes of managers who seem to be chasing the glamour and kudos of advanced technology. In both the USA and UK numerous large military 'command and control' systems have run into severe problems. Barclays Bank in the UK abandoned two multi-million pound projects. Perhaps, as has been suggested, we should emulate successful Japanese companies and use infonnation systems that are simpler and more selective than those presently used in the West. Previously seen only in tenns of its many benefits, the convergence of computer and communication technologies could very well be 'an accident just waiting to happen'. Rather than a communications network spanning the world, with Open Systems Interconnection (OSI), we could be building a spider's web, a trap of unimaginable complexity; a tangled web that the manufacturers seem very keen to promote. "Communications is the heart of AT&T's business. And technology is our lifeblood. We see our job as connecting people to people, machines to machines, systems to systems, unhindered by geographic and technical barriers" (AT&T advertisement). Technocrats, businessmen and politicians are launching technological monsters into our society, in the arrogant belief that because they initiate a system, they somehow control its evolution and its resultant effects. The short-sighted leading the blind! Commercial and social pressures, cultural incompatibilities, chaotic changes, resistance to change, unpredictable accidents, criminal intent, malice and sabotage add to the already excessive complexity, and can have surprising effects on what are usually considered technological decisions. For example, electronic mail has many benefits, yet it has well-documented negative effects: the danger of reduced social interaction; magnetic disk stores filled to capacity with multiple copies of unread messages; hours wasted reading 'junk mail'; and possibly worst of all there is 'flaming', where carelessly phrased messages on trivial matters precipitate aggressive responses, and a feedback of antagonism that can cause major social disruption within an organization. Another aspect of infonnation technology that is rarely fully appreciated is the sheer scale and complexity of the administration needed to maintain an infonnation system, including everything from maintaining the integrity of a file base to satisfying the requirements of data-privacy legislation and safeguards. Taken to excess, a rigid electronic bureaucracy prepares fertile ground for Parkinson's Law: "Work expands so as to fill the time available for its completion" [6]. A rigid bureaucracy can enforce a straitjacket of short tenn