350 Part Two Information Technology Infrastructure
certificate system uses a trusted third party, known as a certificate authority
(CA), to validate a user’s identity. There are many CAs in the United States and
around the world, including Symantec, GoDaddy, and Comodo.
The CA verifies a digital certificate user’s identity offline. This information is
put into a CA server, which generates an encrypted digital certificate contain-
ing owner identification information and a copy of the owner’s public key. The
certificate authenticates that the public key belongs to the designated owner.
The CA makes its own public key available either in print or perhaps on the
Internet. The recipient of an encrypted message uses the CA’s public key to
decode the digital certificate attached to the message, verifies it was issued by
the CA, and then obtains the sender’s public key and identification information
contained in the certificate. By using this information, the recipient can send
an encrypted reply. The digital certificate system would enable, for example, a
credit card user and a merchant to validate that their digital certificates were
issued by an authorized and trusted third party before they exchange data. Pub-
lic key infrastructure (PKI), the use of public key cryptography working
with a CA, is now widely used in e-commerce.
Ensuring System Availability
As companies increasingly rely on digital networks for revenue and opera-
tions, they need to take additional steps to ensure that their systems and appli-
cations are always available. Firms such as those in the airline and financial
services industries with critical applications requiring online transaction pro-
cessing have traditionally used fault-tolerant computer systems for many years
to ensure 100 percent availability. In online transaction processing, transac-
tions entered online are immediately processed by the computer. Multitudi-
nous changes to databases, reporting, and requests for information occur each
Fault-tolerant computer systems contain redundant hardware, software,
and power supply components that create an environment that provides con-
tinuous, uninterrupted service. Fault-tolerant computers use special software
routines or self-checking logic built into their circuitry to detect hardware fail-
ures and automatically switch to a backup device. Parts from these computers
can be removed and repaired without disruption to the computer or downtime.
Downtime refers to periods of time in which a system is not operational.
Controlling Network Traffic: Deep Packet Inspection
Have you ever tried to use your campus network and found that it was very
slow? It may be because your fellow students are using the network to download
music or watch YouTube. Bandwith-consuming applications such as file-sharing
programs, Internet phone service, and online video can clog and slow down
corporate networks, degrading performance. For example, Ball State University
in Muncie, Indiana, found its network had slowed because a small minority of
students were using P2P file-sharing programs to download movies and music.
A technology called deep packet inspection (DPI) helps solve this prob-
lem. DPI examines data files and sorts out low-priority online material while
assigning higher priority to business-critical files. Based on the priorities estab-
lished by a network’s operators, it decides whether a specific data packet can
continue to its destination or should be blocked or delayed while more impor-
tant traffic proceeds. Using a DPI system from Allot Communications, Ball State
was able to cap the amount of file-sharing traffic and assign it a much lower
priority. Ball State’s preferred network traffic sped up.
Chapter 8 Securing Information Systems 351
Many companies, especially small businesses, lack the resources or expertise to
provide a secure high-availability computing environment on their own. They
can outsource many security functions to managed security service provid-
ers (MSSPs) that monitor network activity and perform vulnerability testing
and intrusion detection. SecureWorks, AT&T, Verizon, IBM, Perimeter eSecu-
rity, and Symantec are leading providers of MSSP services.
Security Issues for Cloud Computing and the Mobile
Although cloud computing and the emerging mobile digital platform have the
potential to deliver powerful benefits, they pose new challenges to system
security and reliability. We now describe some of these challenges and how
they should be addressed.
Security in the Cloud
When processing takes place in the cloud, accountability and responsibility
for protection of sensitive data still reside with the company owning that data.
Understanding how the cloud computing provider organizes its services and
manages the data is critical.
Cloud computing is highly distributed. Cloud applications reside in large
remote data centers and server farms that supply business services and data
management for multiple corporate clients. To save money and keep costs low,
cloud computing providers often distribute work to data centers around the
globe where work can be accomplished most efficiently. When you use the
cloud, you may not know precisely where your data are being hosted.
The dispersed nature of cloud computing makes it difficult to track unauthor-
ized activity. Virtually all cloud providers use encryption, such as SSL, to secure
the data they handle while the data are being transmitted. However, if the data
are stored on devices that also store other companies’ data, it’s important to
ensure that these stored data are encrypted as well. According to research from
Alert Logic, there has been a 45 percent year-over-year increase in attacks on
the cloud. DDoS attacks are especially harmful because they render cloud ser-
vices unavailable to legitimate customers.
Companies expect their systems to be running 24/7. Cloud providers still
experience occasional outages, but their reliability has increased to the point
where a number of large companies are using cloud services for part of their IT
infrastructures. Most keep their critical systems in-house.
Cloud users need to confirm that regardless of where their data are stored,
they are protected at a level that meets their corporate requirements. They
should stipulate that the cloud provider store and process data in specific juris-
dictions according to the privacy rules of those jurisdictions. Cloud clients
should find how the cloud provider segregates their corporate data from those of
other companies and ask for proof that encryption mechanisms are sound. It’s
also important to know how the cloud provider will respond if a disaster strikes,
whether the provider will be able to restore your data completely, and how long
this should take. Cloud users should also ask whether cloud providers will sub-
mit to external audits and security certifications. These kinds of controls can be
written into the service level agreement (SLA) before signing with a cloud pro-
vider. The Cloud Security Alliance (CSA) has created industrywide standards for
cloud security, specifying best practices to secure cloud computing.
352 Part Two Information Technology Infrastructure
Securing Mobile Platforms
If mobile devices are performing many of the functions of computers, they
need to be secured like desktops and laptops against malware, theft, accidental
loss, unauthorized access, and hacking attempts. The Interactive Session on
Technology describes these mobile vulnerabilities in greater detail and their
implications for both individuals and businesses.
Mobile devices accessing corporate systems and data require special protec-
tion. Companies should make sure that their corporate security policy includes
mobile devices, with additional details on how mobile devices should be sup-
ported, protected, and used. They will need mobile device management tools
to authorize all devices in use; to maintain accurate inventory records on all
mobile devices, users, and applications; to control updates to applications; and
to lock down or erase lost or stolen devices so they can’t be compromised. Data
loss prevention technology can identify where critical data are saved, who is
accessing the data, how data are leaving the company, and where the data are
going. Firms should develop guidelines stipulating approved mobile platforms
and software applications as well as the required software and procedures for
remote access of corporate systems. The organization’s mobile security policy
should forbid employees from using unsecured, consumer-based applications
for transferring and storing corporate documents and files or sending such doc-
uments and files to oneself by e-mail without encryption.
Companies should encrypt communication whenever possible. All mobile
device users should be required to use the password feature found in every
smartphone. Mobile security products are available from Kaspersky, Symantec,
Trend Micro, and McAfee.
Ensuring Software Quality
In addition to implementing effective security and controls, organizations can
improve system quality and reliability by employing software metrics and rig-
orous software testing. Software metrics are objective assessments of the sys-
tem in the form of quantified measurements. Ongoing use of metrics allows the
information systems department and end users to measure the performance of
the system jointly and identify problems as they occur. Examples of software
metrics include the number of transactions that can be processed in a specified
unit of time, online response time, the number of payroll checks printed per
hour, and the number of known bugs per hundred lines of program code. For
metrics to be successful, they must be carefully designed, formal, objective,
and used consistently.
Early, regular, and thorough testing will contribute significantly to system
quality. Many view testing as a way to prove the correctness of work they have
done. In fact, we know that all sizable software is riddled with errors, and we
must test to uncover these errors.
Good testing begins before a software program is even written, by using a
walkthrough—a review of a specification or design document by a small group
of people carefully selected based on the skills needed for the particular objec-
tives being tested. When developers start writing software programs, coding
walkthroughs can also be used to review program code. However, code must be
tested by computer runs. When errors are discovered, the source is found and
eliminated through a process called debugging. You can find out more about the
various stages of testing required to put an information system into operation
in Chapter 13. Our Learning Tracks also contain descriptions of methodologies
for developing software programs that contribute to software quality.
Chapter 8 Securing Information Systems 353
INTERACTIVE SESSION: TECHNOLOGY
BYOD: A Security Nightmare?
Bring your own device has become a huge trend, share files. There are also many instances where
with half of employees with mobile computing tools employees are using Dropbox to store and exchange
at workplaces worldwide using their own devices. files without their employers’ approval. In early 2015
This figure is expected to increase even more in the Dropbox had to patch a security flaw that allowed
years to come. But while use of the iPhone, iPad, and cyberattackers to steal new information uploaded
other mobile computing devices in the workplace to accounts through compromised third-party apps
is growing, so are security problems. Quite a few that work with Dropbox services on Android devices.
security experts believe that smartphones and other There’s very little a company can do to prevent
mobile devices now pose one of the most serious employees who are allowed to use their smartphones
security threats for organizations today. from downloading corporate data so they can work
on those data remotely.
Whether mobile devices are company-assigned or
employee-owned, they are opening up new avenues Text messaging and other mobile messaging tech-
for accessing corporate data that need to be closely nologies are being used to deliver all kinds of scam
monitored and protected. Sensitive data on mobile campaigns, such as adult content and rogue phar-
devices travel, both physically and electronically, macy, phishing, and banking scams, and text mes-
from the office to home and possibly other off-site sages have been a propagation medium for Trojan
locations. According to a February 2016 Ponemon horses and worms. A malicious source is now able
Institute study of 588 U.S. IT and security profession- to send a text message that will open in a mobile
als, 67 percent of those surveyed reported that it was browser by default, which can be readily utilized to
certain or likely that an employee’s mobile access exploit the recipient.
to confidential corporate data had resulted in a data
breach. Unfortunately, only 41 percent of respon- To date, deliberate hacker attacks on mobile
dents said their companies had policies for accessing devices have been limited in scope and impact,
corporate data from mobile devices. but this situation is worsening. Android is now the
world’s most popular operating system for mobile
More than half of security breaches occur when devices with 81 percent of the global market, and
devices are lost or stolen. That puts all of the per- most mobile malware is targeted at the Android plat-
sonal and corporate data stored on the device, as well form. When corporate and personal data are stored
as access to corporate data on remote servers, at risk. on the same device, mobile malware unknowingly
Physical access to mobile devices may be a greater installed by the user could find its way onto the cor-
threat than hacking into a network because less porate network.
effort is required to gain entry. Experienced attack-
ers can easily circumvent passwords or locks on Apple uses a closed “walled garden” model for
mobile devices or access encrypted data. Moreover, managing its apps and reviews each one before
many smartphone users leave their phones totally releasing it on its App Store. Android applica-
unprotected to begin with or fail to keep the security tion security has been weaker than that for Apple
features of their devices up-to-date. In the Websense devices, but it is improving. Android application
and the Ponemon Institute’s Global Study on Mobil- security uses sandboxing, which confines apps, mini-
ity Risks, 59 percent of respondents reported that mizing their ability to affect one another or manipu-
employees circumvented or disabled security fea- late device features without user permission. Google
tures such as passwords and key locks. removes any apps that break its rules against mali-
cious activity from Google Play, its digital distribu-
Another worry today is large-scale data leakage tion platform that serves as the official app store for
caused by use of cloud computing services. Employ- the Android operating system. Google also vets the
ees are increasingly using public cloud services such backgrounds of developers. Recent Android security
as Google Drive or Dropbox for file sharing and col- enhancements include assigning varying levels of
laboration. Valiant Entertainment, Cenoric Projects, trust to each app, dictating what kind of data an app
Vita Coco, and BCBGMAXAZRIAGROUP are among can access inside its confined domain, and providing
the companies allowing employees and freelance a more robust way to store cryptographic credentials
contractors to use Dropbox for Business to post and used to access sensitive information and resources.
354 Part Two Information Technology Infrastructure understanding users and their needs helps a mobile
security strategy progress further. VmAirWatch cate-
Google Play now provides security scanning of all gorizes similar groups of users and devises a specific
applications before they are available to download, plan of action for each group, choosing the right
ongoing security checks for as long as the appli- tools for the job.
cation is available, and a Verify Apps service for
mobile device protection for apps installed outside According to Patrick Hevesi, Nordstrom’s former
of Google Play. However, these Android improve- director of security, if users need access to criti-
ments are largely only for people who use a phone cal corporate data that must be protected, the firm
or tablet running a newer version of Android and should probably allow only fully managed, fully con-
restrict their app downloads to Google’s own Play trolled, approved types of devices. Users who only
store. want mobile tools for e-mail and contacts can more
easily bring their own devices. The key questions
Companies need to develop mobile security strat- to ask are called the “three Ws”: Who needs access?
egies that strike the right balance between improv- What do they need to access? What is the security
ing worker productivity and effective information posture of the device?
security. Aetna’s Chief Security Officer (CSO) Jim
Routh says there is a certain minimum level of Sources: Michael Heller, “Mobile Security Strategy Matures with
mobile security he requires regardless of whether a BYOD,” and Kathleen Richards, “CISOs Battle to Control Mobile
device is company- or personally owned. Aetna has Risk in the Workplace,” Information Security Magazine, June 1, 2016;
about 6,000 users equipped with mobile devices that Nathan Olivarez-Giles, “Android’s Security Improves—for the Few,”
are either personally owned or issued by the com- Wall Street Journal, April 21, 2016; Ponemon Institute, “The Economic
pany. Each device has mandatory protection that Risk of Confidential Data on Mobile Devices in the Workplace,”
provides an encrypted channel to use in unsecured February, 2016; McAfee Inc., “Mobile Threat Report: What’s on the
Wi-Fi networks and alerts the user and the company Horizon for 2016,” 2016; Charlie Osborne, “Dropbox Patches Android
if a malicious app is about to be installed on the Security Flaw,” Zero Day, March 11, 2015; Edel Creely, “5 BYOD Secu-
device. rity Implications and How to Overcome Them,” Trilogy Technolo-
gies, May 26, 2015; Tony Kontzer, “Most of Your Mobile Apps Have
Colin Minihan, director of security and best Been Hacked,” Baseline, January 16, 2015; and Ponemon Institute,
practices at VMWare AirWatch, believes that Global Study on Mobility Risks (February 2012).
CASE STUDY QUESTIONS 3. What management, organizational, and technol-
ogy issues must be addressed by smartphone
1. It has been said that a smartphone is a computer security?
in your hand. Discuss the security implications of
this statement. 4. What steps can individuals and businesses take to
make their smartphones more secure?
2. What kinds of security problems do mobile com-
puting devices pose?
8-1 Why are information systems vulnerable to destruction, error, and abuse?
Digital data are vulnerable to destruction, misuse, error, fraud, and hardware or software failures.
The Internet is designed to be an open system and makes internal corporate systems more vulnerable
to actions from outsiders. Hackers can unleash denial-of-service (DoS) attacks or penetrate corporate
networks, causing serious system disruptions. Wi-Fi networks can easily be penetrated by intruders
using sniffer programs to obtain an address to access the resources of the network. Computer viruses
and worms can disable systems and websites. The dispersed nature of cloud computing makes it dif-
ficult to track unauthorized activity or to apply controls from afar. Software presents problems because
software bugs may be impossible to eliminate and because software vulnerabilities can be exploited by
hackers and malicious software. End users often introduce errors.
Chapter 8 Securing Information Systems 355
8-2 What is the business value of security and control?
Lack of sound security and control can cause firms relying on computer systems for their core busi-
ness functions to lose sales and productivity. Information assets, such as confidential employee
records, trade secrets, or business plans, lose much of their value if they are revealed to outsiders or if
they expose the firm to legal liability. Laws, such as HIPAA, the Sarbanes-Oxley Act, and the Gramm-
Leach-Bliley Act, require companies to practice stringent electronic records management and adhere
to strict standards for security, privacy, and control. Legal actions requiring electronic evidence and
computer forensics also require firms to pay more attention to security and electronic records
8-3 What are the components of an organizational framework for security and control?
Firms need to establish a good set of both general and application controls for their information
systems. A risk assessment evaluates information assets, identifies control points and control weak-
nesses, and determines the most cost-effective set of controls. Firms must also develop a coherent
corporate security policy and plans for continuing business operations in the event of disaster or dis-
ruption. The security policy includes policies for acceptable use and identity management. Compre-
hensive and systematic information systems auditing helps organizations determine the effectiveness
of security and controls for their information systems.
8-4 What are the most important tools and technologies for safeguarding information resources?
Firewalls prevent unauthorized users from accessing a private network when it is linked to the
Internet. Intrusion detection systems monitor private networks for suspicious network traffic and
attempts to access corporate systems. Passwords, tokens, smart cards, and biometric authentication
are used to authenticate system users. Antivirus software checks computer systems for infections by
viruses and worms and often eliminates the malicious software; antispyware software combats intru-
sive and harmful spyware programs. Encryption, the coding and scrambling of messages, is a widely
used technology for securing electronic transmissions over unprotected networks. Digital certificates
combined with public key encryption provide further protection of electronic transactions by authen-
ticating a user’s identity. Companies can use fault-tolerant computer systems to make sure that their
information systems are always available. Use of software metrics and rigorous software testing help
improve software quality and reliability.
Key Terms Encryption, 348
Evil twin, 331
Acceptable use policy (AUP), 341 Fault-tolerant computer systems, 350
Antivirus software, 347 Firewall, 346
Application controls, 337 General controls, 337
Authentication, 344 Gramm-Leach-Bliley Act, 336
Biometric authentication, 345 Hacker, 329
Botnet, 329 HIPAA, 335
Bugs, 334 Identity management, 341
Business continuity planning, 343 Identity theft, 331
Click fraud, 332 Information systems audit, 343
Computer crime, 330 Intrusion detection systems, 347
Computer forensics, 336 Keyloggers, 328
Computer virus, 326 Malware, 326
Controls, 323 Managed security service providers (MSSPs), 351
Cybervandalism, 329 Online transaction processing, 350
Cyberwarfare, 333 Password, 344
Deep packet inspection (DPI), 350 Patches, 334
Denial-of-service (DoS) attack, 329 Pharming, 331
Digital certificates, 349 Phishing, 331
Disaster recovery planning, 342 Public key encryption, 348
Distributed denial-of-service (DDoS) attack, 329 Public key infrastructure (PKI), 350
Drive-by download, 327
356 Part Two Information Technology Infrastructure Spoofing, 329
Ransomware, 328 SQL injection attack, 328
Risk assessment, 338 Token, 344
Sarbanes-Oxley Act, 336 Trojan horse, 328
Secure Hypertext Transfer Protocol (S-HTTP), 348 Two-factor authentication, 345
Secure Sockets Layer (SSL), 348 Unified threat management (UTM), 348
Security, 323 War driving, 325
Security policy, 341 Worms, 326
Smart card, 345 Zero-day vulnerabilities, 334
Social engineering, 333
To complete the problems with the MyLab MIS, go to EOC Discussion Questions in the MyLab MIS.
Review Questions • Define application controls and describe
each type of application control.
8-1 Why are information systems vulnerable to
destruction, error, and abuse? • Describe the function of risk assessment
and explain how it is conducted for informa-
• List and describe the most common threats tion systems.
against contemporary information systems.
• Define and describe the following: security
• Define malware and distinguish among a policy, acceptable use policy, and identity
virus, a worm, and a Trojan horse. management.
• Define computer crime. Provide two exam- • Distinguish between disaster recovery plan-
ples of crime in which computers are targets ning and business continuity planning.
and two examples in which computers are
used as instruments of crime. • Explain how information systems auditing
promotes security and control.
• Define DoS and DDoS attacks and explain
how they relate to botnets. 8-4 What are the most important tools and technol-
ogies for safeguarding information resources?
• Define identity theft and phishing and
explain why identity theft is such a big prob- • Name and describe three authentication
lem today. methods.
• Describe the security and system reliability • Describe the roles of firewalls, intrusion
problems employees create. detection systems, and antivirus software in
• Explain how software defects affect system
reliability and security. • Explain how encryption protects
8-2 What is the business value of security and
control? • Describe the role of encryption and digital
certificates in a public key infrastructure.
• Explain how security and control provide
value for businesses. • Describe techniques companies use to
ensure system availability.
• Define and describe the techniques involved
in computer forensics. • Identify and describe the security problems
cloud computing poses.
8-3 What are the components of an organizational
framework for security and control? • Describe measures for improving software
quality and reliability.
• Define general controls and describe each
type of general control.
Discussion Questions Chapter 8 Securing Information Systems 357
8-5 Security isn’t simply a technology issue, it’s a 8-7 Suppose your business had an e-commerce
MyLabMIS business issue. Discuss. MyLabMIS website where it sold goods and accepted
8-6 If you were developing a business continuity credit card payments. Discuss the major secu-
MyLabMIS plan for your company, where would you rity threats to this website and their potential
impact. What can be done to minimize these
start? What aspects of the business would the threats?
Hands-On MIS Projects
The projects in this section give you hands-on experience analyzing security vulnerabilities, using spread-
sheet software for risk analysis, and using web tools to research security outsourcing services. Visit MyLab
MIS’s Multimedia Library to access this chapter’s Hands-On MIS Projects.
Management Decision Problems
8-8 Reloaded Games is an online games platform that powers leading massively multiplayer online games. The
Reloaded platform serves more than 30 million users. The games can accommodate millions of players at
once and are played simultaneously by people all over the world. Prepare a security analysis for this Inter-
net-based business. What kinds of threats should it anticipate? What would be their impact on the business?
What steps can it take to prevent damage to its websites and continuing operations?
8-9 A survey of your firm’s IT infastructure has identified a number of security vulnerabilities. Review the data
about these vulnerabilities, which can be found in a table in MyLab MIS. Use the table to answer the follow-
• Calculate the total number of vulnerabilities for each platform. What is the potential impact of the secu-
rity problems for each computing platform on the organization?
• If you only have one information systems specialist in charge of security, which platforms should you
address first in trying to eliminate these vulnerabilities? Second? Third? Last? Why?
• Identify the types of control problems these vulnerabilities illustrate and explain the measures that
should be taken to solve them.
• What does your firm risk by ignoring the security vulnerabilities identified?
Improving Decision Making: Using Spreadsheet Software to Perform a Security Risk
Software skills: Spreadsheet formulas and charts
Business skills: Risk assessment
8-10 This project uses spreadsheet software to calculate anticipated annual losses from various security threats
identified for a small company.
Mercer Paints is a paint manufacturing company located in Alabama that uses a network to link its
business operations. A security risk assessment that management requested identified a number of poten-
tial exposures. These exposures, their associated probabilities, and average losses are summarized in a table,
which can be found in MyLab MIS. Use the table to answer the following questions:
• In addition to the potential exposures listed, identify at least three other potential threats to Mercer
Paints, assign probabilities, and estimate a loss range.
• Use spreadsheet software and the risk assessment data to calculate the expected annual loss for each
• Present your findings in the form of a chart. Which control points have the greatest vulnerability? What
recommendations would you make to Mercer Paints? Prepare a written report that summarizes your
findings and recommendations.
358 Part Two Information Technology Infrastructure
Improving Decision Making: Evaluating Security Outsourcing Services
Software skills: Web browser and presentation software
Business skills: Evaluating business outsourcing services
8-11 This project will help develop your Internet skills in using the web to research and evaluate security out-
You have been asked to help your company’s management decide whether to outsource security or
keep the security function within the firm. Search the web to find information to help you decide whether
to outsource security and to locate security outsourcing services.
• Present a brief summary of the arguments for and against outsourcing computer security for your company.
• Select two firms that offer computer security outsourcing services and compare them and their services.
• Prepare an electronic presentation for management, summarizing your findings. Your presentation
should make the case of whether your company should outsource computer security. If you believe
your company should outsource, the presentation should identify which security outsourcing service
you selected and justify your decision.
Collaboration and Teamwork Project
Evaluating Security Software Tools
8-12 With a group of three or four students, use the web to research and evaluate security products from two
competing vendors, such as for antivirus software, firewalls, or antispyware software. For each product,
describe its capabilities, for what types of businesses it is best suited, and its cost to purchase and install.
Which is the best product? Why? If possible, use Google Docs and Google Drive or Google Sites to brain-
storm, organize, and develop a presentation of your findings for the class.
Information Security Threats and Policies in Europe
The IT sector is one of the key drivers of the European a botnet distributed around the world. A botnet is a
economy. It has been estimated that 60 percent of network of autonomous malicious software agents
Europeans use the Internet regularly. Additionally, that are under the control of a bot commander. The
87 percent own or have access to mobile phones. In network is created by installing malware that exploits
2015, the European broadband market was one of the vulnerabilities of Web servers, operating systems,
the largest in the world. These facts demonstrate the or applications to take control of the infected comput-
importance of ensuring the security and safe opera- ers. Once a computer is infected it becomes part of a
tion of the Internet for the well-being of the European network of thousands of “zombies”; that is, machines
economy. However, the safety and security of the that are commanded to carry out the attack.
Internet have been threatened in recent years as
Internet-based cyber attacks have become increas- The cyber attack on Estonia started in late April
ingly sophisticated. 2007 and lasted for almost 3 weeks. During this
period, vital parts of the Estonian Internet network
In 2007, Estonia suffered a massive cyber attack that had to be closed from access from outside the coun-
affected the government, the banking system, media, try, causing millions of dollars in economic losses.
and other services. The attack was performed using
a variety of techniques, ranging from simple indi- At around the same time, Arsys, an important
vidual ping commands and message flooding to more Spanish domain registration company, was also tar-
sophisticated distributed denial-of-service (DDoS) geted by international hackers. Arsys reported that
attacks. Hackers coordinated the attack by using a hackers had stolen codes that were then used to insert
large number of compromised servers organized in links to external servers containing malicious codes
in the Web pages of some of its clients.
In 2009, an estimated 10 million computers were Chapter 8 Securing Information Systems 359
infected with the Conficker worm worldwide. France,
the United Kingdom, and Germany were among the Witherspoon (a pub chain), and CarphoneWarehouse.
European countries that suffered the most infections. com (an online store). In each case hundreds of thou-
The French navy had to ground all military planes sands of customers had their personal data compro-
when it was discovered that its computer network was mised. Infrastructure is also a target in Europe. In
infected. In the United Kingdom, the worm infected April 2015 hackers vandalized TV5Monde in France,
computers in the Ministry of Defence, the city of taking down 11 TV channels, parts of its Web site, and
Manchester’s city council and police IT network, its social media site as well. The action was allegedly
some hospitals in the city of Sheffield, and other gov- carried out by Middle Eastern terrorist groups.
ernment offices across the country. Computers in the
network of the German army were also reported as To overcome the absence of cooperation among EU
infected. Once installed on a computer, Conficker is states, in 2004 the European Commission established
able to download and install other malware from con- the European Network and Information Security
trolled websites, and thus infected computers could Agency (ENISA) with the goal of coordinating efforts
be under full control of the hackers. to prevent and respond more effectively to poten-
tially more harmful security threats. ENISA’s main
More recently, a sophisticated malware threat tar- objectives are to secure Europe’s information infra-
geting industrial systems was detected in Germany, structure, promote security standards, and educate
Norway, China, Iran, India, Indonesia, and other the general public about security issues.
countries. The malware, known as Stuxnet, infected
Windows PCs running the Supervisory Control and The European Commission has recently launched
Data Acquisition (SCADA) control system from the the Digital Agenda for Europe. The goal of this ini-
German company Siemens. Stuxnet was propagated tiative is to define the key role that information and
via USB devices. Experts estimated that up to 1,000 communication technologies will play in 2020. The
machines were infected on a daily basis at the peak initiative calls for a single, open European digital
of the infection. The malware, hidden in shortcuts market.
to executable programs (files with extension .lnk),
was executed automatically when the content of an Prior to 2015, there was no common approach
infected USB drive was displayed. Employing this to digital network breaches, hacks, or vandalism.
same technique, the worm was capable of installing In 2016, the European Parliament adopted the NIS
other malware. Initially, security experts disclosed Directive on security of network and information
that Stuxnet was designed to steal industrial secrets systems. The Directive came into force in August
from SIMATIC WinCC, a visualization and control 2016. Member states were given 21 months to trans-
software system from Siemens. However, data gath- pose the Directive into their national laws and
ered later by other experts indicates that the worm 6 months more to identify operators of essential
was actually looking for some specific programmable services. The NIS Directive requires EU nations to
logic controller (PLC) devices used in a specific indus- develop a Computer Security Incident Response
trial plant, a fact that points to the possibility that the Team (CSIRT) and a national NIS authority to iden-
malware was part of a well-planned act of sabotage. tify essential services that could be imperiled by
Even though none of the sites infected with Stuxnet security breaches.
suffered physical damage, the significance that such
a sophisticated threat represents to the industrial The new law also sets cybersecurity standards
resources in Europe and other parts of the world across a wide range of government agencies such as
cannot be underestimated. airports, transportation centers, and government
offices. For the first time, Europe has developed a
Europe has been the location of some large cyber- coordinated approach to cyber security.
attacks and data breaches in 2015. Among the targets
were TalkTalk (a large ISP in the United Kingdom), J.D. Sources: European Commission, “The Directive on Security of
Network and Information Systems,” ec.europa.eu, July 16, 2016;
Bob Tarzey, “At Least 1 in 5 Europe Enterprises Lose Data Through
Targeted Cyber Attacks,” Computer Weekly, December 18, 2015;
“Europe Agrees Response to Cyber-attacks,” BBC News, 8 Decem-
ber 2015; Gunther Oettinger, “New EU Rules Agreed on Cyber
Security Breaches,” DW.com, December 8, 2015; Don Melvin,
360 Part Two Information Technology Infrastructure 8-14 Describe some of the main points of the Net-
work and Information Security (NIS) Directive.
“Cyberattack Disables 11 French TV Channels, Takes Over Social
Media Sites,” Don Melvin, CNN, April 9, 2015; European Commis- 8-15 Explain how a cyberattack can be carried out.
sion, “Network and Information Security (NIS) Directive,” Digital 8-16 Describe some of the weaknesses exploited by
Agenda For Europe, European Commission, March 16, 2015.
CASE STUDY QUESTIONS
8-13 What is a botnet? Case contributed by Daniel Ortiz-
Arroyo, Aalborg University.
Go to the Assignments section of MyLab MIS to complete these writing exercises.
8-17 Describe three spoofing tactics employed in identity theft by using information systems.
8-18 Describe four reasons mobile devices used in business are difficult to secure.
Chapter 8 Securing Information Systems 361
Chapter 8 References
Bajaj, Vikas. “The Perils of Automated Flight.” New York Times Poremba, Sue Marquette. “Hackers Targeting the Cloud at Higher
(April 30, 2015). Rates Than Ever.” IT Business Edge (October 15, 2015).
Boss, Scott R., Dennis F. Galletta, Paul Benjamin Lowry, Gregory Posey, Clay, Tom L. Roberts, and Paul Benjamin Lowry. “The
D. Moody, and Peter Polak. “What Do Systems Users Have to Impact of Organizational Commitment on Insiders’
Fear? Using Fear Appeals to Engender Threats and Fear that Motivation to Protect Organizational Information Assets.”
Motivate Protective Security Behaviors. MIS Quarterly 39, Journal of Management Information Systems 32 No. 4 (2015).
No. 4 (December 2015).
Reisinger, Don. “Android Security Remains a Glaring Problem: 10
Boyle, Randall J. and Raymond R. Panko. Corporate Computer Reasons Why.” eWeek (March 2, 2014).
Security (4th ed.). Upper Saddle River, NJ: Prentice-Hall
(2015). Ribeiro, John. “Hacker Group Targets Skype Social Media
Accounts,” Computer World (January 2, 2014).
Chen, Yan and Fatemeh Mariam Zahedi. “Individuals’ Internet
Security Perceptions and Behaviors: Polycontextual Contrasts Sadeh, Norman M. “Phish Isn’t Spam.” Information Week (June 25,
Between the United States and China” MIS Quarterly 40, No. 1 2012).
Samuel, Alexandra. “Online Security as Herd Immunity.” Harvard
Chen, Yan, K. Ram Ramamurthy, and Kuang-Wei Wen. Business Review (March 13, 2014).
“Organizations’ Information Security Policy Compliance:
Stick or Carrot Approach?” Journal of Management Information Scharr, Jill. “Fake Instagram ‘Image Viewers’ Are Latest Malware
Systems 29, No. 3 (Winter 2013). Fad.” Tom’s Guide (May 8, 2014).
CSA Top Threats Working Group. “The Treacherous Twelve: CSA’s Schwartz, Matthew J. “Android Trojan Looks, Acts Like Windows
Cloud Computing Top Threats in 2016.” Cloud Security Malware.” Information Week (June 7, 2013).
Alliance (February 2016).
Sen, Ravi and Sharad Borle. “Estimating the Contextual Risk of
FireEye. “Out of Pocket: A Comprehensive Mobile Threat Data Breach: An Empirical Approach.” Journal of Management
Assessment of 7 Million iOS and Android Apps.” (February Information Systems 32, No. 2 (2015).
Sengupta, Somini. “Machines That Know You Without Using a
Focus Research. “Devastating Downtime: The Surprising Cost of Password.” New York Times (September 10, 2013).
Human Error and Unforeseen Events.” (October 2010).
Snell, Bruce. “Mobile Threat Report.” McAfee Inc. (2016).
Galbreth, Michael R. and Mikhael Shor. “The Impact of Malicious Solutionary. “Solutionary Security Engineering Research Team
Agents on the Enterprise Software Industry.” MIS Quarterly
34, No. 3 (September 2010). Unveils Annual Global Threat Intelligence Report.” (March
Hui, Kai Lung, Wendy Hui and Wei T. Yue. “Information Security Spears, Janine L. and Henri Barki. “User Participation in
Outsourcing with System Interdependency and Mandatory Information Systems Security Risk Management.” MIS
Security Requirement.” Journal of Management Information Quarterly 34, No. 3 (September 2010).
Systems 29, No. 3 (Winter 2013). Temizkan, Orcun, Ram L. Kumar, Sungjune Park, and
Chandrasekar Subramaniam. “Patch Release Behaviors of
Javelin Strategy & Research. “2016 Identity Fraud Study.” Software Vendors in Response to Vulnerabilities: An
(February 2, 2016). Empirical Analysis. “ Journal of Management Information
Systems 28, No. 4 (Spring 2012).
Kaplan, James, Chris Rezek, and Kara Sprague. “Protecting Thompson, Jadiann. “Scam Alert: Two Clicks on Facebook Could
Information in the Cloud.” McKinsey Quarterly (January Leak All Your Personal Info to an International Scammer.”
2013). Kshb.com (April 30, 2015).
Vance, Anthony, Paul Benjamin Lowry, and Dennis Eggett. “Using
Karlovsky, Brian. “FireEye Names Malware’s Favorite Targets, Accountability to Reduce Access Policy Violations in
Sources.” Australian Reseller News (March 2, 2014). Information Systems.” Journal of Management Information
Systems 29, No. 4 (Spring 2013).
Kirk, Jeremy. “Pushdo Spamming Botnet Gains Strength Again.” Verizon. “2016 Data Breach Investigations Report.” (2016).
IDG News Service (April 20, 2015). Wakida, Clayton. “Anonymous Accused of Hacking TMT Web Site.”
KMTV.com (April 27, 2015).
Osterman Research. “The Risks of Social Media and What Can Be Wang, Jingguo, Manish Gupta, and H. Raghav Rao. “Insider
Done to Manage Them.” Commvault (June 2011). Threats in a Financial Institution: Analysis of Attack-
Proneness of Information Systems Applications.” MIS
Paletta, Damian, Danny Yadron, and Jennifer Valentino-Devries. Quarterly 39, No. 1 (March 2015).
“Cyberwar Ignites a New Arms Race.” Wall Street Journal Young, Carl S. “The Enemies of Data Security: Convenience and
(October 11, 2015). Collaboration.” Harvard Business Review (February 11, 2015).
Zhao, Xia, Ling Xue, and Andrew B. Whinston. “Managing
Panda Security. “PandaLabs 2015 Annual Report.” (January 28, Interdependent Information Security Risks: Cyberinsurance,
2016). Managed Security Services, and Risk Pooling Arrangements.”
Journal of Management Information Systems 30, No. 1 (Summer
Panko, Raymond R. and Julie L. Panko. Business Data Networks 2013).
and Security. Upper Saddle River, NJ: Pearson (2015).
Perlroth, Nicole. “Online Attacks on Infrastructure Are Increasing
at a Worrying Pace,” New York Times (October 1, 2015).
Ponemon Institute. “2015 Cost of Cybercrime Study: United States”
(October 9, 2015).
. “2015 Cost of Data Breach Study: United States” (2015).
. “The Cost of Malware Containment” (January 2015).
This page intentionally left blank
the Digital Age
Chapter 9 Chapter 11
Achieving Operational Excellence and Managing Knowledge
Customer Intimacy: Enterprise Applications
Chapter 10 Enhancing Decision Making
E-commerce: Digital Markets, Digital Goods
PART THREE examines the core information system applications businesses are using today
to improve operational excellence and decision making. These applications include enter-
prise systems; systems for supply chain management, customer relationship management,
and knowledge management; e-commerce applications; and business intelligence systems.
This part answers questions such as: How can enterprise applications improve business per-
formance? How do firms use e-commerce to extend the reach of their businesses? How can
systems improve decision making and help companies make better use of their knowledge
CHAPTER 9 Achieving Operational
Excellence and Customer
Intimacy: Enterprise Applications
After reading this chapter, you will be able to answer the following questions:
9-1 How do enterprise systems help businesses achieve operational
9-2 How do supply chain management systems coordinate planning,
production, and logistics with suppliers?
9-3 How do customer relationship management systems help firms achieve
9-4 What are the challenges that enterprise applications pose, and how are
enterprise applications taking advantage of new technologies?
Visit mymislab.com for simulations, tutorials, and end-of-chapter problems.
Alimentation Couche-Tard Competes Using Enterprise Systems
Unilever Unifies Globally with Enhanced ERP
DP World Takes Port Management to the Next Level with RFID
Customer Relationship Management Helps Celcom Become Number One
Life Time Fitness Gets in Shape with Salesforce CRM
Evolution Homecare Manages Patients with Microsoft Dynamics CRM
GSMS Protects Patients by Serializing Every Bottle of Drugs
Alimentation Couche-Tard Competes Using © trondur/123rf.com
When Alimentation Couche-Tard purchased Statoil Fuel and Retail
(SFR) in April 2012, it was the Canadian convenience store giant’s
most ambitious acquisition to date (€2.058 billion). SFR, a division of
Statoil, the Norwegian State Oil Company, had been spun off from its parent in
October 2010. The purchase added 2,300 retail fuel stations—most full-service
with a convenience store—throughout North America and expanded Couche-
Tard’s reach to eight European countries—Norway, Sweden, Denmark, Poland,
Estonia, Latvia, Lithuania, and Russia. In 2016 the firm had 12,000 sites and
employed over 105,000 people.
SFR operates in both the B2C (sales to consumers) and B2B (sales to other
businesses) sectors. Fuel products including gasoline blends, diesel fuels, bio-
fuels, and LPG (liquefied
petroleum gas) generate 70
percent of its business. The
full-service retail stations
offer product lines that differ
according to operator and
location factors. Some prefer
a product mix that concen-
trates on auto supplies and
services while others focus
on food-related products,
beverages, and even fast-
food. SFR’s 12 terminals, 38
depots, and 400 road tankers
provide bulk sales to com-
mercial customers, includ-
ing bus and car rental com-
panies, road construction
crews, and independent
both the opportunities and
the challenges of its acquisition. Immediate synergies between Couche-Tard
and SFR could not completely cover the remaining expenses from SFR’s split
from Statoil, rebranding efforts, and the replacement of an antiquated IT infra-
structure and enterprise resource planning (ERP) system. The old system
used different processes in each country and market, resulting in over 5,000
custom software objects for the IT department to manage in addition to mas-
sive operational inefficiencies.
SFR needed to maximize supply chain efficiency for its three closely related
value chains—the fuel value chain, the grocery value chain, and the lubri-
cants value chain. All corporate functions that provided shared services to the
366 Part Three Key System Applications for the Digital Age
value chains had to be standardized and workplace activities coordinated for its
18,500 employees. Finally, SFR managers wanted an advanced pricing method
for fuel sales to maximize profits in its core low-margin business.
Oracle’s JD Edwards EnterpriseOne enterprise resource planning system was
chosen as the basic platform, and a Web services interface was developed within
the ERP system to convert all data into a single format. This common source
of master data now drives all transactions throughout the supply chains as well
as financial and other reports generated by the Oracle Business Intelligence
Suite. Stock availability and average sales at each service station feed a real-
time planning program that projects expected demand and feeds the data to a
third-party distribution planning system. Onboard computers convey product
types and quantities to tanker drivers at terminals and delivery locations. Fuel
restocking, delivery, and confirmation occur automatically.
To coordinate workplace activities, Oracle Fusion Middleware integrates data
management and communication across social, mobile, and cloud technolo-
gies and among multiple systems and regions. Called the “Connect Project,” the
software coordinates dozens of interfaces throughout the supply chain, imple-
ments a consistent fuel pricing structure, and manages multiple complicated
excise taxes and regulations.
In 2014 Statoil began a migration from Oracle database software to SAP’s
Business Planning and Consolidation Application. As a result, in 2015 Statoil
achieved financial consolidation six times faster than before, data processing
speeds increased fifteen times, and opening and closing periods for work status
is now eight times faster than before.
In 2015 Couche-Tard re-branded its SFR retail stores to Circle K stores. Today
it’s one of the largest global players in the convenience store market space with
over 12,000 sites in Canada, the U.S., Asia, and Europe, and employs more than
100,000 people. In 2016 the company announced it’s largest ever acquisition
of Texas-based CST Brands, which will bring it an additional 2,000 locations in
the south and southwest U.S. states. The firm’s prior investments in enterprise
systems enable it to manage a sprawling global network of convenience stores.
The company’s executives promise to double the size of the firm once more in
the next five years. Not bad for a company that started in 1980 with a single
store in Quebec.
Sources: “Alimentation Couche Tard Inc. Is Severely Undervalued,” by Joey Frenette, The
Motley Fool, Fool.com, March 1, 2017; “Couche-Tard’s Alain Bouchard Has a Bold Vision: ‘We
Will Double the Size of This Company Again’”, by Karl Moore, businessfinancialpost.com,
December 8, 2016; “After Shareholder Rebuff Last Year, Couche-Tard Gets Its Focus Back with
Largest-Ever Acquisition,” by Barry Crutchley, businessfinancialpost.com, August 22, 2016;
“Annual Report 2016,” Alimentation Couche-Tard Inc., http://corpo.couche-tard.com; Alyn
Bailey, “Statoil Fuel & Retail the World’s First SAP to Oracle JD Edwards Migration,” http://
www.pcubed.com/bulletins, accessed January 2, 2016; “Statoil: Accelerating Planning and
Financial Close Cycles with SAP® EPM powered by SAP HANA® and SAP MaxAtten-
tionTM,” dam.sap.com/28274_Statoil_BTS.htm, accessed January 2, 2016; Jade Vachon,
“Statoil Switches from an Oracle DB to the SAP HANA Platform with SAP MaxAttention,”
SAP.com, February 21, 2014.
Couche-Tard and Statoil’s efforts to standardize and integrate corporate func-
tions into the supply chain and coordinate workplace activity illustrate
the impact of ERP systems on supply chain management (SCM). Couche-Tard
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 367
• Plan production Management Business
• Establish inventory
requirements • Volatile demand
• Long production lead times
• Select new • Manual planning processes
• Receive customer Organization Information Business
orders System Solutions
• Replenish inventory • Forecast demand more • Reduce costs
• Revise supply chain accurately • Increase sales
• Increase customer
processes • Reduce forecast time
• Deploy SAP Business
Objects Web Technology
• Deploy SAP Business
• Integrate with SAP APO
did not have a single source of business data nor uniform methods for han-
dling many critical SCM functions. Inventory holding costs were unnecessarily
high, the IT department was strained, and lack of coordination was negatively
impacting workplace productivity.
The chapter-opening diagram calls attention to important points raised by
this case and this chapter. All transactions throughout Couche-Tard’s supply
chains are now in a common and consistent format that feeds directly into its
reporting software. The integrated ERP environment enables real-time plan-
ning based on stock availability and average sales at each service station, and
a real-time fuel value chain can now accommodate variable demand from both
consumer and business customers.
Benchmarks against which to assess future results by country, terminal, or
market are being developed using the advanced pricing method developed by
the Connect team. On the B2B side, managers will be able to quickly assess
the effects of pricing structures and even sales reps will be able to evaluate the
effects of purchasing terms.
Here are some questions to think about: How did Couche-Tard’s lack of stan-
dardized processes affect its business operations? How were Couche-Tard’s
employees and supply chain management affected by the adoption of stan-
dardized interfaces? Why did Couche-Tard retain its legacy systems instead of
replacing them entirely?
9-1 How do enterprise systems help businesses
achieve operational excellence?
Around the globe, companies are increasingly becoming more connected, both
internally and with other companies. If you run a business, you’ll want to be
able to react instantaneously when a customer places a large order or when a
shipment from a supplier is delayed. You may also want to know the impact of
these events on every part of the business and how the business is performing
368 Part Three Key System Applications for the Digital Age
at any point in time, especially if you’re running a large company. Enterprise
systems provide the integration to make this possible. Let’s look at how they
work and what they can do for the firm.
What are Enterprise Systems?
Imagine that you had to run a business based on information from tens or even
hundreds of databases and systems, none of which could speak to one another.
Imagine your company had 10 major product lines, each produced in separate
factories and each with separate and incompatible sets of systems controlling
production, warehousing, and distribution.
At the very least, your decision making would often be based on manual
hard-copy reports, often out of date, and it would be difficult to understand
what is happening in the business as a whole. Sales personnel might not be
able to tell at the time they place an order whether the ordered items are in
inventory, and manufacturing could not easily use sales data to plan for new
production. You now have a good idea of why firms need a special enterprise
system to integrate information.
Chapter 2 introduced enterprise systems, also known as enterprise resource
planning (ERP) systems, which are based on a suite of integrated software mod-
ules and a common central database. The database collects data from many
divisions and departments in a firm and from a large number of key business
processes in manufacturing and production, finance and accounting, sales and
marketing, and human resources, making the data available for applications
that support nearly all an organization’s internal business activities. When new
information is entered by one process, the information is made immediately
available to other business processes (see Figure 9.1).
FIGURE 9.1 HOW ENTERPRISE SYSTEMS WORK
Enterprise systems feature a set of integrated software modules and a central database by which busi-
ness processes and functional areas throughout the enterprise can share data.
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 369
If a sales representative places an order for tire rims, for example, the sys-
tem verifies the customer’s credit limit, schedules the shipment, identifies the
best shipping route, and reserves the necessary items from inventory. If inven-
tory stock is insufficient to fill the order, the system schedules the manufacture
of more rims, ordering the needed materials and components from suppliers.
Sales and production forecasts are immediately updated. General ledger and
corporate cash levels are automatically updated with the revenue and cost
information from the order. Users can tap into the system and find out where
that particular order is at any minute. Management can obtain information at
any point in time about how the business was operating. The system can also
generate enterprise-wide data for management analyses of product cost and
Enterprise software is built around thousands of predefined business pro-
cesses that reflect best practices. Table 9.1 describes some of the major business
processes that enterprise software supports.
Companies implementing this software first have to select the functions of
the system they wish to use and then map their business processes to the
predefined business processes in the software. (One of our Learning Tracks
shows how SAP enterprise software handles the procurement process for a
new piece of equipment.) Configuration tables provided by the software man-
ufacturer enable the firm to tailor a particular aspect of the system to the way
it does business. For example, the firm could use these tables to select whether
it wants to track revenue by product line, geographical unit, or distribution
If the enterprise software does not support the way the organization does
business, companies can rewrite some of the software to support the way their
business processes work. However, enterprise software is unusually complex,
and extensive customization may degrade system performance, compromis-
ing the information and process integration that are the main benefits of the
system. If companies want to reap the maximum benefits from enterprise soft-
ware, they must change the way they work to conform to the business pro-
cesses defined by the software.
To implement a new enterprise system, Tasty Baking Company identi-
fied its existing business processes and then translated them into the busi-
ness processes built into the SAP ERP software it had selected. To ensure
that it obtained the maximum benefits from the enterprise software, Tasty
Baking Company deliberately planned for customizing less than 5 percent
TABLE 9.1 BUSINESS PROCESSES SUPPORTED BY ENTERPRISE SYSTEMS
Financial and accounting processes, including general ledger, accounts payable, accounts receivable, fixed assets, cash management and
forecasting, product-cost accounting, cost-center accounting, asset accounting, tax accounting, credit management, and financial reporting
Human resources processes, including personnel administration, time accounting, payroll, personnel planning and development, benefits
accounting, applicant tracking, time management, compensation, workforce planning, performance management, and travel expense reporting
Manufacturing and production processes, including procurement, inventory management, purchasing, shipping, production planning,
production scheduling, material requirements planning, quality control, distribution, transportation execution, and plant and equipment
Sales and marketing processes, including order processing, quotations, contracts, product configuration, pricing, billing, credit checking,
incentive and commission management, and sales planning
370 Part Three Key System Applications for the Digital Age
of the system and made very few changes to the SAP software itself. It used
as many tools and features that were already built into the SAP software
as it could. SAP has more than 3,000 configuration tables for its enterprise
Leading enterprise software vendors include SAP, Oracle, IBM, Infor Global
Solutions, and Microsoft. Versions of enterprise software packages are designed
for small and medium-sized businesses and on-demand software services run-
ning in the cloud (see the chapter-opening case and Section 9-4).
Business Value of Enterprise Systems
Enterprise systems provide value by both increasing operational efficiency and
providing firmwide information to help managers make better decisions. Large
companies with many operating units in different locations have used enter-
prise systems to enforce standard practices and data so that everyone does busi-
ness the same way worldwide.
Coca-Cola, for instance, implemented a SAP enterprise system to standardize
and coordinate important business processes in 200 countries. Lack of standard,
companywide business processes prevented the company from using its world-
wide buying power to obtain lower prices for raw materials and from reacting
rapidly to market changes. Crocs used ERP for similar purposes, as described in
the Chapter 15 ending case study.
Enterprise systems help firms respond rapidly to customer requests for
information or products. Because the system integrates order, manufacturing,
and delivery data, manufacturing is better informed about producing only what
customers have ordered, procuring exactly the right number of components or
raw materials to fill actual orders, staging production, and minimizing the time
that components or finished products are in inventory.
Alcoa, the world’s leading producer of aluminum and aluminum products
with operations spanning 31 countries and more than 200 locations, had ini-
tially been organized around lines of business, each of which had its own set of
information systems. Many of these systems were redundant and inefficient.
Alcoa’s costs for executing requisition-to-pay and financial processes were
much higher, and its cycle times were longer than those of other companies
in its industry. (Cycle time refers to the total elapsed time from the beginning
to the end of a process.) The company could not operate as a single worldwide
After implementing enterprise software from Oracle, Alcoa eliminated many
redundant processes and systems. The enterprise system helped Alcoa reduce
requisition-to-pay cycle time by verifying receipt of goods and automatically
generating receipts for payment. Alcoa’s accounts payable transaction process-
ing dropped 89 percent. Alcoa was able to centralize financial and procurement
activities, which helped the company reduce nearly 20 percent of its worldwide
Enterprise systems provide much valuable information for improving
management decision making. Corporate headquarters has access to up-to-
the-minute data on sales, inventory, and production and uses this information
to create more accurate sales and production forecasts. Enterprise software
includes analytical tools to use data the system captures to evaluate overall
organizational performance. Enterprise system data have common standard-
ized definitions and formats that are accepted by the entire organization.
Performance figures mean the same thing across the company. Enterprise
systems allow senior management to find out easily at any moment how a
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 371
particular organizational unit is performing, determine which products are
most or least profitable, and calculate costs for the company as a whole.
For example, Alcoa’s enterprise system includes functionality for global
human resources management that shows correlations between investment in
employee training and quality, measures the companywide costs of delivering
services to employees, and measures the effectiveness of employee recruit-
ment, compensation, and training.
9-2 How do supply chain management systems
coordinate planning, production, and logistics
If you manage a small firm that makes a few products or sells a few services,
chances are you will have a small number of suppliers. You could coordinate
your supplier orders and deliveries by using just a telephone and fax machine.
But if you manage a firm that produces more complex products and services,
you will have hundreds of suppliers, and each of your suppliers will have
its own set of suppliers. Suddenly, you will need to coordinate the activities
of hundreds or even thousands of other firms to produce your products and
services. Supply chain management (SCM) systems, which we introduced in
Chapter 2, are an answer to the problems of supply chain complexity and scale.
The Supply Chain
A firm’s supply chain is a network of organizations and business processes
for procuring raw materials, transforming these materials into intermediate
and finished products, and distributing the finished products to customers. It
links suppliers, manufacturing plants, distribution centers, retail outlets, and
customers to supply goods and services from source through consumption.
Materials, information, and payments flow through the supply chain in both
Goods start out as raw materials and, as they move through the supply chain,
are transformed into intermediate products (also referred to as components or
parts) and, finally, into finished products. The finished products are shipped to
distribution centers and from there to retailers and customers. Returned items
flow in the reverse direction from the buyer back to the seller.
Let’s look at the supply chain for Nike sneakers as an example. Nike designs,
markets, and sells sneakers, socks, athletic clothing, and accessories through-
out the world. Its primary suppliers are contract manufacturers with factories
in China, Thailand, Indonesia, Brazil, and other countries. These companies
fashion Nike’s finished products.
Nike’s contract suppliers do not manufacture sneakers from scratch. They
obtain components for the sneakers—the laces, eyelets, uppers, and soles—
from other suppliers and then assemble them into finished sneakers. These
suppliers in turn have their own suppliers. For example, the suppliers of soles
have suppliers for synthetic rubber, suppliers for chemicals used to melt the
rubber for molding, and suppliers for the molds into which to pour the rubber.
Suppliers of laces have suppliers for their thread, for dyes, and for the plastic
Figure 9.2 provides a simplified illustration of Nike’s supply chain for sneak-
ers; it shows the flow of information and materials among suppliers, Nike, Nike’s
372 Part Three Key System Applications for the Digital Age
FIGURE 9.2 NIKE’S SUPPLY CHAIN
This figure illustrates the major entities in Nike’s supply chain and the flow of information upstream and downstream to
coordinate the activities involved in buying, making, and moving a product. Shown here is a simplified supply chain, with the
upstream portion focusing only on the suppliers for sneakers and sneaker soles.
distributors, retailers, and customers. Nike’s contract manufacturers are its pri-
mary suppliers. The suppliers of soles, eyelets, uppers, and laces are the secondary
(Tier 2) suppliers. Suppliers to these suppliers are the tertiary (Tier 3) suppliers.
The upstream portion of the supply chain includes the company’s suppli-
ers, the suppliers’ suppliers, and the processes for managing relationships with
them. The downstream portion consists of the organizations and processes for
distributing and delivering products to the final customers. Companies that
manufacture, such as Nike’s contract suppliers of sneakers, also manage their
own internal supply chain processes for transforming materials, components,
and services their suppliers furnish into finished products or intermediate
products (components or parts) for their customers and for managing materials
The supply chain illustrated in Figure 9.2 has been simplified. It only shows
two contract manufacturers for sneakers and only the upstream supply chain
for sneaker soles. Nike has hundreds of contract manufacturers turning out
finished sneakers, socks, and athletic clothing, each with its own set of suppli-
ers. The upstream portion of Nike’s supply chain actually comprises thousands
of entities. Nike also has numerous distributors and many thousands of retail
stores where its shoes are sold, so the downstream portion of its supply chain is
also large and complex.
Information Systems and Supply Chain Management
Inefficiencies in the supply chain, such as parts shortages, underused plant
capacity, excessive finished goods inventory, or high transportation costs, are
caused by inaccurate or untimely information. For example, manufacturers
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 373
may keep too many parts in inventory because they do not know exactly when
they will receive their next shipments from their suppliers. Suppliers may
order too few raw materials because they do not have precise information on
demand. These supply chain inefficiencies waste as much as 25 percent of a
company’s operating costs.
If a manufacturer had perfect information about exactly how many units of
product customers wanted, when they wanted them, and when they could be
produced, it would be possible to implement a highly efficient just-in-time
strategy. Components would arrive exactly at the moment they were needed,
and finished goods would be shipped as they left the assembly line.
In a supply chain, however, uncertainties arise because many events can-
not be foreseen—uncertain product demand, late shipments from suppliers,
defective parts or raw materials, or production process breakdowns. To satisfy
customers, manufacturers often deal with such uncertainties and unforeseen
events by keeping more material or products in inventory than they think they
may actually need. The safety stock acts as a buffer for the lack of flexibility in
the supply chain. Although excess inventory is expensive, low fill rates are also
costly because business may be lost from canceled orders.
One recurring problem in supply chain management is the bullwhip effect,
in which information about the demand for a product gets distorted as it passes
from one entity to the next across the supply chain. A slight rise in demand
for an item might cause different members in the supply chain—distributors,
manufacturers, suppliers, secondary suppliers (suppliers’ suppliers), and ter-
tiary suppliers (suppliers’ suppliers’ suppliers)—to stockpile inventory so each
has enough just in case. These changes ripple throughout the supply chain,
magnifying what started out as a small change from planned orders and creating
excess inventory, production, warehousing, and shipping costs (see Figure 9.3).
For example, Procter & Gamble (P&G) found it had excessively high inven-
tories of its Pampers disposable diapers at various points along its supply chain
because of such distorted information. Although customer purchases in stores
were fairly stable, orders from distributors spiked when P&G offered aggressive
price promotions. Pampers and Pampers’ components accumulated in ware-
houses along the supply chain to meet demand that did not actually exist. To
eliminate this problem, P&G revised its marketing, sales, and supply chain pro-
cesses and used more accurate demand forecasting.
The bullwhip effect is tamed by reducing uncertainties about demand and
supply when all members of the supply chain have accurate and up-to-date
information. If all supply chain members share dynamic information about
inventory levels, schedules, forecasts, and shipments, they have more precise
knowledge about how to adjust their sourcing, manufacturing, and distribution
plans. Supply chain management systems provide the kind of information that
helps members of the supply chain make better purchasing and scheduling
Supply Chain Management Software
Supply chain software is classified as either software to help businesses plan
their supply chains (supply chain planning) or software to help them execute
the supply chain steps (supply chain execution). Supply chain planning
systems enable the firm to model its existing supply chain, generate demand
forecasts for products, and develop optimal sourcing and manufacturing plans.
Such systems help companies make better decisions such as determining how
much of a specific product to manufacture in a given time period; establishing
374 Part Three Key System Applications for the Digital Age
FIGURE 9.3 THE BULLWHIP EFFECT
Inaccurate information can cause minor fluctuations in demand for a product to be amplified as one moves further back in the supply
chain. Minor fluctuations in retail sales for a product can create excess inventory for distributors, manufacturers, and suppliers.
inventory levels for raw materials, intermediate products, and finished goods;
determining where to store finished goods; and identifying the transportation
mode to use for product delivery.
For example, if a large customer places a larger order than usual or changes
that order on short notice, it can have a widespread impact throughout the
supply chain. Additional raw materials or a different mix of raw materials may
need to be ordered from suppliers. Manufacturing may have to change job
scheduling. A transportation carrier may have to reschedule deliveries. Sup-
ply chain planning software makes the necessary adjustments to production
and distribution plans. Information about changes is shared among the relevant
supply chain members so that their work can be coordinated. One of the most
important—and complex—supply chain planning functions is demand plan-
ning, which determines how much product a business needs to make to satisfy
all its customers’ demands. JDA Software, SAP, and Oracle all offer supply chain
Supply chain execution systems manage the flow of products through dis-
tribution centers and warehouses to ensure that products are delivered to the
right locations in the most efficient manner. They track the physical status of
goods, the management of materials, warehouse and transportation operations,
and financial information involving all parties. An example of a supply chain
execution system is the delivery execution system used by Nestlé’s National Pri-
mary Transport, an integrated transport service for Nestlé operating divisions
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 375
in the UK and Ireland. The operation covers seven distribution centers and 12
factories, making around 3,500 deliveries per week to over 500 locations. The
system takes data feeds from Nestlé UK’s transport planning, vehicle schedul-
ing, and yard management systems and uses them to compare actual progress
of a delivery against the plan in the vehicle schedule. It then prioritizes and
flags loads that need attention.
Global Supply Chains and the Internet
Before the Internet, supply chain coordination was hampered by the difficulties
of making information flow smoothly among disparate internal supply chain
systems for purchasing, materials management, manufacturing, and distribu-
tion. It was also difficult to share information with external supply chain part-
ners because the systems of suppliers, distributors, or logistics providers were
based on incompatible technology platforms and standards. Enterprise and
supply chain management systems enhanced with Internet technology supply
some of this integration.
A manager uses a web interface to tap into suppliers’ systems to determine
whether inventory and production capabilities match demand for the firm’s
products. Business partners use web-based supply chain management tools to
collaborate online on forecasts. Sales representatives access suppliers’ produc-
tion schedules and logistics information to monitor customers’ order status.
Global Supply Chain Issues
More and more companies are entering international markets, outsourcing manu-
facturing operations, and obtaining supplies from other countries as well as selling
abroad. Their supply chains extend across multiple countries and regions. There
are additional complexities and challenges to managing a global supply chain.
Global supply chains typically span greater geographic distances and time
differences than domestic supply chains and have participants from a number
of countries. Performance standards may vary from region to region or from
nation to nation. Supply chain management may need to reflect foreign govern-
ment regulations and cultural differences.
The Internet helps companies manage many aspects of their global supply
chains, including sourcing, transportation, communications, and international
finance. Today’s apparel industry, for example, relies heavily on outsourcing to
contract manufacturers in China and other low-wage countries. Apparel com-
panies are starting to use the web to manage their global supply chain and pro-
duction issues. (Review the discussion of Li & Fung in Chapter 3.)
In addition to contract manufacturing, globalization has encouraged out-
sourcing warehouse management, transportation management, and related
operations to third-party logistics providers, such as UPS Supply Chain Solu-
tions and Schneider National. These logistics services offer web-based software
to give their customers a better view of their global supply chains. Customers
can check a secure website to monitor inventory and shipments, helping them
run their global supply chains more efficiently.
Demand-Driven Supply Chains: From Push to Pull
Manufacturing and Efficient Customer Response
In addition to reducing costs, supply chain management systems facilitate effi-
cient customer response, enabling the workings of the business to be driven
more by customer demand. (We introduced efficient customer response sys-
tems in Chapter 3.)
376 Part Three Key System Applications for the Digital Age
Earlier supply chain management systems were driven by a push-based
model (also known as build-to-stock). In a push-based model, production mas-
ter schedules are based on forecasts or best guesses of demand for products, and
products are pushed to customers. With new flows of information made possible
by web-based tools, supply chain management more easily follows a pull-based
model. In a pull-based model, also known as a demand-driven or build-to-order
model, actual customer orders or purchases trigger events in the supply chain.
Transactions to produce and deliver only what customers have ordered move up
the supply chain from retailers to distributors to manufacturers and eventually
to suppliers. Only products to fulfill these orders move back down the supply
chain to the retailer. Manufacturers use only actual order demand information
to drive their production schedules and the procurement of components or raw
materials, as illustrated in Figure 9.4. Walmart’s continuous replenishment sys-
tem described in Chapter 3 is an example of the pull-based model.
The Internet and Internet technology make it possible to move from sequen-
tial supply chains, where information and materials flow sequentially from
company to company, to concurrent supply chains, where information flows
in many directions simultaneously among members of a supply chain network.
Complex supply networks of manufacturers, logistics suppliers, outsourced
manufacturers, retailers, and distributors can adjust immediately to changes in
schedules or orders. Ultimately, the Internet will enable a digital logistics ner-
vous system for supply chains (see Figure 9.5).
Business Value of Supply Chain Management Systems
You have just seen how supply chain management systems enable firms to
streamline both their internal and external supply chain processes and provide
management with more accurate information about what to produce, store, and
move. By implementing a networked and integrated supply chain management
system, companies match supply to demand, reduce inventory levels, improve
delivery service, speed product time to market, and use assets more effectively
(see the Interactive Session on Management).
FIGURE 9.4 PUSH- VERSUS PULL-BASED SUPPLY CHAIN MODELS
The difference between push- and pull-based models is summarized by the slogan “Make what we
sell, not sell what we make.”
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 377
FIGURE 9.5 THE EMERGING INTERNET-DRIVEN SUPPLY CHAIN
The emerging Internet-driven supply chain operates like a digital logistics nervous system. It provides
multidirectional communication among firms, networks of firms, and e-marketplaces so that entire net-
works of supply chain partners can immediately adjust inventories, orders, and capacities.
Total supply chain costs represent the majority of operating expenses for
many businesses and in some industries approach 75 percent of the total operat-
ing budget. Reducing supply chain costs has a major impact on firm profitability.
In addition to reducing costs, supply chain management systems help
increase sales. If a product is not available when a customer wants it, customers
often try to purchase it from someone else. More precise control of the supply
chain enhances the firm’s ability to have the right product available for cus-
tomer purchases at the right time.
9-3 How do customer relationship management
systems help firms achieve customer intimacy?
You’ve probably heard phrases such as “the customer is always right” or “the
customer comes first.” Today these words ring truer than ever. Because com-
petitive advantage based on an innovative new product or service is often
very short lived, companies are realizing that their most enduring competitive
strength may be their relationships with their customers. Some say that the
basis of competition has switched from who sells the most products and ser-
vices to who “owns” the customer and that customer relationships represent a
firm’s most valuable asset.
What is Customer Relationship Management?
What kinds of information would you need to build and nurture strong, long-
lasting relationships with customers? You’d want to know exactly who your
customers are, how to contact them, whether they are costly toserviceandsellto,
378 Part Three Key System Applications for the Digital Age
INTERACTIVE SESSION: MANAGEMENT
Unilever Unifies Globally with Enhanced ERP
Unilever is the third largest consumer goods com- large numbers of transactions very rapidly (see
pany in the world behind Proctor & Gamble and Chapter 6).
Nestlé. This Anglo-Dutch multinational boasts more
than 400 brands, sells its products in more than 190 Using HANA reduced the number of days to pro-
countries, and employs more than 175,000 people duce the month-end close from three to just one.
worldwide. Unilever has operating companies and HANA also made it easier for Unilever to input raw
factories on every continent and subsidiaries in material costs and quickly calculate product price.
almost 100 countries. Twelve Unilever brands— Understanding its margins—the percent profit after
including such recognized names as Knorr, all costs have been deducted—helped Unilever ana-
Hellman’s, Lipton, and Dove—generate revenues lyze ways to improve them.
of more than 1 billion Euros (US $1.15 billion) each
year. Unilever’s enterprise data warehouse (EDW) sys-
tem extracts, transforms, and integrates ERP transac-
Unilever is organized as two separate holding tion data with external data for use in reporting and
companies: Unilever PLC (public limited company), data analysis. A profitability analysis accelerator ana-
headquartered in London, United Kingdom, and Uni- lyzes reams of financial data and outputs valuable
lever N.V., headquartered in Rotterdam, The Neth- statistics about cost and profit drivers. By mid-2013,
erlands. The two legal divisions operate as nearly as the SAP CO-PA (Controlling Profitability Analysis)
possible as a single economic entity—the Unilever HANA Accelerator had been added to all four Uni-
Group. lever regional ERP centers. Profitability Analysis
(CO-PA) is a module of SAP ERP software that allows
To grow its business in developing and emerging users to report sales and profit data by using differ-
markets, Unilever needed to unify its core business ent customized characteristics (such as customer,
processes. Standardized processes were essential to country, product) and key figures (such as number of
manage volatile prices and changing commodity sup- units, price, and cost). The HANA Accelerator works
plies effectively. However, prior to 2007, ambitious with a firm’s existing SAP CO-PA system. Transac-
companywide goal setting such as this was not fea- tions remain in the ERP system, but queries are pro-
sible. At that point, almost every business in each of cessed using HANA. SAP CO-PA Accelerator makes
the more than 190 countries in which Unilever oper- is possible for firms to perform real-time profitability
ated functioned as an independent division. reporting on large data volumes; conduct instant
analysis of profitability data at any level of granular-
Every transaction for each order Unilever ity, aggregation, and dimension; and run cost alloca-
receives, material it produces, item it ships, and tions at significantly faster processing times.
invoice it issues runs through ERP systems. Ten
years ago, there were 250 different ERP systems try- Cost Center assessment time was reduced 39 per-
ing to do this work, and this was too complicated cent, pushing this data into CO-PA in 6.7 hours rather
for running a global business that was doubling its than 11 hours and speeding profitability reporting.
transaction volume. Unilever has been trying to con- Overall, controlling and profitability reports were
solidate and simplify its technology platform so that produced ten times more quickly. The Material
it would support the company operating as a single Ledger Accelerator reduced run time for period-end
global entity. Unilever transitioned to running its closing reports by 66 percent, and cost reduction
worldwide business on only four instances of SAP opportunities were identified by the Overall Equip-
ERP, with the ultimate goal of managing these land- ment Effectiveness (OEE) Management platform.
scapes as one global platform by 2015. Four and a half billion records for General Ledger
line items and more than 400 million controlling and
With transactions slated to reach 60,000 per min- profitability analysis records are now run through
ute worldwide, Unilever sought additional tools to the CO-PA Accelerator.
increase transaction processing speed. At the end
of 2012, the company started to use SAP HANA in- Next, SAP Cash Forecasting was added to SAP ERP
memory computing tools for some key SAP ERP Financials to maximize the use of working capital
applications. SAP HANA is very well suited for per- and cash. Product Cost Planning was incorporated
forming real-time analytics and processing extremely to help Unilever plan the costs for materials inde-
pendently from orders; set prices for materials,
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 379
operations, production lines, and processes; analyze accelerators fast-track raw material sourcing deci-
the costs of manufactured materials; and assess prod- sions and pricing analysis. Unilever estimates that
uct profitability. The time to analyze the approxi- time spent tracking raw materials has declined by 80
mately 150 million records produced each month percent. Without the ERP enhancements Unilever
was halved, and product cost forecasts could be gen- devised and implemented, the company would have
erated in 30 seconds, down from seven minutes. had a difficult time tracking the 10,000 home and
personal care products that use the 2,000 chemicals
Unilever wanted to maximize product availability that must be reduced to meet the European Union’s
on store shelves during new product launches and REACH (Registration, Evaluation, Authorization and
promotional campaigns. Since trade promotion pro- Restriction of Chemicals) regulations and its own
cesses drive a significant portion of its sales, Global more stringent sustainability goals. Consolidation
ERP Vice President Marc Béchet wanted to enhance of its ERP platforms and the transaction and pro-
the speed and efficiency with which they could be cessing speed of the HANA platform are the keys
planned, budgeted, and executed and in how stock to improved performance, reporting, and scalabil-
was allocated. Previously, Unilever used a process ity that will enable Unilever to fulfill its ambitious
through which stock was sequentially assigned to growth, social impact, and environmental goals.
orders as they were received. There was no mecha-
nism for assigning limited stock between customers Sources: “Unilever: Implementing SAP HANA to Achieve Rapid
running a promotion and those who were not. Using Global Innovation,” www.accenture.com, accessed May 1, 2017;
HANA-accelerated trade promotion management “Unilever Puts SAP at the Captain’s Table,” ComputerWeekly.com,
tools, different inventory matching scenarios are accessed May 1, 2017; “Unilever: Upgrading European SAP Platform,”
instantly available. Allocation options can be com- www.accenture.com, accessed May 1, 2017; “Doing Things Differ-
pared and the most profitable chosen. Inventory ently to Make a Big Difference in the World,” SAP.com, accessed
shortfalls can be handled while safeguarding current January 19, 2015; “Unilever: SAP HANA,” www. accenture.com,
promotions to the maximum extent possible. Plans accessed January 19, 2015; “Our Compass Strategy,” www.unilever.
are now underway to add in-memory technology to com, accessed January 20, 2015; and Ken Murphy, “Unilever Goes
the rest of the SAP Business Suite. Global with a Transformative SAP HANA Project,” SAP insiderPRO-
FILES, July 1, 2013.
By significantly cutting the time it takes to calcu-
late product costs, the HANA in-memory database
CASE STUDY QUESTIONS 3. How effective was the solution the company
1. Identify the problem facing Unilever in this case.
What management, organization, and technology 4. How did Unilever’s new systems improve opera-
factors were responsible for this problem? tions and management decision making? Give two
2. How is enterprise resource planning related to
Unilever’s business strategy? How did consolidat-
ing ERP systems support Unilever’s business
what kinds of products and services they are interested in, and how much
money they spend on your company. If you could, you’d want to make sure
you knew each of your customers well, as if you were running a small-town
store. And you’d want to make your good customers feel special.
In a small business operating in a neighborhood, it is possible for business
owners and managers to know their customers well on a personal, face-to-face
basis, but in a large business operating on a metropolitan, regional, national, or
even global basis, it is impossible to know your customer in this intimate way.
In these kinds of businesses, there are too many customers and too many ways
380 Part Three Key System Applications for the Digital Age
that customers interact with the firm (over the web, the phone, e-mail, blogs,
and in person). It becomes especially difficult to integrate information from all
these sources and deal with the large number of customers.
A large business’s processes for sales, service, and marketing tend to be
highly compartmentalized, and these departments do not share much essen-
tial customer information. Some information on a specific customer might be
stored and organized in terms of that person’s account with the company. Other
pieces of information about the same customer might be organized by products
that were purchased. In this traditional business environment, there is no con-
venient way to consolidate all this information to provide a unified view of a
customer across the company.
This is where customer relationship management systems help. Customer
relationship management (CRM) systems, which we introduced in Chapter 2,
capture and integrate customer data from all over the organization, consolidate
the data, analyze the data, and then distribute the results to various systems
and customer touch points across the enterprise. A touch point (also known
as a contact point) is a method of interaction with the customer, such as tele-
phone, e-mail, customer service desk, conventional mail, Facebook, Twitter,
website, wireless device, or retail store. Well-designed CRM systems provide a
single enterprise view of customers that is useful for improving both sales and
customer service (see Figure 9.6.)
Good CRM systems provide data and analytical tools for answering questions
such as these: What is the value of a particular customer to the firm over his
or her lifetime? Who are our most loyal customers? Who are our most profit-
able customers? What do these profitable customers want to buy? Firms use the
answers to these questions to acquire new customers, provide better service
and support to existing customers, customize their offerings more precisely to
customer preferences, and provide ongoing value to retain profitable customers.
FIGURE 9.6 CUSTOMER RELATIONSHIP MANAGEMENT (CRM)
CRM systems examine customers from a multifaceted perspective. These systems use a set of inte-
grated applications to address all aspects of the customer relationship, including customer service,
sales, and marketing.
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 381
Customer Relationship Management Software
Commercial CRM software packages range from niche tools that perform
limited functions, such as personalizing websites for specific customers, to
large-scale enterprise applications that capture myriad interactions with cus-
tomers, analyze them with sophisticated reporting tools, and link to other
major enterprise applications, such as supply chain management and enter-
prise systems. The more comprehensive CRM packages contain modules for
partner relationship management (PRM) and employee relationship
PRM uses many of the same data, tools, and systems as customer rela-
tionship management to enhance collaboration between a company and its
selling partners. If a company does not sell directly to customers but rather
works through distributors or retailers, PRM helps these channels sell to cus-
tomers directly. It provides a company and its selling partners with the ability
to trade information and distribute leads and data about customers, integrat-
ing lead generation, pricing, promotions, order configurations, and availabil-
ity. It also provides a firm with tools to assess its partners’ performances so it
can make sure its best partners receive the support they need to close more
ERM software deals with employee issues that are closely related to CRM,
such as setting objectives, employee performance management, performance-
based compensation, and employee training. Major CRM application software
vendors include Oracle, SAP, Salesforce.com, and Microsoft Dynamics CRM.
Customer relationship management systems typically provide software and
online tools for sales, customer service, and marketing. We briefly describe
some of these capabilities.
Sales Force Automation
Sales force automation (SFA) modules in CRM systems help sales staff
increase productivity by focusing sales efforts on the most profitable custom-
ers, those who are good candidates for sales and services. SFA modules provide
sales prospect and contact information, product information, product configu-
ration capabilities, and sales quote generation capabilities. Such software can
assemble information about a particular customer’s past purchases to help the
salesperson make personalized recommendations. SFA modules enable sales,
marketing, and shipping departments to share customer and prospect informa-
tion easily. SFA increases each salesperson’s efficiency by reducing the cost per
sale as well as the cost of acquiring new customers and retaining old ones. SFA
modules also provide capabilities for sales forecasting, territory management,
and team selling.
Customer service modules in CRM systems provide information and tools to
increase the efficiency of call centers, help desks, and customer support staff.
They have capabilities for assigning and managing customer service requests.
One such capability is an appointment or advice telephone line. When a cus-
tomer calls a standard phone number, the system routes the call to the correct
service person, who inputs information about that customer into the system
only once. When the customer’s data are in the system, any service representa-
tive can handle the customer relationship. Improved access to consistent and
accurate customer information helps call centers handle more calls per day
and decrease the duration of each call. Thus, call centers and customer service
382 Part Three Key System Applications for the Digital Age
groups achieve greater productivity, reduced transaction time, and higher
quality of service at lower cost. The customer is happier because he or she
spends less time on the phone restating his or her problem to customer service
CRM systems may also include web-based self-service capabilities: The com-
pany website can be set up to provide inquiring customers personalized support
information as well as the option to contact customer service staff by phone for
CRM systems support direct-marketing campaigns by providing capabilities
for capturing prospect and customer data, for providing product and service
information, for qualifying leads for targeted marketing, and for scheduling and
tracking direct-marketing mailings or e-mail (see Figure 9.7). Marketing mod-
ules also include tools for analyzing marketing and customer data, identifying
profitable and unprofitable customers, designing products and services to sat-
isfy specific customer needs and interests, and identifying opportunities for
Cross-selling is the marketing of complementary products to customers.
(For example, in financial services, a customer with a checking account might
be sold a money market account or a home improvement loan.) CRM tools also
help firms manage and execute marketing campaigns at all stages, from plan-
ning to determining the rate of success for each campaign.
Figure 9.8 illustrates the most important capabilities for sales, service, and
marketing processes found in major CRM software products. Like enterprise soft-
ware, this software is business-process driven, incorporating hundreds of business
processes thought to represent best practices in each of these areas. To achieve
maximum benefit, companies need to revise and model their business processes
to conform to the best-practice business processes in the CRM software.
FIGURE 9.7 HOW CRM SYSTEMS SUPPORT MARKETING
Responses by Channel for January 2017
17.3% Direct Mail
Customer relationship management software provides a single point for users to manage and evaluate
marketing campaigns across multiple channels, including e-mail, direct mail, telephone, the web, and
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 383
FIGURE 9.8 CRM SOFTWARE CAPABILITIES
The major CRM software products support business processes in sales, service, and marketing, inte-
grating customer information from many sources. Included is support for both the operational and
analytical aspects of CRM.
Figure 9.9 illustrates how a best practice for increasing customer loyalty
through customer service might be modeled by CRM software. Directly servic-
ing customers provides firms with opportunities to increase customer reten-
tion by singling out profitable long-term customers for preferential treatment.
CRM software can assign each customer a score based on that person’s value
and loyalty to the company and provide that information to help call centers
route each customer’s service request to agents who can best handle that cus-
tomer’s needs. The system would automatically provide the service agent with
a detailed profile of that customer that includes his or her score for value and
loyalty. The service agent would use this information to present special offers
or additional service to the customer to encourage the customer to keep trans-
acting business with the company. You will find more information on other
best-practice business processes in CRM systems in our Learning Tracks.
Operational and Analytical CRM
All of the applications we have just described support either the operational or
analytical aspects of customer relationship management. Operational CRM
includes customer-facing applications, such as tools for sales force automation,
call center and customer service support, and marketing automation. Analytical
CRM includes applications that analyze customer data generated by operational
CRM applications to provide information for improving business performance.
384 Part Three Key System Applications for the Digital Age
FIGURE 9.9 CUSTOMER LOYALTY MANAGEMENT PROCESS MAP
This process map shows how a best practice for promoting customer loyalty through customer service would be modeled by customer
relationship management software. The CRM software helps firms identify high-value customers for preferential treatment.
Analytical CRM applications are based on data from operational CRM sys-
tems, customer touch points, and other sources that have been organized in
data warehouses or analytic platforms for use in online analytical processing
(OLAP), data mining, and other data analysis techniques (see Chapter 6). Cus-
tomer data collected by the organization might be combined with data from
other sources, such as customer lists for direct-marketing campaigns purchased
from other companies or demographic data. Such data are analyzed to identify
buying patterns, to create segments for targeted marketing, and to pinpoint
profitable and unprofitable customers (see Figure 9.10).
FIGURE 9.10 ANALYTICAL CRM
Analytical CRM uses a customer data warehouse or analytic platform and tools to analyze customer
data collected from the firm’s customer touch points and from other sources.
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 385
INTERACTIVE SESSION: ORGANIZATIONS
DP World Takes Port Management to the Next Level With RFID
DP (Dubai Ports) World has reason to be proud to satisfaction. This will in turn increase the turn-
have become one of the leading terminal opera- around of shipping goods.
tors in the world. Today, DP World has 65 terminals
across 6 continents, and 11 new terminals are under Prior to the RFID deployment, DP World spent
development. The firm moved 60 million containers several months performing proof-of-concept trials
in 2014 (about 9 percent of global container trade), involving several competing RFID suppliers. Because
and generated $3.4 billion in revenues, an 11 percent of the rugged environmental conditions at the ports,
increase over 2013. The firm employs an interna- DP World required that 99.5 percent of all tags be
tional professional team of more than 36,000 people read successfully, which was a key challenge for
to serve customers in some of the most dynamic many vendors. After extensive testing and evalua-
economies in the world. tion, DP World selected Identec Solutions, a global
leader in active wireless tracking solutions, as its
DP World has adopted a customer-centric RFID supplier.
approach to enhancing its customers’ supply chains
by providing quality, innovative services to effec- How does the RFID tracking system work? Trucks
tively manage container, bulk, and other terminal that visit a port terminal are equipped with active
cargo. The firm invests heavily in terminal infra- RFID tags supplied by Identec Solutions that are
structures, technologies, and people to best serve its fixed on the rear chassis. As a truck moves towards
customers. the gate, its unique tag ID number is read by an
RFID reader, which is integrated with an automated
Like other global port and terminal operators, gate system. At the gate, an optical character rec-
DP World helps shippers around the world address ognition (OCR) system determines if the truck is
the often complex and costly challenges of manag- loaded with a container, identifies the ID number
ing the supply chain. One of the typical problems of the truck’s container, and reads the truck license
encountered in container terminal operations is traf- plate number as a backup identification. The system
fic congestion at port entry points. This congestion is uses the supplied information to automatically issue
often due to delays introduced by lengthy procedures a ticket to the driver specifying the lane the truck
and paper-based logistics. In response, DP World has should proceed to in order to load or unload the con-
introduced many IT-based solutions to enhance ter- tainer. The system can also automatically determine
minal capacity utilization. These solutions include if the truck is on time, which is essential information
the electronic custom release of cargo, electronic for the efficient pickup and drop off of containers. As
data interchange (EDI) reporting, two-way digital the truck leaves the gate, the RFID tag is read once
radio communications, and the “e-token” advanced again, and the driver receives a receipt for the com-
booking system. pleted transaction.
DP World management wanted to take things a RFID has enabled DP World to increase the pro-
step further and decided to make the loading and ductivity of container handoffs, speed the entry and
unloading of containers operate on “just in time” exit of trucks through terminal gates, and increase
principles to improve container turnaround. It found fuel efficiency. Victoria Rose, Regional Office Proj-
that radio frequency identification (RFID) technol- ect Coordinator at DP World Sydney, maintained
ogy was an effective way of increasing the efficiency that RFID would improve gate efficiency through
of truck movements through port access gates. improved truck management, reducing queues and
Today, DP World uses RFID-enabled automatic gate congestion around gates, and removing the num-
systems at the port terminals it operates in Dubai ber of trucks from public roads by streamlining
and Australia. According to Mohammed Al Muallem, procedures.
Managing Director of DP World UAE, the introduc-
tion of an automated gate system would not only Identec’s RFID-based solution has also enabled DP
eliminate traffic congestion but would also help to World to improve customer satisfaction by enhancing
eliminate a number of lengthy procedures, increas- the efficiency of customers’ supply chains through
ing productivity at the ports and improving customer smoother, faster, and more effective delivery of their
containers at terminal gates. The elimination of
lengthy paper transactions and manual inspections
386 Part Three Key System Applications for the Digital Age
at gates and the reduction in manual data input The slowdown in world trade in 2015 is forcing
errors demonstrate DP World’s customer-centric DP World and others in the supply chain (includ-
approach to delivering a superior level of service. ing ports) to use information and communications
The technology also allows transport companies to technology (ICT) to drive further improvements in
save time, increase revenues, and reduce costs. efficiency. In 2016 DP World had begun replacing
humans with robots in warehouses and yard opera-
DP World’s use of RFID has also helped it to tions, and is considering investing in autonomous
tighten security by providing better accuracy on vehicles, simulation and virtual reality tools, the
inbound and outbound truck movements through the Internet of Things and Big Data, and advanced cyber-
terminals. For instance, the system can automatically security tools. With the return of growth to the world
check whether a truck has a booking and whether it economy, DP World reported 3.2 percent growth in
is authorized to enter the port. volume for 2016, with especially strong growth of 6
percent in the 4th quarter of the year.
As a next step, DP World will consider expanding
its use of RFID-enabled scanning and tracking tech- Sources: DP World, “Annual Report 2015,” April 25, 2016; “DP
nology to further optimize supply chain flow. In the World: Enhancing Commerce Through the Supply Chain,” http://
future, Rose hopes DP World will focus on investigat- industry-me.com/features, accessed January 2, 2016; The Econo-
ing its use within the yard, and how data captured mist Intelligence Unit, ”A Turning Point: The Potential Role of ICT
can be used. Innovations in Ports and Logistics,” DP World Report, November
2015; Simeon Kerr, “DP World to Buy Jebel Ali for $2.6bn from
In 2014, DP World was still going strong, acquir- Dubai World,” Financial Times, November 13, 2014; Dave Friedlos,
ing Economic Zones World for $2.6 billion in cash. “RFID Boosts DP World’s Productivity in Australia,” RFID Journal,
Their main goal was to acquire the Jebel Ali Free July 27, 2009, www.rfidjournal.com/article/view/5086, accessed
Zone, a 22-square mile plot of land near DP World’s October 20, 2010; Rhea Wessel, “DP World Ramps Up Its Dubai
Dubai container port. DP World’s RFID technologies Deployment,” RFID Journal, August 13, 2009, www.rfidjournal.
will be essential to optimizing the use of this new com/article/view/5130, accessed October 20, 2010.
CASE STUDY QUESTIONS 3. How does the concept of supply chain execution
relate to this interactive session?
1. How did Identec Solutions’ RFID-based technology
help DP World increase the efficiency and effec- 4. What managerial, organizational, and technologi-
tiveness of its customers’ supply chains? cal challenges might DP World have faced in the
early stages of the RFID project’s deployment?
2. Describe two improvements that resulted from
implementing the Identec RFID-based solution.
Another important output of analytical CRM is the customer’s lifetime value
to the firm. Customer lifetime value (CLTV) is based on the relationship
between the revenue produced by a specific customer, the expenses incurred in
acquiring and servicing that customer, and the expected life of the relationship
between the customer and the company.
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 387
Business Value of Customer Relationship
Companies with effective customer relationship management systems realize
many benefits, including increased customer satisfaction, reduced direct-
marketing costs, more effective marketing, and lower costs for customer acqui-
sition and retention. Information from CRM systems increases sales revenue
by identifying the most profitable customers and segments for focused market-
ing and cross-selling (see the Interactive Session on Organizations).
Customer churn is reduced as sales, service, and marketing respond better to
customer needs. The churn rate measures the number of customers who stop
using or purchasing products or services from a company. It is an important
indicator of the growth or decline of a firm’s customer base.
9-4 What are the challenges that enterprise
applications pose, and how are enterprise
applications taking advantage of new
Many firms have implemented enterprise systems and systems for supply
chain and customer relationship management because they are such powerful
instruments for achieving operational excellence and enhancing decision mak-
ing. But precisely because they are so powerful in changing the way the orga-
nization works, they are challenging to implement. Let’s briefly examine some
of these challenges as well as new ways of obtaining value from these systems.
Enterprise Application Challenges
Promises of dramatic reductions in inventory costs, order-to-delivery time,
more efficient customer response, and higher product and customer profitabil-
ity make enterprise systems and systems for SCM and CRM very alluring. But
to obtain this value, you must clearly understand how your business has to
change to use these systems effectively.
Enterprise applications involve complex pieces of software that are very
expensive to purchase and implement. It might take a large Fortune 500 com-
pany several years to complete a large-scale implementation of an enterprise
system or a system for SCM or CRM. According to a 2015 survey of 562 com-
panies conducted by Panorama Consulting Solutions, the average cost of an
ERP project was $6.1 million. Projects took an average of 15.7 months to com-
plete, and 53 percent of the projects delivered 50 percent or less of the expected
benefits. Approximately 58 percent of these projects exceeded their planned
budgets, and 65 percent experienced schedule overruns (Panorama Consulting
Solutions, 2015). Changes in project scope and additional customization work
add to implementation delays and costs.
Enterprise applications require not only deep-seated technological changes
but also fundamental changes in the way the business operates. Companies
must make sweeping changes to their business processes to work with the
software. Employees must accept new job functions and responsibilities. They
must learn how to perform a new set of work activities and understand how the
information they enter into the system can affect other parts of the company.
388 Part Three Key System Applications for the Digital Age
This requires new organizational learning and should also be factored into ERP
SCM systems require multiple organizations to share information and busi-
ness processes. Each participant in the system may have to change some of its
processes and the way it uses information to create a system that best serves
the supply chain as a whole.
Some firms experienced enormous operating problems and losses when they
first implemented enterprise applications because they didn’t understand how
much organizational change was required. For example, Kmart had trouble get-
ting products to store shelves when it first implemented i2 Technologies (now
JDA Software) SCM software. The i2 software did not work well with Kmart’s
promotion-driven business model, which created sharp spikes in demand for
products. Overstock.com’s order tracking system went down for a full week
when the company replaced a homegrown system with an Oracle enterprise
system. The company rushed to implement the software and did not properly
synchronize the Oracle software’s process for recording customer refunds with
its accounts receivable system. The chapter-ending case shows how rushed
implementation of enterprise applications contributed to Target Canada’s busi-
Enterprise applications also introduce switching costs. When you adopt an
enterprise application from a single vendor, such as SAP, Oracle, or others, it is
very costly to switch vendors, and your firm becomes dependent on the vendor
to upgrade its product and maintain your installation.
Enterprise applications are based on organization-wide definitions of data.
You’ll need to understand exactly how your business uses its data and how the
data would be organized in a CRM, SCM, or ERP system. CRM systems typically
require some data cleansing work.
Enterprise software vendors are addressing these problems by offering pared-
down versions of their software and fast-start programs for small and medium-
sized businesses and best-practice guidelines for larger companies. Companies
are also achieving more flexibility by using cloud applications for functions not
addressed by the basic enterprise software so that they are not constrained by a
single do-it-all type of system.
Companies adopting enterprise applications can also save time and
money by keeping customizations to a minimum. For example, Kennametal,
a $2billion metal-cutting tools company, had spent $10 million over 13 years
maintaining an ERP system with more than 6,400 customizations. The com-
pany replaced it with a plain-vanilla, uncustomized version of SAP enterprise
software and changed its business processes to conform to the software.
Next-Generation Enterprise Applications
Today, enterprise application vendors are delivering more value by becoming
more flexible, web-enabled, mobile, and capable of integration with other sys-
tems. Stand-alone enterprise systems, customer relationship management sys-
tems, and SCM systems are becoming a thing of the past. The major enterprise
software vendors have created what they call enterprise solutions, enterprise
suites, or e-business suites to make their CRM, SCM, and ERP systems work
closely with each other and link to systems of customers and suppliers. SAP
Business Suite, Oracle E-Business Suite, and Microsoft Dynamics Suite (aimed
at midsized companies) are examples, and they now use web services and ser-
vice-oriented architecture (SOA) (see Chapter 5).
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 389
SAP’s next-generation enterprise applications incorporate SOA standards and
can link SAP’s own applications and web services developed by independent
software vendors. Oracle also has included SOA and business process manage-
ment capabilities in its Fusion middleware products. Businesses can use these
tools to create platforms for new or improved business processes that integrate
information from multiple applications.
Next-generation enterprise applications also include open source and cloud
solutions as well as more functionality available on mobile platforms. Open
source products such as Compiere, Apache Open for Business (OFBiz), and
Openbravo do not offer as many capabilities as large commercial enterprise
software but are attractive to companies such as small manufacturers because
of their low cost.
For small- and medium-sized businesses, SAP offers cloud-based versions of
its Business One and Business ByDesign enterprise software solutions (see the
chapter-opening case study). Cloud-based enterprise systems are also offered
by smaller vendors such as NetSuite and Plex Systems, but they are not as
popular as cloud-based CRM products. The undisputed global market leader in
cloud-based CRM systems is Salesforce.com, with more than 100,000 custom-
ers. Salesforce.com delivers its service through Internet-connected computers
or mobile devices, and it is widely used by small, medium, and large enter-
prises. As cloud-based products mature, more companies will be choosing to
run all or part of their enterprise applications in the cloud on an as-needed
basis. Several Fortune 500 firms are planning to move most of their enterprise
software to cloud based platforms in the next five years where they will not
incur the costs of maintaining their own hardware, and the software will be
charged on a metered basis.
Social CRM and Business Intelligence
CRM software vendors are enhancing their products to take advantage of social
networking technologies. These social enhancements help firms identify new
ideas more rapidly, improve team productivity, and deepen interactions with
customers (see Chapter 10). Using social CRM tools, businesses can better
engage with their customers by, for example, analyzing their sentiments about
their products and services.
Social CRM tools enable a business to connect customer conversations and
relationships from social networking sites to CRM processes. The leading CRM
vendors now offer such tools to link data from social networks into their CRM
software. SAP, Salesforce.com and Oracle CRM products now feature technol-
ogy to monitor, track, and analyze social media activity in Facebook, LinkedIn,
Twitter, YouTube, and other sites. Business intelligence and analytics software
vendors such as SAS also have capabilities for social media analytics (with sev-
eral measures of customer engagement across a variety of social networks)
along with campaign management tools for testing and optimizing both social
and traditional web-based campaigns.
Salesforce.com connected its system for tracking leads in the sales process
with social-listening and social-media marketing tools, enabling users to tailor
their social-marketing dollars to core customers and observe the resulting com-
ments. If an ad agency wants to run a targeted Facebook or Twitter ad, these
capabilities make it possible to aim the ad specifically at people in the client’s
lead pipeline who are already being tracked in the CRM system. Users will be
able to view tweets as they take place in real time and perhaps uncover new
leads. They can also manage multiple campaigns and compare them all to fig-
ure out which ones generate the highest click-through rates and cost per click.
390 Part Three Key System Applications for the Digital Age
Business Intelligence in Enterprise Applications
Enterprise application vendors have added business intelligence features to
help managers obtain more meaningful information from the massive amounts
of data these systems generate. SAP now makes it possible for its enterprise
applications to use HANA in-memory computing technology so that they are
capable of much more rapid and complex data analysis. Included are tools for
flexible reporting, ad hoc analysis, interactive dashboards, what-if scenario
analysis, and data visualization. Rather than requiring users to leave an applica-
tion and launch separate reporting and analytics tools, the vendors are starting
to embed analytics within the context of the application itself. They are also
offering complementary analytics products such as SAP BusinessObjects and
Oracle Business Intelligence Enterprise Edition.
The major enterprise application vendors offer portions of their products
that work on mobile handhelds. You can find out more about this topic in our
Learning Track on Wireless Applications for Customer Relationship Manage-
ment, Supply Chain Management, and Healthcare.
9-1 How do enterprise systems help businesses achieve operational excellence?
Enterprise software is based on a suite of integrated software modules and a common central data-
base. The database collects data from and feeds the data into numerous applications that can support
nearly all of an organization’s internal business activities. When one process enters new information,
the information is made available immediately to other business processes.
Enterprise systems support organizational centralization by enforcing uniform data standards and
business processes throughout the company and a single unified technology platform. The firmwide
data that enterprise systems generate help managers evaluate organizational performance.
9-2 How do supply chain management systems coordinate planning, production, and logistics with
Supply chain management (SCM) systems automate the flow of information among members of the
supply chain so they can use it to make better decisions about when and how much to purchase, pro-
duce, or ship. More accurate information from supply chain management systems reduces uncer-
tainty and the impact of the bullwhip effect.
Supply chain management software includes software for supply chain planning and for supply
chain execution. Internet technology facilitates the management of global supply chains by providing
the connectivity for organizations in different countries to share supply chain information. Improved
communication among supply chain members also facilitates efficient customer response and move-
ment toward a demand-driven model.
9-3 How do customer relationship management systems help firms achieve customer intimacy?
Customer relationship management (CRM) systems integrate and automate customer-facing pro-
cesses in sales, marketing, and customer service, providing an enterprise-wide view of customers.
Companies can use this customer knowledge when they interact with customers to provide them with
better service or sell new products and services. These systems also identify profitable or unprofitable
customers or opportunities to reduce the churn rate.
The major customer relationship management software packages provide capabilities for both oper-
ational CRM and analytical CRM. They often include modules for managing relationships with selling
partners (partner relationship management) and for employee relationship management.
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 391
9-4 What are the challenges that enterprise applications pose, and how are enterprise applications taking
advantage of new technologies?
Enterprise applications are difficult to implement. They require extensive organizational change,
large new software investments, and careful assessment of how these systems will enhance organiza-
tional performance. Enterprise applications cannot provide value if they are implemented atop flawed
processes or if firms do not know how to use these systems to measure performance improvements.
Employees require training to prepare for new procedures and roles. Attention to data management is
Enterprise applications are now more flexible, web-enabled, and capable of integration with other
systems, using web services and service-oriented architecture (SOA). They also have open source and
on-demand versions and can run in cloud infrastructures or on mobile platforms. CRM software has
added social networking capabilities to enhance internal collaboration, deepen interactions with cus-
tomers, and use data from social networking sites. Open source, mobile, and cloud versions of some of
these products are becoming available.
Key Terms Partner relationship management
Analytical CRM, 383
Bullwhip effect, 373 Pull-based model, 376
Churn rate, 387 Push-based model, 376
Cross-selling, 382 Sales force automation (SFA), 381
Customer lifetime value (CLTV), 386 Social CRM, 389
Demand planning, 374 Supply chain, 371
Employee relationship management (ERM), 381 Supply chain execution systems, 374
Enterprise software, 369 Supply chain planning systems, 373
Just-in-time strategy, 373 Touch point, 380
Operational CRM, 383
To complete the problems with the MyLab MIS, go to the EOC Discussion Questions in MyLab MIS.
Review Questions • Describe the challenges of global supply
chains and how Internet technology can
9-1 How do enterprise systems help businesses help companies manage them better.
achieve operational excellence?
• Distinguish between a push-based and a
• Define an enterprise system and explain pull-based model of supply chain manage-
how enterprise software works. ment and explain how contemporary supply
chain management systems facilitate a pull-
• Describe how enterprise systems provide based model.
value for a business.
9-3 How do customer relationship management
9-2 How do supply chain management systems systems help firms achieve customer intimacy?
coordinate planning, production, and logistics
with suppliers? • Define customer relationship management
and explain why customer relationships are
• Define a supply chain and identify each of so important today.
• Describe how partner relationship manage-
• Explain how supply chain management ment (PRM) and employee relationship
systems help reduce the bullwhip effect management (ERM) are related to customer
and how they provide value for a business. relationship management (CRM).
• Define and compare supply chain plan-
ning systems and supply chain execution
392 Part Three Key System Applications for the Digital Age
• Describe the tools and capabilities of cus- 9-4 What are the challenges that enterprise applica-
tomer relationship management software tions pose, and how are enterprise applications
for sales, marketing, and customer service. taking advantage of new technologies?
• Explain how sales force automation mod- • List and describe the challenges enterprise
ules help increase productivity. applications pose.
• Distinguish between operational and ana- • Explain how these challenges can be addressed.
• Describe how enterprise applications are
• Define churn rate and explain its taking advantage of SOA, cloud computing,
importance. and open source software.
• Define social CRM and explain how cus-
tomer relationship management systems
are using social networking.
Discussion Questions 9-7 Which enterprise application should a busi-
MyLabMIS ness install first: ERP, SCM, or CRM? Explain
9-5 Supply chain management is less about man-
MyLabMIS aging the physical movement of goods and your answer.
more about managing information. Discuss
the implications of this statement.
9-6 Why do more than half of enterprise applica-
MyLabMIS tion projects exceed budgets, deliver less than
expected benefits, or experience overruns?
Hands-On MIS Projects
The projects in this section give you hands-on experience analyzing business process integration, suggest-
ing supply chain management and customer relationship management applications, using database soft-
ware to manage customer service requests, and evaluating supply chain management business services.
Visit MyLab MIS’s Multimedia Library to access this chapter’s Hands-On MIS Projects.
Management Decision Problems
9-8 Mercedes-Benz Retail Group UK Ltd., with a network of 18 retail sites, nine used car sites, and seven smart
centers across London, Birmingham, and Manchester, wanted to learn more about its customers. How
could CRM and PRM systems help solve this problem?
9-9 Office Depot sells a wide range of office supply products and services in the United States and internation-
ally. The company tries to offer a wider range of office supplies at lower cost than other retailers by using
just-in-time replenishment and tight inventory control systems. It uses information from a demand fore-
casting system and point-of-sale data to replenish its inventory in its 1,600 retail stores. Explain how these
systems help Office Depot minimize costs and discuss any other benefits they provide. Identify and
describe other supply chain management applications that would be especially helpful to Office Depot.
Improving Decision Making: Using Database Software to Manage Customer
Software skills: Database design; querying and reporting
Business skills: Customer service analysis
9-10 In this exercise, you’ll use database software to develop an application that tracks customer service requests
and analyzes customer data to identify customers meriting priority treatment.
Prime Service is a large service company that provides maintenance and repair services for close
to 1,200 commercial businesses in New York, New Jersey, and Connecticut. Its customers include busi-
nesses of all sizes. Customers with service needs call into its customer service department with requests
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 393
for repairing heating ducts, broken windows, leaky roofs, broken water pipes, and other problems. The
company assigns each request a number and writes down the service request number, the identification
number of the customer account, the date of the request, the type of equipment requiring repair, and
a brief description of the problem. The service requests are handled on a first-come-first-served basis.
After the service work has been completed, Prime calculates the cost of the work, enters the price on
the service request form, and bills the client. This arrangement treats the most important and profitable
clients—those with accounts of more than $70,000—no differently from its clients with small accounts.
Management would like to find a way to provide its best customers with better service. It would also like
to know which types of service problems occur most frequently so that it can make sure it has adequate
resources to address them.
Prime Service has a small database with client account information, which can be found in MyLab
MIS. Use database software to design a solution that would enable Prime’s customer service representa-
tives to identify the most important customers so that they could receive priority service. Your solution will
require more than one table. Populate your database with at least 10 service requests. Create several reports
that would be of interest to management, such as a list of the highest—and lowest—priority accounts and
a report showing the most frequently occurring service problems. Create a report listing service calls that
customer service representatives should respond to first on a specific date.
Achieving Operational Excellence: Evaluating Supply Chain Management Services
Software skills: Web browser and presentation software
Business skills: Evaluating supply chain management services
9-11 In addition to carrying goods from one place to another, some trucking companies provide supply chain
management services and help their customers manage their information. In this project, you’ll use the
web to research and evaluate two of these business services. Investigate the websites of two companies,
UPS Logistics and Schneider Logistics, to see how these companies’ services can be used for supply chain
management. Then respond to the following questions:
• What supply chain processes can each of these companies support for its clients?
• How can customers use the websites of each company to help them with supply chain management?
• Compare the supply chain management services these companies provide. Which company would you
select to help your firm manage its supply chain? Why?
Collaboration and Teamwork Project
Analyzing Enterprise Application Vendors
9-12 With a group of three or four other students, use the web to research and evaluate the products of two ven-
dors of enterprise application software. You could compare, for example, the SAP and Oracle enterprise
systems, the supply chain management systems from JDA Software and SAP, or the customer relationship
management systems of Oracle and Salesforce.com. Use what you have learned from these companies’
websites to compare the software products you have selected in terms of business functions supported,
technology platforms, cost, and ease of use. Which vendor would you select? Why? Would you select the
same vendor for a small business (50–300 employees) as well as for a large one? If possible, use Google
Docs and Google Drive or Google Sites to brainstorm, organize, and develop a presentation of your findings
for the class.
394 Part Three Key System Applications for the Digital Age
Customer Relationship Management Helps Celcom Become Number One
Celcom Axiata Berhad (Celcom) is the oldest mobile multiple SIM IDs scattered among various records
telecommunications company in Malaysia and also in the system. Thecompany wanted to be able to
its largest, with an unrivaled reputation for quality see a customer as a specific person, not a SIM or a
and reliability. Nevertheless, maintaining its com- number.
petitive edge has been a struggle. In 2006 Celcom
dropped to third place among Malaysian cellular pro- Celcom’s solution involved changes to the compa-
viders. Since then, management has worked fever- ny’s technology, processes, and people. At the core is
ishly to turn the company around, and Celcom has an Oracle-based business support system (BSS) that
regained the top spot in its market. This turnaround consolidated customer records, centralized inven-
required new technology and business processes for tory management, and sped up business processes.
managing the customer experience. This system consolidates customer information into
a single view of the customer to improve customer
To become number one in the Malaysian mar- service across online, call center, and retail channels.
ket again, Celcom’s senior management knew that The Oracle implementation included new customer
the company had to build better networks and portal sites and retail stores as well as an Oracle
market more aggressively. But the real key to suc- Siebel call center system and Oracle inventory man-
cess lay in improving the customer experience. agement and Communications Order and Service
According to Suresh Sidhu, Celcom’s chief corpo- Management applications.
rate and operations officer, there will always be a
competitor who can beat you on price or even out- The BSS project team asked approximately 700
innovate you. But it’s much harder for a competi- Celcom employees in customer service, retail,
tor to disrupt a strong, positive relationship with marketing, and other divisions to list the top 10
customers. Celcom believes it’s the market’s best experiences that users and dealers wanted, such as
differentiator. fast activation, less paperwork, and always having
the most popular phones in stock. The BSS trans-
The Malaysia telecommunications market is quite formation team then developed technical and busi-
mature, with few opportunities to acquire new cus- ness process requirements based on these top 10
tomers. Customer retention is essential, as is luring lists and compared offerings from several vendors.
customers away from competitors. Malaysia’s cus-
tomer base of 14 million is large and diverse, which Celcom chose Oracle as the primary technology
requires multiple approaches to interacting with provider for the new customer experience manage-
them. Older customers prefer in-person service from ment system. The company wanted the most com-
Celcom dealers or retail outlets, while sophisticated plete suite of customer relationship management
young urban users prefer to do business online. All (CRM) tools that would support multichannel and
want reliable mobile service. cross-channel marketing efforts. Oracle seemed
the best fit and had the most functionality built in
Celcom was saddled with a siloed information without requiring additional modifications.
technology architecture and business processes that
could not provide a complete view of customers. Celcom’s transformation plan entailed retaining
For instance, customer data from one system such some of Celcom’s existing systems, and the Celcom
as billing were not easily available to other systems team liked Oracle Communications’ modularity and
such as inventory. This is a common problem for interoperability as well as its cross-channel capabili-
mobile providers because carriers have traditionally ties. Oracle Communications is a cross-channel prod-
counted customers by looking at SIM (subscriber uct suite that provides a variety of services, including
identity modules in mobile phones) IDs. However, broadband data, wireless data, and mobile voice
many customers have multiple devices and SIMs services. It helps communications services providers
for personal and work uses. Celcom needed systems such as Celcom manage and integrate customer inter-
that could identify and serve each customer rather actions across multiple channels to improve customer
than that person’s SIMs. Otherwise, Celcom service support, reduce problem resolution time, customize
representatives would waste valuable company marketing to narrow market segments, and expe-
and customer time making sense of a customer’s dite time-to-market for new products and services.
Celcom understood the importance of cross-channel
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 395
customer experiences and wanted to make this differ- New phone activation time has been cut from two
entiate the company among its competitors. Celcom’s hours to two minutes. Fewer activations require
systems solution enables customer interactions to manual follow-up. Celcom dealers and customers are
seamlessly traverse its retail shop, online shop, call happier.
center, and partner/dealer channels.
Inventory of mobile handsets at Celcom facili-
The BSS provides a single customer record, ties and dealer stores is now centralized and man-
regardless of how many services (mobile, landline, aged using BSS. Dealers can see what Celcom has in
and data) and devices a customer purchases; it is stock, and Celcom inventory managers can monitor
populated with data from various touchpoints. By the stock on dealer shelves. More detailed inventory
consolidating customer data into a unified customer control helps Celcom move more products because it
record, Celcom can offer tailored promotions offers can ship fast-selling units to dealers before shortages
in real time that fit a customer’s individual history. occur or have marketers target promotions in regions
Celcom’s holistic view of a customer includes fam- where the company wants to move specific products.
ily relationships, which has special significance This would have been impossible before. Salespeople
when marketing in Asia. The company is able to are beginning to use big data collected in BSS to bet-
see every aspect of service each customer uses, ter manage sales by region.
which makes cross-marketing and up-selling more
efficient. Celcom is now much closer to achieving its brand
vision: pleasing its customers and exceeding their
Celcom completed the BSS implementation in just expectations.
18 months, replacing 17 separate systems with one
seven-module Oracle system. Sources: Jessica Sirkin, “Oracle Implementation at Celcom Brings
IT, Business Together,” searchoracle.techtarget.com, accessed
Celcom officials explicitly tried to get employees January 17, 2016; www.celcom.com, accessed January 18, 2016;
invested in the new system to ensure it aligned with Fred Sandsmark, “Customers First,” Profit Magazine, May 2014;
the business. The company enlisted project directors and Oracle Corporation, “Celcom Transforms Its Customer Expe-
from both business and IT departments. Represen- rience with Industry Leading Oracle Communications Suite,”
tatives from sales and marketing chaired the tech- March 31, 2014.
nology selection committees to ensure that people
outside of IT were making the case for the project. CASE STUDY QUESTIONS
Top management, including sales and marketing
department heads and Celcom’s CEO, are part of a 9-13 What was the problem at Celcom described in
steering committee for customer experience man- this case? What management, organization,
agement that meets every two weeks. and technology factors contributed to this
Celcom’s integrated systems make it possible
for call center representatives to respond much 9-14 What was Celcom’s business strategy, and what
more rapidly to customer queries. In the past, cus- was the role of customer relationship manage-
tomer agents needed to toggle between two to five ment in that strategy?
screens to do their work. Now they work with just
a single screen, which increases efficiency. Using 9-15 Describe Celcom’s solution to its problem.
fewer screens cuts average call-handling time by What management, organization, and technol-
15to20percent. BSS includes a new tablet-based app ogy issues had to be addressed by the solution?
for Celcom dealers that makes signing a customer
up for a new mobile phone completely paperless. 9-16 How effective was this solution? How did it
affect the way Celcom ran its business and its
396 Part Three Key System Applications for the Digital Age
Go to the Assignments section of your MyLab MIS to complete these writing exercises.
9-17 What are three reasons a company would want to implement an enterprise resource planning (ERP) system and
two reasons it might not want to do so?
9-18 What are the sources of data for analytical CRM systems? Provide three examples of outputs from analytical
Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications 397
Chapter 9 References
Bozarth, Cecil, and Robert B. Handfield. Introduction to Operations Maurno, Dann Anthony. “The New Word on ERP.” CFO Magazine
and Supply Chain Management (4th ed.). (Upper Saddle River, (July 25, 2014).
NJ: Prentice-Hall, 2016.)
Oracle Corporation. “Alcoa Implements Oracle Solution 20%
Cole, Brenda. “Cloud ERP Users Say Up, Up and Away.” Business Below Projected Cost, Eliminates 43 Legacy Systems.”
Information (February 2014). www.oracle.com, accessed August 21, 2005.
D’Avanzo, Robert, Hans von Lewinski, and Luk N. Van Wassenhove. Panorama Consulting Solutions. “2015 ERP Report.” (2015).
“The Link Between Supply Chain and Financial Performance.” Rai, Arun, Paul A. Pavlou, Ghiyoung Im, and Steve Du. “Interfirm
Supply Chain Management Review (November 1, 2003).
IT Capability Profiles and Communications for Cocreating
Davenport, Thomas H. Mission Critical: Realizing the Promise of Relational Value: Evidence from the Logistics Industry.” MIS
Enterprise Systems. (Boston: Harvard Business School Press, Quarterly 36, No. 1 (March 2012).
2000.) Rai, Arun, Ravi Patnayakuni, and Nainika Seth. “Firm Performance
Impacts of Digitally Enabled Supply Chain Integration
Davenport, Thomas H., Leandro Dalle Mule, and John Lucke. Capabilities.” MIS Quarterly 30, No. 2 (June 2006).
“Know What Your Customers Want Before They Do.” Harvard Ranganathan, C., and Carol V. Brown. “ERP Investments and the
Business Review (December 2011). Market Value of Firms: Toward an Understanding of
Influential ERP Project Variables.” Information Systems
Essex, David. “Tomorrow’s ERP Raises New Hopes, Fears.” Business Research 17, No. 2 (June 2006).
Information (February 2014). Sarker, Supreteek, Saonee Sarker, Arvin Sahaym, and Bjørn-
Andersen. “Exploring Value Cocreation in Relationships
Hitt, Lorin, D. J. Wu, and Xiaoge Zhou. “Investment in Enterprise Between an ERP Vendor and its Partners: A Revelatory Case
Resource Planning: Business Impact and Productivity Study.” MIS Quarterly 36, No. 1 (March 2012).
Measures.” Journal of Management Information Systems 19, Seldon, Peter B., Cheryl Calvert, and Song Yang. “A Multi-Project
No.1 (Summer 2002). Model of Key Factors Affecting Organizational Benefits from
Enterprise Systems.” MIS Quarterly 34, No. 2 (June 2010).
Hu, Michael and Sean T. Monahan. “Sharing Supply Chain Data in Strong, Diane M., and Olga Volkoff. “Understanding Organization-
the Digital Era.” MIT Sloan Management Review (Fall 2015). Enterprise System Fit: A Path to Theorizing the Information
Technology Artifact.” MIS Quarterly 34, No. 4 (December
Kanaracus, Chris. “ERP Software Project Woes Continue to Mount, 2010).
Survey Says.” IT World (February 20, 2013). SupplyChainBrain. “Trends in Enterprise Resource Planning Cloud
Technology.” (February 25, 2015).
Kimberling, Eric. “5 Lessons from Successful CRM Implementations.” Sussin, Jenny. “Top Use Cases and Benefits of Social for CRM in
Panorama-consulting.com (January 28, 2015). 2015.” Gartner, Inc. (February 12, 2015).
Sykes, Tracy Ann, Viswanath Venkatesh, and Jonathan L.
Klein, Richard, and Arun Rai. “Interfirm Strategic Information Johnson. “Enterprise System Implementation and Employee
Flows in Logistics Supply Chain Relationships.” MIS Quarterly Job Performance: Understanding the Role of Advice
33, No. 4 (December 2009). Networks.” MIS Quarterly 38, No. 1 (March 2014).
Tate, Wendy L., Diane Mollenkopf, Theodore Stank, and Andrea
Laudon, Kenneth C. “The Promise and Potential of Enterprise Lago da Silva. “Integrating Supply and Demand.” MIT Sloan
Systems and Industrial Networks.” Working paper, The Management Review (Summer 2015).
Concours Group. Copyright Kenneth C. Laudon (1999). Tian, Feng, and Sean Xin Xu. “How Do Enterprise Resource
Planning Systems Affect Firm Risk? Post-Implementation
Lee, Hau, L., V. Padmanabhan, and Seugin Whang. “The Bullwhip Impact.” MIS Quarterly 39, No. 1 (March 2015).
Effect in Supply Chains.” Sloan Management Review (Spring “Top 5 Reasons ERP Implementations Fail and What You Can Do
1997). About It.” Ziff Davis (2013).
“Trends in Enterprise Resource Planning Cloud Technology.”
Liang, Huigang, Nilesh Sharaf, Quing Hu, and Yajiong Xue. SupplyChainBrain (February 25, 2015).
“Assimilation of Enterprise Systems: The Effect of Van Caeneghem, Alexander and Jean-Marie Becquevort. “Turning
Institutional Pressures and the Mediating Role of Top on ERP Systems Can Turn Off People.” CFO (February 5,
Management.” MIS Quarterly 31, No. 1 (March 2007). 2016).
Wong, Christina W.Y., Lai, Kee-Hung, and Cheng, T.C.E. “Value of
Liang, Huigang, Zeyu Peng, Yajiong Xue, Xitong Guo, and Information Integration to Supply Chain Management: Roles
Nengmin Wang. “Employees’ Exploration of Complex of Internal and External Contingencies.” Journal of
Systems: An Integrative View.” Journal of Management Management Information Systems 28, No. 3 (Winter 2012).
Information Systems 32, No. 1 (2015).
Maklan, Stan, Simon Knox, and Joe Peppard. “When CRM Fails.”
MIT Sloan Management Review 52, No. 4 (Summer 2011).
Malik, Yogesh, Alex Niemeyer, and Brian Ruwadi. “Building the
Supply Chain of the Future.” McKinsey Quarterly (January
Mehta, Krishna. “Best Practices for Developing a Customer
Lifetime Value Program.” Information Management (July 28,
Morrison, Tod. “Custom ERP No Longer in Vogue.” Business
Information (February 2014).
CHAPTER10 E-commerce: Digital Markets,
After reading this chapter, you will be able to answer the following questions:
10-1 What are the unique features of e-commerce, digital markets, and digital
10-2 What are the principal e-commerce business and revenue models?
10-3 How has e-commerce transformed marketing?
10-4 How has e-commerce affected business-to-business transactions?
10-5 What is the role of m-commerce in business, and what are the most
important m-commerce applications?
10-6 What issues must be addressed when building an e-commerce presence?
Visit mymislab.com for simulations, tutorials, and end-of-chapter problems.
Uber Storms Europe: Europe Strikes Back
Getting Social with Customers
Can Instacart Deliver?
Walmart and Amazon Duke It Out for E-commerce Supremacy
Walmart Takes on Amazon: A Battle of IT and Management Systems
Groupon: Deals Galore
Etsy: A Marketplace and Community
Walmart’s E-commerce Fulfillment Center Network
Behind the Scenes of an Amazon Warehouse
Uber Storms Europe: Europe Strikes Back
Uber, the so-called “ride hailing service” (otherwise known as a taxi ser- © FocusTechnology/Alamy Stock Photo
vice) is headquartered in San Francisco and was founded in 2009 by
Travis Kalanick and Garrett Camp. Uber is the posterchild (along with
Airbnb) for the on-demand economy, a place where independent contractors
respond to online requests for service. Uber’s various services for transporting
people rely on a smartphone app to hail a ride provided by an independent
contractor (a driver) who is not an employee of the company. Drivers are self-
employed and not under the direct control of Uber as employees would be.
They may or may not be licensed or trained. The drivers supply their own car,
pay for the gas, maintenance, insurance, and even their own cell phones.
They take a cut of the fare, which used to be 20 percent or less, but in 2016 is
moving to 25 percent. Voila: a taxi company with no taxis or employees, and
an Internet platform for hooking up cars with people looking for a ride. One
more thing: Uber provides rides for 30 to 50
percent less than regulated taxis and also
changes its fares depending on demand.
It’s called “surge pricing.”
By 2016, Uber had more than 162,000
drivers working in 200 cities and 55 coun-
tries generating revenue of $10 billion and
earnings (after paying its drivers) of $2 bil-
lion. More than 100,000 people use Uber
on a regular basis. However, Uber’s over-
the-top success has created its own set of
Uber has taken many American cities
by storm and largely succeeded. Not that
there hasn’t been plenty of opposition
from local taxi businesses who have paid
hundreds of thousands of dollars in many
cities for official medallions licensing them
to pick up and transport passengers. Local governments have also resisted
Uber, fearing the loss of tax revenue and threats to public safety and health
posed by unskilled and uninsured drivers whose cars may not pass inspection.
Nevertheless, in most cases, Uber has prevailed over local opposition, based in
part on public support for an expanded and higher-quality taxi service using
mobile technology, and support from Uber drivers who see the company as
providing opportunity for a decent living. Uber has been very successful in
using social media and online marketing campaigns to organize opposition
to local politicians who oppose it. The result is that Uber has not been banned
from any U.S. city, although in some cities like New York Uber is required