4th Canadian Edition Rodriguez Test Bank Docx

Case Appendix

Case Distribution and Index

The following provides a list of the cases provided in this Appendix, and the Chapters or Technology Guides to which the case pertains. Use these cases as assignments, midterm questions or final examination questions.

The Case Appendix contains the entire case with references to the chapters or technology guides to which they pertain. You will find a suggested solutions below.

Note that these cases have questions that apply to multiple chapters. Suggested solutions are provided below. Cases are listed below alphabetically by case name.

BestPay

BestPay Inc. is an online service provider of payroll processing in Winnipeg, Manitoba, with over 125,000 customers. A review of the web site reveals that the organization is full service: you can purchase payroll software, or access systems online. BestPay provides payroll, human resources, retirement planning and tax services. Employees can even log on and use the systems as an internet-based time clock.

Required:

A) For each of the five strategies for competitive advantage, describe the strategy, and explain how BestPay could implement the strategy. (10 marks, 20 minutes)

Suggested Solution: Chapter 2, Competitive Advantages and Strategic Information Systems

Level: Medium

B) You have been asked to assist with the design of the payroll database for BestPay Inc. Explain the purpose of each of the following components of the database design and provide an example of how they would apply to the payroll database. (10 marks, 20 minutes)

• Data model
• Entity
• Attribute
• Primary Key
• Secondary Key

Suggested Solution: Chapter 5 The Database Approach

Level: Medium

C) Your company is a small employer with ten employees that uses BestPay Inc. for payroll processing. Explain to your boss the different types of anti-malware protection that are available and their purpose. (5 marks, 10 minutes)

Suggested Solution: Chapter 4, Information Security Controls, Technology Guide 5, Computer-Based Actions

Level: Medium

Answers could include some discussion of Ch 4’s coverage of Anti-malware systems, firewalls, whitelisting and blacklisting, as well as touch upon TG5’s recommended actions to prevent malware infections, as summarized below:

Anti-malware systems, also called antivirus (AV) software, are software packages that attempt to identify and eliminate viruses and worms, and other malicious software (which is known as malware). AV software is implemented at the organizational level by the IS department. Anti-malware systems are generally reactive, filtering network traffic according to a database of specific problems. These systems create definitions, or signatures, of various types of malware and then update these signatures in their products. The anti-malware software then examines suspicious computer code to determine whether it matches a known signature. If the software identifies a match, then it removes the code. For this reason, organizations regularly update their malware definitions using online updates. Because malware is such a serious problem, the leading vendors are rapidly developing anti-malware systems that function proactively as well as reactively. These systems evaluate behaviour rather than relying entirely on signature matching. In theory, therefore, it is possible to catch malware before it can infect systems.

Firewalls can also help protect against malware by filtering network traffic according to categories of activities that are likely to cause problems. Firewall software can isolate a suspicious file and report it to the system user/operator for further investigation.

Whitelisting and blacklisting can also be used to permit only acceptable software to run or blocks all unacceptable software from running on the company’s computers. This will prevent malware from infecting the company’s environment through unknown sources. Other actions that can also be taken at this small company to prevent malware infection include:

- Advise all employees who connect to the company’s network, not to open unrequested email attachments or web links, not to accept files they have not requested;

- Test all company computers to evaluate how well they are protected from a variety of attacks. A number of free security tests are available;

- Install a security suite or individual components including firewall, anti-malware and a variety of other valuable security products;

- Manage software patches to ensure that security problems are repaired promptly;

- Use less prominent browsers and operating systems if possible to reduce likelihood of attacks.

Camelot Industries

Camelot Industries Ltd. (CIL) sells card decks, all kinds of them. Playing cards for children and adults, tarot cards (for self-analysis and fortune telling), and a variety of new age cards such as angel cards, dragon cards, sacred geometry cards and native medicine cards. Traditionally, CIL sold only to retail outlets, although they had factory direct sales at their distribution centre every morning.

Last year, CIL created a web site, camelotcards.com, used to sell cards directly to a broader range of retailers and to the general public. To help its existing dealer network, the web site has a location directory, so that individuals can find out where the card deck of their choice is selling in their area. Also, to help its existing dealer network, sales to the general public are accepted only if the individual is buying at least ten decks of cards. Otherwise, the individual is urged to go their nearest new age book or novelty store.

Camelot Industries Ltd. (CIL) has 35,000 retailers around the world that purchase its products. CIL uses functional software to handle its transaction processing for sales to these retailers.

A) Using the following table, describe the four listed business pressures and explain how each pressure would affect Camelot Industries Ltd. (8 marks, 16 minutes)

Suggested Solution: Chapter 2, Business Pressures, Organizational Responses, and IT Support

Level: Medium

B) Camelot Industries Ltd. (CIL) is thinking of implementing new software for its data management that would include a relational database. Provide CIL with four advantages or disadvantages for the use of a relational database management system. (4 marks, 8 minutes )

Suggested Solution: Chapter 5, The Database Approach and Relational Database Management Systems

Level: Medium

Advantages for the use of a relational database management system include:

- being organized so that users can retrieve, analyze, and understand the data they need;

- minimizing the data redundancy, data isolation and data inconsistency which occur when a database approach is not used to store data; as well as

- maximizing data security, data integrity and data independence as data storage is controlled by the RDBMS, which is independent of the many application systems that may use it.

Students could also discuss, as Advantages, topics in Section 5.6, Appendix: Fundamentals of Relational Database Operations, such as: ease of searching the database using a Structured Query Language or Query by Example, as well as benefits of the data dictionary, Entity-Relationship Modelling and Normalization processes to improve the structure and performance of the database.

Disadvantages for the use of RDBMS relate to the cost of acquiring the software, as well as the expertise, time and cost required to convert from older file formats to RDBMS.

C) Following is an example of what the sales transaction information at CIL looks like:

Clearly describe the following terms and provide an example from the table for each term. Clearly explain why your example is appropriate. (8 marks, 16 minutes)

• Attribute
• Record
• Instance
• Secondary key

Suggested Solution: Chapter 5, The Database Approach

Level: Medium

The examples below, all relate to the first row (sales transaction) in the table. Other examples are possible.

D) What is operational CRM? (1 mark)

Response: Chapter 11, Operational CRM Systems

Level: Easy

CRM is a customer focussed and customer driven organizational strategy, where organizations concentrate on assessing customers’ requirements for products, then provide high quality responsive service. The CRM approach is enabled by various CRM systems and applications. Operational CRM systems support Operational CRM, the approach applied in front-office business processes that involve direct interaction with customers in sales, marketing and service. These systems include customer-facing applications and customer-touching applications.

E) Provide five examples of how CIL could use Operational CRM systems to provide customer service and support to its customers. (5 marks)

Suggested Solution: Chapter 11, Operational CRM Systems

Level: Medium

Students could provide numerous examples of Customer facing applications for use in customer interaction centre (CIC) service and support, such as:

- CIL could set up a call centre that could respond to a large variety of customer questions, support requests and complaints. Customer facing applications would provide call centre staff with customer account information, as well as product specifications and availability information to enable the staff to deal with all types of issues.

- The customer-facing applications would allow CIC staff to interact with customers online (email or live chat), by telephone, or face-to-face.

- CIC could also create a call list for the sales team for outbound telesales, contacting sales prospects to discuss products and services and generate sales.

- CIC can also conduct inbound teleservice, responding to requests using service instructions from the company’s knowledge base or by noting incidents for referral to a product or account specialist.

Numerous Customer-touching application examples might include”

- personalized web pages for each of their retailer accounts (and for any large consumer accounts, on request) where each customer can easily access all their relevant account activity, as well as their usual product preferences, or where they can reach CIL staff to make requests or address problems, or track orders

- online FAQs

- search and comparison abilities to compare amongst CIL’s product line or with other competing lines

- Loyalty programs offering discounts and special offers for high frequency, repeat customers

East General Hospital

Vocera is a multi-purpose intercom that can be worn about a person’s neck or clipped to clothing. It uses wireless technology and operates the same way that the communications devices in ‘Star Trek’ worked – you tap the device to activate it. The system uses voice recognition to initiate calls to others, and can also send text messages.

Since the system was recently implemented by East General Hospital, staff can now talk to others who are in isolation, and obtain emergency help if they tap the device’s grey button twice. It cost the hospital several million dollars to implement the system. The older city hospital is about one million square feet in size, with thick brick walls and special concrete protection around rooms that handle radiation, such as medical imaging.

Now, the hospital is thinking of implementing electronic document systems for its patient records. This would mean that existing hospital records would be scanned and placed into electronic files, while any new records would be created electronically or added to patient records as prepared.

The hospital is looking at two different options for its acquisition of the patient record system – purchasing a packaged system that is in use by hospitals in the U.S., or having a customized system developed.

(References: “A new badge of honour,” by T. Burgmann, Toronto Star, p. B1, B4, Nov 16/09); and www.vocera.com (accessed January 29, 2011)

Required:

A) What are the advantages of purchasing ready-made packaged software? (3 marks, 6 minutes)

Suggested Solution: Chapter 13, Strategies for Acquiring IT Applications

Level: Easy

• Many different types of off-the-shelf software are available

• The company can try out the software before purchasing it

• The company can save much time by buying rather than building

• The company can know what it is getting before it invests in the product

• Purchased software may eliminate the need to hire personnel specifically dedicated to a project

B) What are the disadvantages of purchasing ready-made packaged software? (3 marks, 6 minutes)

Suggested Solution: Chapter 13, Strategies for Acquiring IT Applications

Level: Easy

• Software may not exactly meet the company’s needs

• Software may be difficult or impossible to modify, or it may require huge business process changes to implement

• The company will not have control over software improvements and new versions

• Purchased software can be difficult to integrate with existing systems

• Vendors may discontinue a product or go out of business

• Software is controlled by another company with its own priorities and business considerations

• The purchasing company lacks intimate knowledge about how and why the software functions as it does

C) What are the advantages of developing customized software? (3 marks, 6 minutes)

Suggested Solution: Chapter 13, Strategies for Acquiring IT Applications

Level: Easy

• often produces a better fit with the organization’s specific requirements
• the software can be designed to integrate with existing and planned systems at the company
• the company will have control over system operation and maintenance, improvements and changes

D) What are the disadvantages of developing customized software? (3 marks, 6 minutes)

Suggested Solution: Chapter 13, Strategies for Acquiring IT Applications

Level: Easy

• development will be more time consuming and costly than buying or leasing
• no opportunity to try out different software packages’ functionality and compatibility before investing
• the company will either need to hire sufficient IT personnel to develop and maintain the system or contract/outsource development to a reliable service provider

Globoha Company

Globoha Company sells rare books and antiques made of brass and other metals. The company has a physical location in Kolkata, West Bengal, India and another in Montreal, Quebec, Canada. It also has a secure web site.

Globoha has an inventory system that requires each item to have a serial number, as well as providing detailed information about the product (for example, age, description, author or artist), the product cost and product selling price.

Typical inventory information looks like this:

Notes:

• The Product Type* and Serial number* are used to link the inventory information to other tables that contain detailed information about the product, such as age, author, artist or publisher. There are separate tables for BookHard products (hardcover books), BookSoft (softcover books), AntiqueBrass (antiques made of brass), as well as fifteen other product types that each have different tables.
• Products that are not ready for sale (such as antiques that need fixing or refurbishing) are given a zero sales price.

Required:

A) For each of the following two types of portals, describe the nature or purpose of this type of portal and provide an example of how Globoha Company could use the portal.

(4 marks, 8 minutes)

• Affinity portal
• Corporate portal

Suggested Solution: Chapter 6 Network Applications: Discovery

Level: Medium

Affinity portal:

• offers a single point of entry to an entire community of affiliated interests, such as a hobby group or a political party

Example: Glohoba could set up an affinity portal for collectors or dealers of rare books and/or antiques, where it could provide information about its products as well as links to sites of associations, museums and organizations providing access to and information about other artifacts, discoveries and related news, and capabilities for individuals to communicate.

Corporate portal:

• offers a personalized, single point of access through a web browser to critical business information located inside and outside an organization. These portals are also known as enterprise portals, information portals, and enterprise information portals. In addition to making it easier to find needed information, corporate portals offer customers and employees self-service opportunities.

Example: Globoha’s corporate portal could be used by their buyers when travelling to find and purchase product, to consult and update Globoha’s inventory records and to obtain information about contacts that they want to visit in other locations/countries. The corporate portal could also be accessed by other rare book and antique dealers to obtain information about products ofinterest to them and their customers and to share product information with Globoha and other dealers.

B) For each of the following network technologies, explain how Globoha Company could use the technology. (5 marks, 10 minutes))

• network interface card
• modem
• digital subscriber line
• TCP/IP
• Ethernet

Suggested Solution: Chapter 6, Network Fundamentals

Level: Medium

• A network interface card (NIC) will need to be installed in every device that is connected to the local area network (LAN) at each Globoha location to allow the device to physically connect to the network.

• A modem will be needed for converting digital data to analog to be transmitted from Globoha’s network to customers’ or business partners’ computers via analog transmission lines, such as telephone lines, then converting analog signals back to digital upon receipt by Globoha’s server.

• Digital subscriber lines (DSL) could be used to provide high speed transmission of digital data from Globoha’s business locations over existing telephone lines. While faster transmission technologies exist, DSL may be the best priced and most readily available tomeet the needs of this relatively small business, with offices in two very different technologically serviced areas,

• TCP/IP, or Transmission Control Protocol / Internet Protocol, is a suite of protocols for managing the movement of packets of data across the Internet. Globoha will need to use TCP/IP in operation of its website, to facilitate data transfer to and from customers who are browsing or buying; and for digital communications between the two Globoha offices and between offsite employees or business partners and the Globoha offices.

• Ethernet is a common protocol for LANs and will be used by Globoha to manage data transmission within each of the LANs at its Kolkata and Montreal offices.

Internal Audit Summer Job

As a summer job you have been hired as an intern in the internal audit department of a large national retail organization. As part of your job, you will be assisting with a vulnerability assessment prior to conducting a risk assessment.

Then, the team will consider how controls in information systems could affect privacy at the organization, prior to testing these controls.

A) Describe four factors that would increase the vulnerability of your organization’s information assets. (4 marks)

Suggested Solution: Chapter 4 Introduction to Information Security

Level: Easy

The answer should focus on 4 of the following 5 key contributing factors that increase the vulnerability of the organization’s information assets, and should explain how each makes it more difficult to secure the assets

1. The modern interconnected, interdependent, wirelessly networked business environment: Connection to the internet exposes the organization to a world of external, untrusted networks and potential attackers who may destroy, corrupt or steal the organization’s data. Wireless networks are inherently non-secure and may be used by employees to access the organization’s data.
2. Smaller, faster, cheaper computers and storage devices: These make it much easier for employees to take work away from the office, where their device can easily be lost or stolen, along with potentially huge amounts of sensitive information. It is also less expensive for hackers to powerful computers and internet connections that further enable them to attack.
3. Decreasing skills necessary to become a computer hacker: Easy to use scripts for attacking systems are freely available on the internet.
4. International organized crime taking over cyber-crime: Employing skilled hackers, well-organized criminal networks target security software weaknesses to carry out computer-based crimes that cause billions of dollars in damages to businesses each year.
5. Lack of management support: For an entire organization to take security policies and procedures seriously, senior managers must set the tone and middle and low level managers must implement and ensure adherence to the policies and procedures. Without that support effective controls willnot be in place to protect the organization’s information assets.

B) For each of the following types of controls, define or describe the type of control, and provide an example of that type of control that might contribute to improved privacy over customer data at the retail organization:

• .
• logical access controls
• firewalls
• employee monitoring systems
• application controls.

(8 marks, 20 minutes)

Suggested Solution: Chapter 4 Information Security Controls

Level: Hard

Examples must clearly represent the control type and must also provide a valid demonstration of how this type of control can be protect customer data privacy. Numerous examples are acceptable, some are shown below.

C) Your internal audit team members will be working at two different locations at the organization: some of you will be working in Toronto, while others will be in Montreal. Provide four examples of how your team could use information technology to collaborate during the completion of your work. (4 marks, 8 minutes)

Suggested Solution: Chapter 6 Network Applications: Collaboration, Network Applications: Communication

Level: Medium

The student’s response should describe the use of network applications for collaboration and possibly some for communication, and should also appropriately explain how the capabilities of these tools would assist the audit team. An example follows. Other points are also possible.

The audit team members will need to collaborate virtually to share sample data and to develop audit findings, notes and reports. They could use one of the products such as Google Drive, Jive, IBM Lotus Quickr or Microsoft SharePoint Workspace to provide a distributed database for their shared sample data, share development of audit report documentation, set up workgroup email, bulletin whiteboards and instant messaging, and hold instant virtual meetings. They can use version control or version management to accommodate multiple people working on the same document synchronously or asynchronously.

They can also use less sophisticated, and perhaps less efficient tools such as conventional email and reliance on managerial control over versions of documents.

Video conferencing or teleconferencing will be useful for audit team meetings and for some meetings with the client, and VOIP technology such as Skype will enable inexpensive frequent communication among team members.

D) Describe how you could use 5 different types of personal application software to assist you in your Internal Audit job. (5 marks)

Suggested Solution: Technology Guide 2, Application Software

Level: Medium

The student’s answer could describe use of any 5 different types of personal application software from table TG 2.1 for purposes appropriate to the Internal Audit job role. Some examples follow:

• Use spreadsheets to record observations from samples when testing controls
• Use spreadsheets to record project plans or daily/weekly workplans
• Word processing – for reporting results of vulnerability assessments, risk assessments, for preparing audit report
• Data management – to store and manage data that has been drawn from client’s systems for samples
• Presentation – use PowerPoint to prepare a presentation of audit results/summary for audit managers, client
• Personal information management - to create and maintain calendars, appointments, to-do lists to help you organize and manage your work time on the audit
• Personal finance – probably not necessary for the audit, unless you need to record expenses to claim
• Communications – use Skype and/or other communication and collaboration applications to collaborate with the audit team members in multiple locations

Lovely Hands Company

Lovely Hands Company (LHC) is a jewelry store that specializes in diamond rings, Rolex watches and precious stone ornaments, such as diamond earrings. LHC’s products start at $500 and go upwards to a few high end items that sell for hundreds of thousands of dollars. The in-store jeweler, a master craftsman, designs products for his customers, and is world-renowned for his original designs.

LHC is considering embedding tiny RFID chips, called the Memory Spot, on the inside of each jewelry item in inconspicuous locations. At a size only slightly larger than the tip of a pencil, the Memory Spot can easily be placed upon products in places where they are difficult to remove without the proper tools. The jeweler would be responsible for embedding and removing these chips. For low-end products (those that sell for less than $2,000), the chips would be permanently installed, while for high-end products they would be removed after customer payment by the jeweler, at the option of the customer.

The Memory Spot does not require a power source, as it uses power from the magnetic field generated by the wireless sensor network or by some wireless devices. The Memory Spot will contain information such as the materials present in the item (e.g. gold, platinum, emerald, or diamond), the item serial number, and its sales price. It will also contain the name and address of the store, and tracking software that can be remotely triggered in the event that the item is stolen. Since the Memory Spot reader must be very close to the item, the inside of the display cases will be fitted with readers, and trigger devices that can be turned on by employees with a foot button in the event of a robbery. The software will also be activated when the store closes at the end of the day, and deactivated when the store opens.

At time of purchase, store equipment will read the Memory Spot, match the information to the customer invoice, and transfer to the Memory Spot the customer’s name and address. In addition to using wireless systems for the Memory Spot, the store’s local area network is also enabled using wireless technology.

Required:

A) Describe three different types of electronic payments that LHC could accept. (3 marks)

Suggested Solution: Chapter 7, Overview of E-Business and E-Commerce

Level: Easy

The most frequently accepted types of e-payment, assuming that LHC’s customers are consumers, not businesses, would include:

• Electronic credit cards – the customer enters credit card information into their browser where it is encrypted for transmission to LHC. LHC transfers the encrypted data to a clearinghouse for verification with your bank (i.e the bank that issued your credit card) . The bank settles with LHC and bills you on your next credit card statement.
• Smart cards – may include credit card or debit card transactions, at your choice, transacted as described for e-credit card above
• Digital wallet, on a smart phone or a desktop or laptop computer – can store your credit or debit card, gift cards and other id cards, where the data are encrypted and a digital certificate is also included that identifies the authorized cardholder. While computer resident digital wallets can be used for online purchases, those on smartphones can be used for in-store purchases by tapping the phone on the mercahnt’s terminalor scanning a QR code. A PIN or a fingerprint reader are used for security, Bluetooth or near field communication is used for data transmission. Digital wallets are available fromPayPal, Googlw Wallet and a number of other companies.

If LHC often sold its jewellery to business customers, then it might also accept B2B e-payments such as:

• Electronic cheques, for which both LHC and the buyer would need to set up e-chequing account arrangements with their banks
• Purchasing cards, which, from LHC’c perspective, function similarly.

B) Describe two security threats that could occur with wireless networks. (2 marks, 4 minutes)

Suggested Solution: Chapter 8, Wireless Security

Level: Easy

The student’s answer could describe two of the following 5 types of security threats:

• A rogue access point -- an unauthorized access point to a wireless network
• An evil twin attack – an “evil twin”, (someone who wishes to access a wireless network for malicious purposes), simulates a wireless access point with the same wireless network name, or SSID, as the one that authorized users expect, so that users will then connect to the attacker’s system instead of the real access point. The attacker can then serve them a web page asking for them to provide confidential information such as usernames, passwords, and account numbers.
• War driving -- locating WLANs while driving (or walking) around a city or elsewhere. To war drive or walk, you simply need a Wi-Fi detector and a wirelessly enabled computer. The intruder can then obtain a free Internet connection and possibly gain access to important data and other resources.
• Eavesdropping -- unauthorized users access data that are travelling over wireless networks.
• Radio-frequency jamming -- a person or a device intentionally or unintentionally interferes with your wireless network transmissions.

C) The Memory Spot is a passive tag. Describe an active tag, and provide two advantages or disadvantages of active tags for LHC. (3 marks, 6 minutes)

Response: Chapter 8, The Internet of Things

Level: Medium

RFID tags have embedded microchips, which contain data, and antennas to transmit radio signals over a short distance to RFID readers.

Active RFID tags use internal batteries for power, and they broadcast radio waves to a reader.

Advantages:

• they can be read from greater distances than passive tags, which can be read only up to 6 metres.

Disadvantages:

• Because active tags contain batteries, they are more expensive than passive RFID tags,
• Larger than passive tags, so more difficult to place on some small items, or to conceal

D) Provide five specific examples of customer-touching applications that LHC could use. (5 marks)

Suggested Solution: Chapter 11, Operational CRM Systems

Level: Medium

Student’s answers could use appropriate examples of any of the following customer-touching application types, for which I have provided some examples:

1. Search and Comparison capabilities: LHC could give their customers the ability to compare quality and prices of precious stones/ gems, high-end watches and other items that they carry with those of other retailers,
2. technical and other information and services: LHC could make jewellery care instructions and products available to customers
3. Customized products and services: customers could develop custom designed jewellery,online, using collaboration tools to work with the jeweler
4. Personalized web pages for customers to record their purchases and preferences, problems and requests. This would also provideLHC with an excellent means of keeping in touch with the customers and their needs to enable top quality customer experiences
5. FAQ, Email and automated response can all be used effectively for quickly communicating general information to customers, to answer their questions or to alert them about new products or other important news.

E) Describe actions that the company can take to protect its wireless systems.

Suggested Solution: Technology Guide 5, Computer-Based Actions to Protect Your Information Assets

Level: Easy

Answers should be based on the following TG5 Computer Actions to Prevent Malware Infections:

Security features designed to protect wireless networks from intruders include:

- “Hide” your Service Set Identifier (SSID) that is needed to connect your wireless network’s router to your Internet Service Provider (ISP): i.e. (1) change your SSID from the default that came with the router and (2) stop broadcasting the SSID.

- Use encryption when using the wireless network, preferably Wifi Protected Access (WPA2), as well as strong passwords to gain access to the network.

- Filter out Media Access Control (MAC) addresses of all hardware that is not part of your network by instructing the network router to connect only with MACs that are part of your network.

- Limit the number of IP addresses that your router will connect with to the number of computers on your network.

- Use a wireless intrusion detection system to detect and monitor any intruders.

- use wireless security software, which includes firewall, anti-virus and anti-spyware software.

- test the network for vulnerabilities.

Men R Us

Men R Us Limited (MRU) is a large men’s wear store with locations in Canada and the U.S. MRU has been in business for over 50 years, and has resisted the development of an online store, as it felt that its customers prefer to try on and buy their clothing, rather than purchase over the internet. MRU has a basic web site that provides information about store locations and the different lines of clothing that it offers.

The number of telephone calls to the store about prices has increased, as customers seem to be comparison shopping much more before deciding to buy. MRU believes that a web site online store presence could increase its sales, because it could advertise its products online, even if it was only for the purpose of comparison shopping. Accordingly, it has decided that it will have its web site upgraded to provide for secure shopping.

MRU is considering several different approaches in the development of its online store, and would like a further explanation of the advantages and disadvantages of these approaches before proceeding. In particular, it is considering outsourcing, the use of an application service provider, and prototyping.

Required:

A) Describe the advantages and disadvantages to MRU of outsourcing the development of its online store. (3 marks)

Advantages include: MRU can experiment with the new IT without substantial upfront investment; and they will obtain access to outside experts. The main disadvantage is that they must place their valuable corporate data under the control of the outsourcing vendor (where it could be damaged, destroyed or inappropriately disseminated).

Suggested Solution: Chapter 13, Strategies for Acquiring IT Applications

B) Describe the advantages and disadvantages to MRU of the use of an application service provider. (4 marks)

Advantages include: Vendor software will generally include the features that are most commonly needed by organizations in a given industry, and MRU will decide which features are necessary; using an ASP can save time and money versus in-house development, operation and maintenance. Disadvantages include: the software may not exactly fit MRU’s application requirements; MRU’s corporate data, as well as service and support of the website are under control of the ASP.

Suggested Solution: Chapter 13, Strategies for Acquiring IT Applications

C) Describe the advantages and disadvantages to MRU of the use of prototyping.

(5 marks)

Advantages of prototyping:

• Helps clarify user requirements

• Helps verify the feasibility of the design

• Promotes genuine user participation

• Promotes close working relationship between systems developers and users

• Works well for ill-defined problems

• May produce part of the final system

Disadvantages of prototyping:

• May encourage inadequate problem analysis

• Is not practical with a large number of users

• User may not want to give up the prototype when the system is completed

• May generate confusion about whether the system is complete and maintainable

• System may be built quickly, which can result in lower quality