A Strategy Framework About Information: a Study of Integrity For Complex Business Environment Characterized By Uncertainty
Ensuring Information Integrity in a Complex and Uncertain Business Environment
by Suneeta Sharma*,
- Published in Journal of Advances and Scholarly Researches in Allied Education, E-ISSN: 2230-7540
Volume 1, Issue No. 1, Jan 2011, Pages 0 - 0 (0)
Published by: Ignited Minds Journals
ABSTRACT
Thispaper investigates the research issue of Information Integrity for complexbusiness environment characterized by uncertainty. The paper begins with astudy of the Strategy framework for homogeneous business environment with ‘nosurprises,’ which the paper identifies as a ‘closed’ system. This leads to thestudy of an informational view of a complex business environment. The paperargues that complex systems are essentially ‘open’ systems, which, with time,undertake shifts in IS goal, direction and targets (i.e., standards for plansand programs). These shifts, and the uncertainty due to system complexity andother environmental factors identified, infest the IS with hitherto unknownerrors resulting in loss of integrity. This calls for “adaptive learning” as arequirement for the Strategy framework. Accordingly, the paper goes on toconstruct the components of the Strategy framework to ensure InformationIntegrity in a complex business environment. In addition to adaptive learningcapability, it comprises the servo control systems built around the meaningfuluse of pre-estimated targets (standards). This brings about improvements inprocesses, operations, and inputs bycontrolling them to achieve desired outputs and meeting business systemobjectives. Finally, the paper presents a conceptual view of the systemsrepresentation of the Strategy framework.
KEYWORD
Information Integrity, complex business environment, uncertainty, strategy framework, adaptive learning, servo control systems, processes, operations, inputs, outputs, business system objectives
1. INTRODUCTION
The research investigations presented at IFIP TC 11 WG 11.5 Second Working Conference [Mandke and Nayar, 1998] suggested a conceptual information system (IS) model for a business process and argued that despite application controls and the error-checking filters that hardware and software vendors incorporate into their products, networked computerized information systems are prone to errors that are made, but not corrected. These errors are due to factors of Complexity, Change, Communication, Conversion and Corruption drawn from the system environment, external to the application system and overlapping with the user environment. This results in loss of integrity in IS. Investigations identified these intrinsic integrity attributes as accuracy, consistency, and reliability which, irrespective of the nature of use, any IS and its information output, must satisfy and proposed the need to incorporate on-line learning and error correcting mechanisms in the IS models. To detect errors in IS that are made but not corrected, the research findings proposed a design by incorporating automatic feedback control systems with error detection and correcting technologies for ensuring accuracy, consistency and reliability of information; technologies that maximize integrity of information systems Information Integrity Technologies (I*IT). When incorporated, these technologies would demonstrate the improvements in the integrity of information obtained, and the advantage of not just leaving reliability to the computerized information systems. The question of implementing Information Integrity Technology was considered in the research investigations presented at IFIP TC 11 WG 11.5 Third Working Conference. Given that a triple < entity, attribute, value> developed by the database research community represents a data/information model, and also given a simplistic situation in which the value part of data/information is expressed numerically, the investigation presented approaches to quantifying accuracy, consistency, and reliability of the data item of value and to building a Cumulative Information Integrity Index (CIII). This provided a measurable basis for demonstrating integrity level in the IS. This was followed by presentation of Information Integrity Technology implementation steps. This paper takes the discussion on Information Integrity from its design basis and implementation methodologies to the problem of developing Strategy framework for a business environment characterized by uncertainty.
2. STRATEGY INFORMATION INTEGRITY FOR HOMOGENEOUS BUSINESS ENVIRONMENT WITH ‘NO SURPRISES’
Traditionally, business enterprises have adopted ‘top-down’ strategies characterized by ‘working according to plan’, emphasizing ‘standardization’ and ‘keeping things on track’, so as to ensure there are ‘no surprises’. Understandably, enterprises seek to produce ‘standard’ products in high volumes and successfully use control systems tuned to fixed 'data/information decisions' to ensure business objectives of operational optimization and cost efficiency, which give the business its strategic advantage. More often than not, they are processing only ‘structured’ and ‘periodic’ information (for example, engineering design information as in the case of electrical or mechanical systems whose physical structures are well understood). Figure (1) gives a systems representation of an automated engineering system producing ‘standard’ products in high volumes. The early applications of computerized information systems were for such businesses, and understandably they were justified on the cost reduction aspects of processing structured and periodic information. The information ‘content’, or the degree of strategic uncertainty, in the information processed by these applications was minimal. As more business information processing installations became application- oriented, there came into existence an application for payroll, a different application for inventory status, and still others for accounting, cost distribution, sales analysis, and so forth, all emphasizing the efficient utilization of computers. With time, however, businesses became aware of the computer’s potential for solving management problems in Strategy, direction and control.
Figure 1. Systems representation of an automated production system producing "standard" product in high volumes
Here again, as problems were identified and new techniques developed, each evolved into a new application: production control, inventory control, sales forecasting, project management, maintenance scheduling, quality control. Each is a new computerized information system, and has its own sources of information, terminology, and classification methods. There was no emphasis on integration and physical systems were still kept simple. There were sources of errors such as hardware errors, data entry errors, accidental or intentional failures (including human failure), etc. These led to problems of accuracy, consistency, and reliability of the information processed even in these otherwise highly non-integrated information systems seeking to produce ‘standard’ products and normally dealing with structured and periodic or repetitive information. The reason for elaborating the early business IS development processes is the ‘standardized’ nature of the business and the ‘structured’ and ‘periodic’ or ‘repetitive’ nature of its information processing requirements, which contributed to the design of controls for ensuring integrity (accuracy, consistency, and reliability) of the information processed by the business IS for ‘standard’ product/high volume/low cost models of business enterprises. In these businesses, as no variation in the information transformation processes is desired standard operating procedures specify how every transformation/process/action should be performed. Control is achieved by monitoring that all processes/actions (machine and human) match specified procedures. Efficiency studies, internal control standards, and desired safety levels are then used to develop detailed operating procedures. This is the ‘process’ contro approach to ensuring integrity. And another approach is to control output - information in the case of business IS - by carefully selecting input, that is, by controlling data collection processes. This is the ‘input’ control approach to ensuring integrity of information. External controls administrative controls, IS operational controls (comprising input controls, processing controls and output controls), documentation controls, and security controls are traditionally built into IS at the systems analysis stage, so as to ensure the integrity, i.e., accuracy, consistency, and reliability of the information processed by the business IS. Figure (2) gives a systems representation of these internal controls in an information system for a homogeneous business environment characterized by ‘no surprises’. In spite of all these controls, computerized information systems contain errors that are made but not corrected. There are several reasons for this. As businesses developed more and more “applications,” it also found that, while solving some problems, these “applications” also created several new ones; the key reasons being: (i) There is more information available than anyone can digest or evaluate (the problem of information overload). (ii) There are frequent conflicts between the results from two applications; for example, a report on employee absenteeism from the payroll application does not tally with the absenteeism rate derived from the personnel application (absence of standardization). (iii) When the organization attempts to solve problems involving several departments, there is no relationship between the data in various applications - the decisions on product mix will certainly affect inventory investment, but unfortunately the production contro application and the inventory control application do not communicate with each other (problems due to emphasis on minimizing integration). (iv) With increased “applications”, the business IS has acquired a complex structure and, as a result, it has started encountering types of information failures not encountered earlier (for example, failures that come with delayed time and with complex fault mechanisms like those due to the latent errors made during IS development life cycle phases, etc.). No doubt the computerized information system increased the efficiency of the business processes and made information systems integral to both operational and managerial functions But, ironically, it also introduced uncertainty in the seemingly homogeneous information environment of the business process, requiring assurance on the integrity of information for improved business performance and strategic advantage.
3. INFORMATIONAL VIEW OF COMPLEX BUSINESS ENVIRONMENT CHARACTERIZED BY UNCERTAINTY
Many businesses recognized this problem and proposed integrated information systems serving several departments and functions within an enterprise. This led to the realization of the value of information as a basic resource of the enterprise and resulted in abandoning the application-by- application approach. In the beginning, what accelerated this process was the invention of microprocessors, which led to a dramatic increase in the use of computers in business and in daily life, to a point where today, by one estimate, these ‘data embedded’ systems outnumber humans on our planet. Subsequent push in this direction came as real-time computer systems became as common as batch systems; and the Net became a reality. These developments led to yet another technology in the form of data driven technology. In the manufacturing sector, data driven automation demonstrated the benefits to be reaped from manufacturing ‘smarter’. Further, combining the power of desktop information processing and high speed telecommunication, the new technology began facilitating on-line transactions which, in due course, became the best known public face of electronic commerce activities such as internet book-buying and on-line stock-trading. And in the industry’s supply chain (linking manufacturers, assemblers, distributors, marketers and customers), it presented supply chain Strategy (SCP) solutions offering opportunities for inventory reduction and shortening supply chain by saving on time. All these are examples of using information ‘smarter.’
3.1. Centrality of Informational Work System in Complex Business Enterprise characterized by Uncertainty
This calls for automation of ‘informational work’ carried out by the soft *i.e., design (innovation) and Strategy & decision (programming)] components of the enterprise, in which every possible business ‘data’ (internal as also external) is seen as raw material, ‘data processing or transformation or conversion’ as the system function, and ‘data product’ or ‘information’ as processed data to trigger information use (decision making included) to deliver ‘information decision’ (to the control stage of the physical work system) to add value to the product. Using data/information ‘smarter’ is an application of flexible automation accounting for product innovation, customer needs (product requirements), and for constraints of costs and capabilities – a structural variant from ‘inflexible’ automation of traditional businesses [Spectrum series 1987; Mandke and Nayar, 2000]. Flexible automation is becoming possible due to (a) availability of on-line computers, (b) computers providing capability for moment by moment optimization of processes and decision making, and (c) availability of system integration capability to yield a computer-integrated system for attaining business objectives [see Fig. (3)]. What makes it possible now to ‘put it all together’ in a total design, manufacturing and delivery system is the technological reality of digital data as medium of information across the enterprise. Further most importantly, such systems can be applied to both hard components of manufacturing like processes, machinery and equipment, as well as soft components like information flows and databases—the informational work systems.
3.2. Core Business Process IS View
This centrality of the "informational work" in achieving agility and adaptivity in the enterprise's functioning and handling large and constantly changing range of produced items, provides a conceptual framework to model all business processes as data processing procedures, i.e., they all process data in some manner to deliver information for use in decision-making. Taking the triple < e, a, v > to represent a data/information model, Conversion Stage and Information Representation & Use Stage of the informational work system. With this delineation of data processing activities and putting them together with the requirements of information flow modeling for the Decision-Making Stage, an IS View of the Business Process is given in Figure (4).
3.3. Errors in Business Process IS View and their Implications
Due to factors of 5 “C”s *see Section (1)+, this business IS view is subject to errors in data and information processed by it. Research investigations argue that errors in IS view can be modeled to include: i. errors with deterministic descriptions caused due to events singular in nature like software failure, denoted by, and ii. errors with stochastic descriptions caused due to: a. general causes like mechanistic failure, service disruptions, etc., denoted by b. human judgmental factors operating at human-IS interface, denoted by, and c. systems factors (external and internal to IS) like a merger, regulatory activity, legislative action, activity of a competitor, acquisition of a new software or hardware, etc., denoted by The applicable combinations of error types occur at various data processing activities under IS stages. For the purpose of this study, what is important is to recognize that these errors result in loss of integrity at the data origin, conversion and output stages and at pre- and post- conversion stage communication channels, thereby rendering data and information processed inaccurate incomplete, not up-to-date and unreliable. Figure (4) gives a systems view of the complex business process IS view characterized by uncertainty incorporating error components and presenting emerging Information Integrity implications.
4. ADAPTIVE LEARNING–ON THE NATURE OF INFORMATION INTEGRITY STRATEGY REQUIREMENT
As explained in Section (2), the very business benefits accruing from ‘applications’ and the very fear of failure, in case of not taking the beaten path, paved the way for increased but
ad-hoc (repair and service mind-set) use of computerized information systems that gave for the
time being improved cost-efficiency and productivity and hence profits. However, with time, new factors emerged: (a) change of objective and of direction presenting an opportunity (realization that the computerized information systems are also useful to solve management problems involving requirements of Strategy, direction, and control); (b) in the wake of technological developments, dramatic acceleration in system integration for further business benefits (environmental impact); (c) new risks bringing in hitherto unknown information failures (for example, increased integration exposed even inner IS modules to environmental impacts. To elaborate, sometimes even simple interaction with external systems may fail (e.g., a module might turn ON or OFF an external actuator, or sense an external switch). In other cases the interaction may be more complex, either because of the nature of the information being passed, or because of the inherent complexity in the external system. Figure 4. Systems View of Complex Business Process IS View characterized by Uncertainty incorporating Error components and presenting emergent Information Integrity implications The most complex interfaces involve human users (internal as also external to the IS), which require passing a great deal of information to human users. And it so happens human users are complex and unpredictable adding to the complexity and uncertainty in the IS externa environment [Storey, 1996]. (d) change of objective and of direction impacting the environment (for example, opting for business objectives of customization and IT-driven differentiation changed the way people look at business); etc. All these, as argued in Sections (1) and (3), understandably introduced errors in the IS that are made, but not corrected, in spite of controls. This study does not intend to exhaust all sources of IS errors in computerized information systems. But this analysis clearly establishes the inadequacy of the reality model of IS as a ‘closed’ system. In fact, as shown above, even the IS for the ‘standard’ product/ high volume business model, was not a closed system. In the thick of integration minimization approach ‘motivation’ of increased profits led to incorporation of ‘applications.’ While Strategy, even when recourse was taken to ‘methodism’ by holding on to established patterns of action by ad-hocism in the form of application-by application approach, eventually a new ‘direction’ emerged in the form of relevance of computerized information systems to management requirements of Strategy and control; leading to shift in IS goal from that of just operational efficiency to those of Strategy and monitoring effectiveness besides operational efficiency. Similarly, over time technological developments also brought about shifts in business goals; moving the goal from cost efficiency to of financial optimization (environmental influence), and that in turn led to emergence of business models with emphasis on ‘continuous innovation’ and ‘mass- customization’ for increasing market share – a structural variant of the ‘standard’ product/high volume business model. All these, changing time sequence (dynamics), shift in goal, identification of new direction impacting or being impacted by the environment, are characteristics of open system and are indicators of ‘adaptive learning’ capability that the business IS has been demonstrating. Even as the IS was being impacted by, and also impacting, its environment, because of the closed system view of the business reality model, the IS was being infested with increased information errors (accruing from Design, Development, Deployment (testing), Data and Detection (auditing) errors *5 “D”s+), resulting in loss of integrity, which is detrimental to the business objectives. This clearly establishes the Information Integrity Imperative, i.e., the trustworthiness and dependability of the information to derive competitive advantage in an uncertain business environment (how does one further integrate for increased effectiveness and efficiency while minimizing, if not eliminating, IS errors?). It also suggests the need to manage ‘conflicting rea goals’ to meet the objectives of maximization of system integration to enlarge markets and optimize financial benefits by ensuring the integrity of the information base. Business IS exists in the real world. In concrete terms, managing ‘conflicting real goals’ calls for maximizing information about: objects (some concrete, such as machines and buildings, and some abstract, such as stocks, accounts and sales forecasts), environment (physical, organizational, personal), people, rules, norms (often deeply engrained ways of doing things and modes of thinking and practice), and commands (such as computer programs). This is the information base from which businesses continuously learn about shift in IS goal, emerging new directions, strategic uncertainties presenting new opportunities and risks, design innovations setting new improved targets (standards), improvements in processes and procedures, improved inputs and outputs, etc. In the vocabulary of systems engineering, business IS is an adaptive learning system, which is as customer responsive as a living organism is environment-responsive. The Information Integrity design has the requirement to detect (learn) and correct (control) the IS errors in an adaptive
learning IS irrespective of the complexity of the business process IS View of Figure (4).
5. A STRATEGY FRAMEWORK
The crux of adaptive learning is in managing maximal information in a dynamic, open system environment of a complex business IS in an atmosphere of uncertainty. Research investigations suggest an I*I design incorporating automatic feedback control systems [Section (1). As ‘feedback’ is an essential component in the design of any ‘learning’ mechanism, the conceptua framework of the “automatic feedback control system” in Information Integrity Technology can be further developed into a Strategy framework for a complex and uncertain IS environment. In an open environment, the adaptive capability of the system is characterized by learning about changes, more appropriately ‘shifts,’ that could be warranted from time to time in the system goal, direction and targets (i.e., standards, which understandably cover plans and programs). For a complex information system user (internal as also external) each of these three (i.e. goal direction, and targets) is nothing but ‘information items.’ That is to say, in managing the conflicting real goals of business, and the requirement of Information Integrity so critical in achieving those, the IS user must appropriately maximize the information for each of these information items. Organizing this information base, in fact, is an IS in its own right with stages of detection/estimation/prediction (forecasting), alternatives (opportunities and risks), and selection or decision (evaluation and judgment). The IS user then processes the maximized information for each of the information items to learn or to select or to decide on the newly emerging goal or direction or target (standard) as the case may be. Toward the design of the Strategy framework, this is the first step in the extension of the ‘feedback’ concept for improved estimates of the information items of goal, direction and targets (standards); thereby reducing the IS errors and improving Information Integrity. This brings one to the issue of continuous innovation for attaining business objectives and competitive advantage for increasing market share, through measures like masscustomization. These are the product or service design innovations that facilitate the business in exploiting the opportunity space for meeting its objectives, while, at the same time, keeping it clear of risks. In order to make this happen, the Strategy framework has to develop constraints within which any design innovation is worked out for implementation. Needless to say, processes for determining the design innovation (see Figure (4)), the correct opportunities and the correct risks, and the goal and direction are also information processes, and, therefore, it is important that the integrity of these processes is also assured. Having provided the innovation design strategy, within the framework of sensed (determined) perceptions of the adaptive changes in the IS, once again the issue of extension of the ‘feedback’ concept comes into the picture. This time it has to be built around a meaningful use of the above mentioned pre-estimated targets (standards), to bring about improvements in processes operations, and inputs by controlling them to achieve desired outputs and meeting business objectives in accordance with the predetermined standards (targets). Incidentally, use of targets (standards) to build systems for controlling processes and inputs, to obtain desired outputs and system performance as per pre-determined standards, is an established engineering approach. This is a class of control systems of great practical significance – the so-called servo-mechanisms, or sevos, for short. In its classical definition, a control system is referred to as a servo (system) if the output is designed to follow as closely as possible a given reference signal. What it does is to measure the system output, obtain the error in the form of deviation of the output from the reference signal, and then use that error signal to control the system performance in such a manner as to minimize, in some sense, the error; that is to make the output as close to the reference signal as possible. Servo systems are essentially feedback systems that can be applied to both linear and non-linear systems, which, incidentally, al business process information systems are. For the purpose of this study, the system output can be what the management literature terms as “key success factors” or “critical success factors” or “critical performance variables” (financia measures, internal business measures, that define the performance of the business process. The reference signal for each key success factor is the respective target, i.e., the pre-determined standard so developed as to ensure meeting the business objectives. The servo system, based on the meaningful use of pre-determined standards would continuously measure the business performance output, obtain its deviation (error) from the pre-determined standard desired or expected, and then, based on the extent of error or deviation, control (improve or innovate or adjust locally at the field level) the process, procedure, operation or input, as the need may be, so as to make the system output as close to the pre-determined standard (in some sense zero error or deviation) as possible. Unlike traditional business models, in which controls are in the nature of requirements of static, pre-determined standardization of processes and inputs, here controls ensure that outputs, i.e. business performance outcomes, meet pre-determined standards (targets) which, through feedback applications, keeping in mind the open system character of business IS, are also tuned to the process of adaptation for future advantage. It goes without saying that the servo systems implemented as above are also IS, and hence are liable to contain errors that are made but not corrected, and, therefore, they too require measures for ensuring their integrity so that Information Integrity of the total business IS system is assured. There is one more important aspect. In order to ensure Information Integrity of a complex business IS in an environment of uncertainty, what have emerged are the information processes for the following: (a) for improved dynamic estimates of goal, direction and targets (standards – for plans and programs) and feedback systems for adaptive learning; (b) for correct estimates of opportunities and risks in the light of strategic uncertainties, (c) for continuous design innovations for attaining business objectives, (d) for improving processes, operations and procedures to meet servo objectives, and (d) for implementing servo control systems for meeting the business objectives. As each of these itself is a complex system, as explained in Section (3), they all will have IS errors, requiring assurances of integrity for each of them. As one is dealing with maximal information at each stage here, one important concern should be accuracy, consistency, reliability of the information processed. This is the problem of interna control for a complex business IS and it goes without saying that, among other things, the integrity of the information items received by each processing systems will have to be assured if as mentioned above, each of these processing systems and, thereby, the complex business IS under consideration is to ensure Information Integrity. This totality gives the Information Integrity Strategy Framework for a complex business environment characterized by uncertainty. Figure (5) provides a conceptual view giving a systems representation of the Strategy Framework.
6. CONCLUSION
The task of dealing with a complex business environment characterized by uncertainties is the challenge of working with an open system. Components and subsystems of an open system are also open systems in their own right and they coordinate and interact amongst themselves by processing information. As a result, whatever else a business does, make automobiles, sell rea estate, run hotels, or whatever, through its IS view, it processes information. And this IS view contains errors, resulting in loss of integrity, which is detrimental to business objectives. This establishes the Information Integrity Imperative as the key factor determining competitive business advantage. Traditional Information Integrity implementation approach based on the assumption of the reality model of business systems as closed systems is ad-hoc, characterized by "application-by- application" strategy, and, as a result, unable to respond to needs of complex businesses operating in the world of change and uncertainty. This calls for the instrumentality of Strategy framework, which empowers Information Integrity design and implementation approaches with an ability to learn about the ways in which business as an open system interacts with its environment to set and achieve integrity targets while remaining on the path of growth.
- REFERENCES -
Burch (Jr.) J.G., and Sardinas (Jr.) J.L. (1978) Computer Control and Audit, John Wiley & Sons, NY. Elgerd O.I. (1967) Control Systems Theory, McGRAW-Hill Book Co., NY.
Dorner D. (1996) The Logic of Failure – Recognizing and Avoiding Error in Complex
situation, Perseus Books, USA.
Mandke V. V., and Nayar M.K. (1998) Design Basis for Achieving Information Integrity − A
Feedback Control System Approach, IFIP TC 11 Working Group 11.5 Second Working Conference on Integrity and Internal Control in Information Systems, Edited by Sushi Jajodia, William List, Graeme W. McGregor and Leon A.M. Strous, Published by Kluwer Academic Publishers.
Mandke Vijay V., and Nayar M.K. (1999-A) Implementing Information Integrity Technology
- A Feedback Control System Approach, IFIP TC 11 Working Group 11.5 Third Working Conference on Integrity and Internal Control in Information Systems, Edited by Margaret E van Biene-Hershey and Leon A.M. Strous, Kluwer Academic Publishers, Boston, USA.
Mandke Vijay V., and Nayar M. K. (1999-B) Modeling Information Flow for Integrity
Analysis, Proceedings of the 1999 Conference on Information Quality, Edited by Yang W. Lee and Giri Kumar Tayi, MIT, Cambridge, Massachusetts, USA.
Mandke Vijay V., and Nayar M.K. (2000) Information Integrity Imperative for Competitive
Advantage in Business Environment characterized by Uncertainty, Proceedings of Information Technology for business Management Conference, Edited by Renchu Gan 16th World Computer Congress 22000, 21-25 August, Beijing, China. Mathew Don Q. (1971) The design of Management Information Systems, Auerbach Publishers, NY. Melville R., and Hafen M. (1999) Control Models and Control Self assessment: Results of a Survey of the IIA CSA Center, IFIP TC 11 Working Group 11.5 Third Working Conference on Integrity and Internal Control in Information Systems, Edited by Margaret E. van Biene- Hershey and Leon A.M. Strous, Kluwer Academic Publishers, Boston, USA. Simons R. (1995) Levers of Control, Harvard Business School Press, Boston, USA. Spectrum series (1987) Computers and manufacturing productivity,An IEEE Press Book. Storey N. (1996) Safety-Critical Computer Systems, Addison-Wesley, NY.
