Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 24


Assignment Cover Sheet

Qualification Module Number and Title

Higher National Diploma in Business Management BHNC4106 Managing Information in Business

Student Name & No. Assessor

Ms. Niluka Samarakoon

Hand out date Submission Date

End of the term

Assessment type Duration/Length of Weighting of Assessment

Assessment Type
Report-Group equivalent to 3000 50%

Learner declaration

I, …………………………………………..……………..certify that the work submitted for this

assignment is my own and research sources are fully acknowledged.

Marks Awarded
First assessor

IV marks

Agreed grade

Signature of the assessor Date

KG/HNDBM/04/14 Page 1



Module : Managing Information in Business

Student :

Assessor : Ms. Niluka Samarakoon

Assignment : Report-Group

Strong features of your work:

Areas for improvement:

KG/HNDBM/04/14 Page 2

Marks Awarded:

Coursework: Group Report

Learning outcomes covered

 Understand the business operating models and ICT

 Understand the role of ethics, security and risk management in IT

Scenario and the Task

Assume that your group (three to four members) has been selected as Information System and Communication
Consultants in a stable, well-established organization, which is chosen by you after successfully completing
your higher education in Business Management. Please note that the organization is currently utilizing the
benefits from implemented information systems to a satisfactory level. The first task you have been assigned is
to identify, analyze and evaluate the current usage of information systems under current business environment
and find out the problems and issues to recommend better solutions for a smooth functioning.

The findings should be presented in a formal written report of 3000 words prepared by the group. In addition to
the report, it is required that each group member includes a written reflective one page statement, outlining
your personal contribution to the report’s outcome, including teamwork experience and your individual learning.
Further a short viva will be undertaken, typically 10 minutes per student, to ensure the contribution to the team
work and to test the overall knowledge of the students in relation to the learning outcomes.

The report must cover below indicatives;

KG/HNDBM/04/14 Page 3

a) New trends of information technologies such as E commerce, Internet Business models,

Big Data, Data Mining, Business Intelligence, Cloud Computing and suitability of those
to the selected organization (25 marks)

b) The information rights provided to the employees, ethics related to the information
collection and dissemination as per professional code of conduct of the organization.
Approaches use for managing security and risk related to IT systems. (20 marks)

c) Issues related to IT systems such as issues facing due to lack of understanding about the
ethics and rights, security management issues in relation to software, hardware and
network system of the organization. (10 marks)

d) Provide recommendations to above identified ethical, security issues and risks of IT

management systems of the organization. (10 marks)

e) Explain the importance of Data Protection Act in relation to United Kingdom Data
Protection and Cyber Crime Act to get an understanding about the legal framework
defined by the law to reduce the issues related to information and systems within a
business environment. (10 marks)

f) Importance of ICT in managing businesses and the role of ethics, security and risk
management in IT (15 marks)

g) Appropriate report structure with Harvard Referencing style followed (10 marks)

KG/HNDBM/04/14 Page 4

Assessment Criteria

Marks obtained by
This submission will be assessed as follows Total marks
the student for the
answer provided
Task a
 Describe the new trends of information 18
technologies in the market such as E commerce,
Internet Business models, Big Data, Data Mining,
Business Intelligence, Cloud Computing (6*3)
 Recommending an appropriate application to 07
the selected organization for an identified need

Task b
 Identify the information rights provided to the 05
 Identify ethics related to the information 05
collection and dissemination as per professional
code of conduct of the organization
 Approaches use for managing security related to 05
IT systems.
 Approaches use for managing risk related to IT 05

Task c
 Issues related to IT systems such as issues facing 10
due to lack of understanding about the ethics
and rights, security management issues in
relation to software, hardware and network
system of the organization. (at least two issues-
Task d
 Provide recommendations to above identified 10
ethical, security issues and risks of IT
management systems of the organization. (2*5)

KG/HNDBM/04/14 Page 5

Task e
 Explain the importance of Data Protection Act in 10
relation to United Kingdom Data Protection and
Cyber Crime Act to get an understanding about
the legal framework defined by the law to
reduce the issues related to information and
systems within a business environment

Task f
 Deriving appropriate conclusions on the 15
importance of ICT in managing businesses and
the role of ethics, security and risk management
in IT

Task g
 Use appropriate report structure: 05
acknowledgment, executive summary, table of
content, introduction, body, conclusion,
recommendations, reference list, appendices
and application of given formatting guidelines
 Use Harvard references 05

Total Marks 100

Submission Guidelines

 Submission format: Report

 Paper Size: A4
 Words: 3000 words
 Printing Margins: LHS; RHS: 1 Inch
 Binding Margin: ½ Inch
 Header and Footer: 1 Inch
 Basic Font Size: 12
 Line Spacing: 1.5
 Font Style: Times New Roman
 Referencing should be done strictly using Harvard system

KG/HNDBM/04/14 Page 6


First of all we pay our gratitude towards Mrs. Niluka samarakoon , who guided us in every
single step in the assignment. Secondly we take this opportunity to express my gratitude to
Mr. Aruna Herath assistant manager in commercial bank, Kurunegala city office for
providing opportunity to visit their companies and providing support to study about IT
systems in their company.

Next we would like to thank all our batch mates who encouraged us to do this assignment.
Finally we pay our sincere gratitude to all the ones who supported us , encouraged us at least
by verbally to do this assignment.

KG/HNDBM/04/14 Page 7

Executive summary

Here we are assigned to identify, analyze and evaluate the current usage of information
systems under current business environment and find out the problems and issues to
recommend better solutions for a smooth functioning.

New trends of information technologies such as E commerce, Internet Business models, Big
Data, Data Mining, Business Intelligence, Cloud Computing is trending in the world and we
are going to analyze how suitable these things to our organization.

The information rights provided to the employees, ethics related to the information collection
and dissemination as per professional code of conduct of the organization is important in
competing with today’s world competitors. Approaches use for managing security and risk
related to IT systems will be further analyzed.

For security, risk management or for anything it can be restricted through laws and
regulations but ethics are totally different. They are just good behavior patterns and they
cannot be restricted legally. But in today’s world people get attracted to organizations that
practices good ethics, therefore it is really important to maintain good ethics. We will identify
the importance of these to our organization and ways in which we can improve that.

KG/HNDBM/04/14 Page 8

Table Contents
Executive summary................................................................................................................................8
1) Suitability of new trends of information systems to commercial bank and recommendations......11
2) The information rights provided to the employees , ethics related to the information collection
and dissemination in commercial bank and approaches use for managing security and risk related to
IT systems............................................................................................................................................15
2.1) The information rights provided to the employees, ethics related to the information collection
and dissemination as per professional code of conduct..................................................................15
2.2) Approaches use for managing security and risk related to IT systems.....................................16
3) Issues related to IT system..............................................................................................................18
4) Recommendations to ethical, security issues and risks of IT management systems in commercial
5) Importance of Data Protection Act in relation to United Kingdom data protection and Cyber Crime

KG/HNDBM/04/14 Page 9


Commercial bank is a leading financial bank in Sri Lanka. Its head branch is situated at
Colombo, Sri lank. There are about 456 branches and over 3000 employees in the
commercial bank.

When it comes to Sri Lankan context considering the improvements in the information
technology one of the leading organization in the banking sector is the Commercial Bank
PLC of Sri Lanka. They have taken many innovative steps in aligning information technology
to their operational activities.

Over the last financial years commercial bank has adopted many ICT inspired solutions
across the main services and other services like data center consolidation, disaster recovery
and storage of data and information. This is really important for the bank to function
smoothly by without making their own networking a disaster. But yet there is a huge risk is
associated in all these solutions as it is directly connected with internet and there is a risk in
reliability due to a third party involvement.

But most importantly with the introduction of ICT to the operations of the bank security has
improved and from the other side the risk associated with banking has also increased. But as
the leading bank of the country they have adopted many approaches in enhancing the security
and all those steps will be further discussed.

If someone engages in any of that activity we could only say that it is unethical, other than
that the organization cannot take any action legally or professional action against that
unethical behavior. As a remedy to this United Kingdom Data Protection and Cyber Crime
Act has introduced a legal framework with the objective of reducing these unethical actions.
A deep explanation regarding the DPA and the 8 main principles will be made.

KG/HNDBM/04/14 Page 10

1) Suitability of new trends of information systems to commercial bank and


a) E commerce

The transaction of goods or service through electronic medium without using any paper
document and be defined as e-commerce

E- Commerce is a trending concept in now a day businesses and it covers a vast range of
business operations. This is simply any kind of commercial transaction take place and that
involves with information transfer using internet. There are many ways of e-commerce in
which commercial bank has adopted.

1. Internet banking – They have introduced this system that enables their customers to get
access to accounts and general information and other products and services that bank
provides through using the official website of the bank. They have enabled the services of
account inquiry, card balance inquiry and credit card settlements, fund transfer, payment
and settlements and investments. This portal is available in for both mobile phone (mobile
banking) and for your PC/notebook.

2. E-exchange – This is a convenient online money transfer facility to over 50 countries

around the world with low cost.
3. Mobile reload – Simply by sending a SMS to the commercial bank, mobile phone can be
topped up instantly.

KG/HNDBM/04/14 Page 11

4. E- Passbook – this is a digital, virtual passbook where any account holder can check their
passbook through their mobile or PC using internet.

Among all those above mentioned new trends it can be identified that E-Banking has become
the most popular method of the customers. Due to the convenient access from both the
mobile phone and the PC. Therefore improving the online baking platform giving priority
compared to other prevailing trends can be recommended to commercial bank

b) Internet business models

Internet business models can be categorized into three groups as:

 Business to business: ex; cisco

 Business to consumer: ex; amazon
 Consumer to consumer: ex; eBay

Internet business models can take different forms. For an example advertising, brokerage,
merchant, utility etc. When it comes to the banking sector the most trending model is the
manufacturer. Even in Commercial Banking PLC they are practicing “Manufacturer/Direct”
and this is the most recommended method for banking in the world. Especially in their
internet banking facility is structured according to this model and to earn revenue as much as
the traditional banking service providing much convenience to consumers.

KG/HNDBM/04/14 Page 12

C) Big data

Big data can be identified as a large amount of data which is usually collected by an
organization about their customers and employees.

Big data is a method used when the traditional data processing applications become
inadequate. In Sri Lanka Commercial Bank PLC has become the largest privet commercial
bank, therefore the number of data they have to handle is far more than vast. For commercial
bank big data can be analyzed for insights that lead to better decision making and strategic
business moves and it is really important for them to always satisfy their customers and to
minimize the risks and frauds while abiding to the regulatory framework of the country. Big
data always help commercial bank PLC to stay one step ahead in the game by using very
advanced analytics with their competitors.

d) Data mining

Data mining can be referred to a process of analyzing data from different perspectives and
summarizing it into different useful information.

Generally data mining is collecting data from a vastly spread sources and then analyzing and
summarizing all those in to information that is important for organizational operational
activities. Usually the main purpose of big data is to process information up to this stage.
Commercial bank PLC has used this in

 Marketing activities – highlighting the number of customers with them in each year
 Risk management – when it comes to government and central bank changes in the
regulatory framework they have to associate with a risk.

KG/HNDBM/04/14 Page 13

 Customer relation management – commercial bank is known as the best bank for years in
the country when it comes to customer service. They have taken steps like recording the
calls made by customers to their hot line and they have engaged in data mining in order to
improve their customer interaction.

Therefore it can be recommend that to Commercial PLC to adopt the big data system and
then process it to data mining in order to gain the highest competitive advantage by analyzing
the data available with them.

e) Business intelligence

Business intelligence is a process of transforming raw data into meaningful and useful
information for the organizational purposes.

“Banks want to use customer-level data on product holdings, channel activity and
profitability to improve the targeting of online campaigns and make account application and
funding processes more seamless and effective”6 said the CEO of commercial bank PLC, Mr.
Jegan Durairathnam.

Therefore business intelligence or BI is one of the most suitable mitigate risk as I mentioned
in data mining.

f) Cloud computing

It is a type of internet based computing that provide different services such as storage and
applications that are delivered to computers and devices in the organization through internet

Over the last financial years commercial bank has adopted cloud-based solutions across the
main services and other services like data center consolidation, disaster recovery and storage
of data and information. This is really important for the bank to function smoothly by without
making their own networking a disaster. But yet there is a huge risk is associated in cloud
computing as it is directly connected with internet and there is a risk in reliability due to a
third party involvement.

KG/HNDBM/04/14 Page 14

2) The information rights provided to the employees , ethics related to the

information collection and dissemination in commercial bank and
approaches use for managing security and risk related to IT systems.

2.1) The information rights provided to the employees, ethics related to the information
collection and dissemination as per professional code of conduct

Commercial Bank PLC has introduced the permitted information that the employees can
reach and the information they cannot reach. Usually many of the bank officers need to
reach too many information at customer’s demand. Physically at the bank or over the
phone through customer care hotline majority of the consumers have the access to all
those information of the customers. But in the customer charter of licensed banks, the
government has clearly mentioned the employee’s limit of reaching in to customer’s
information. Therefore the things they can’t practice are;
 Disclosing customer information to others
 Engage in getting signatures for documents outside the bank
 Using abusive debt collection procedures
 Harassing customers through information revealing

The customers have the obligation to provide information of them to the bank and as a bank
commercial bank should adopt this professional code of conduct ethically in information

 Bank should always help the customer in selecting the required product/service of the
bank and should assist them in collecting required information
 Should not harass the customer while collecting information
 Using abusive language or actions are not ethically accepted
 In every branch they should have written documents in the form of either brochures or
leaflets mentioning the information required for each and every product and service
which make them comfortable in providing the required information to the officers.
 As per the requirement of the customer bank should be able to assist in all Sinhala/Tamil
and English in the process of collecting information

KG/HNDBM/04/14 Page 15

2.2) Approaches use for managing security and risk related to IT systems

Commercial bank as a financial institute in the country there is a huge risk involved with the
all the activities happening in and out of the organization. Therefore they have to concern a
lot in the security. But most importantly with the introduction of ICT to the operations of the
bank security has improved and from the other side the risk associated with banking has also
increased. But as the leading bank of the country they have adopted many approaches in
enhancing the security.

 In internet banking unlike many other banks they have connected the customer through
online portal with their personal contacts. Bank sends notifications to the beneficiary’s
mail address and telephone number.
 Any e-commerce transaction happens outside the bank online portal needs a confirmation
known as the OTP number which is sending to the customer through a text or through a
 SSL encryption technology is used within their Online Banking session to encrypt the
personal information before it leaves computer in order to ensure no one else can read it.
 If you are inactive for a period of time exceeding the usual time while logging in to the
internet banking portal, the bank will automatically log you out from the site as a
precautionary method.
 Every time the user ID and the password is unique one from one to another. You are
identified through the user ID and the password keyed in to the portal by you,

Same as security they have taken many actions in controlling the risk associated with ICT in
the bank.

 When the employees of the bank no longer in the service bank always take precautionary
steps to notify that to customers in order to avoid the risk of making any fraud
transactions with them
 Commercial Bank is continually upgrading their online portal in order to minimize the
possible errors and defect that could result in processing transactions and many other

KG/HNDBM/04/14 Page 16

 There is a huge risk involved the cloud computing due to the involvement of a third party.
But always the bank has taken the action to integrate their system along with the third
party in order to reduce this risk.
 ICT has become the major tool in the operational activities of the Commercial Bank PLC.
But yet many issues relating to ICT related operations have caused by both employees
and customers of the bank.

KG/HNDBM/04/14 Page 17

3) Issues related to IT system

One of the main issues that can cause many problems in the system is due to lack of
understanding about ethics and rights that is assigned to an employee. In the above chapter
we discussed about the rights that an employee has in obtaining or in providing information
from or to a customer. But most of the time employees get confused in related to their
boundary and they cause many issues. Every time when a new employee get recruited to the
organization as a part of the induction the bank always take precautionary steps to make the
ICT system familiar to the employee, but in many times commercial bank has received many
complaints regarding long waiting time in the bank due to the delay caused by the officer in
handling with the system.

And in many times it has shown that when an officer gets a chance to access to some
information of a customer with the request of that person, they have stayed bit longer than the
required time according to the records of the bank’s system. This is not illegal but yet this is
not ethical to access that information exceeding the required time.

The major issue in related to ICT in the banking process is the security. This has experienced
in both the forms of hardware and software safety. The most recent issue that Commercial
Bank PLC faced was that there was a system collapsed due to unauthorized access by an
unknown party. This made many problems in relating to the privacy of the customers but yet
the bank guaranteed that there is no effect to the financials and they took the responsibility to
inform that to each and every customer mentioning that there is no effect to online banking
portal by this action

KG/HNDBM/04/14 Page 18

Due to their proper security management they able to control this situation without making a
huge fuss within their operations and without making huge damage to the customer loyalty of
the bank’s customers.

KG/HNDBM/04/14 Page 19

4) Recommendations to ethical, security issues and risks of IT

management systems in commercial bank.

In the above chapter there mainly discuss two issues in related to the ethics in ICT and
security and risk involved with the ICT system of Commercial Bank PLC.

Commercial Bank PLC has created a hierarchy in identifying the risk associated with their
organization. Under this hierarchy in the Basel II, part I, they have clearly mentioned their
implementations of the operational risk management system.

In there they have clearly mentioned that currently they are engaging with the BIA (Basic
Indicator approach) for the purpose of risk management. BIA is considered to be the basic
requirement under Basel II which covers in many aspects of the risk management. But yet as
Commercial bank operates in Bangladesh too, therefore can shift to Advanced Measurement
Approach which the most is advanced technology prevailing in the world currently. AMA has
the ability of risk sensitivity and it can always secure internal and external data plus scenario

Sri Lankan people are considered to be adjusted more unethical actions in fulfilling their
desires. This same practice can be seen in many bank officers as we discussed in the above

KG/HNDBM/04/14 Page 20

chapter. As a leading bank corporation Commercial Bank needs not to minimize but to zero
the ethical issues in operations. In this they can;

 Include ethical behavior as a compulsory requirement in their job description at least till
they get to practice it as a good habit.
 After recruiting a new employee, in their induction bank can give higher priority for
 In the annual evaluation a considerable part can be given as it will be notified by the
employees plus the customers through annual reports.
 Directors can encourage the shareholders to be responsible

5) Importance of Data Protection Act in relation to United Kingdom data

protection and Cyber Crime Act.

Ethically it is not appropriate to engage or support any action in related to data or to any
cyber crimes. But if someone engages in any of that activity we could only say that it is
unethical, other than that the organization cannot take any action legally or professional
action against that unethical behavior. As a remedy to this United Kingdom Data Protection
and Cyber Crime Act has introduced a legal framework with the objective of reducing these
unethical actions.

In Data Protection Act of 1998 (DPA) schedule 01 they have clearly explained 8 principles of
the way in which data should be handled securely. Those 8 principles can be considered as
core values to any organization who handling with big data.

As of those mentioned principles they have created an important impact in protecting the
confidentiality of data.

o Specially through this Data Protection Act, it always avoids and control the way in which
the organization used those information
o Through the above mentioned principles, it always protects the confidentiality by only
allowing the information to flow to the allowed purpose.
o Through these principles it has restricted to keep those of information exceeding the
required period of time. This will ensure the customer that their information will not fall
in to unnecessary hands.

KG/HNDBM/04/14 Page 21

o According to the DPA of UK they have strictly prohibited in transferring data outside the
European economic area without proper authorization.
o Through DPA it has restricted to disclose some information than other information. For
this information types like ethnic background, sexual health, political opinions.

KG/HNDBM/04/14 Page 22


Here it has been discussed how Commercial Bank PLC introduces ICT to their operations
and the way in which they handled the risks associated with those operations. In all those
explanations we can identify that it is really important to identify the importance of ICT in
managing operations of the organization, role of ethics, security and risk management.

Today the business world is really competitive and they always try to grab the latest
technology in to their operations. Those adaptations cannot be made without introducing ICT
in to managing operations. Manual system will be cost effective, but when it comes to
effectiveness and easiness it cannot compete with ICT at all. Starting from data entry to
processing information for decision making will work out through ICT.

Introducing ICT will not be beneficial if the security and risk management is not done
properly. Especially as per the above example, Commercial Bank PLC which is a financial
institution needs to guarantee their security in each and every transaction. Because all the
customers of the bank are truly depend on the safety. At any time if they sense any kind of
security issue they will hesitate to make transactions with the organization. Therefore it is
really important to guarantee the security. When it comes to risk management many
organizations need to abide with different obligations. In our evaluation bank being a
financial institution they have to obey with Basel tiers under government regulations.

For security, risk management or for anything it can be restricted through laws and
regulations but ethics are totally different. They are just good behavior patterns and they
cannot be restricted legally. But in today’s world people get attracted to organizations that
practices good ethics, therefore it is really important to maintain good ethics.

KG/HNDBM/04/14 Page 23


1. Commercial bank Sri Lanka (2016) Available at: (Accessed: 27 May 2016).
2. van Zanten, B.V. (2011) The 9 types of online business models; Which one do you
use? Available at:
business-models-which-one-do-you-use/#gref (Accessed: 27 May 2016).
3. Inc, S.I. (2016) What is big data and why it matters. Available at:
(Accessed: 27 May 2016).
4. bhadoriya, arpit (2013) 巧红 林. Available at:
(Accessed: 27 May 2016).
5. (No Date) Available at: (Accessed: 27
May 2016).
6. (No Date) Available at:
(Accessed: 28 May 2016).
7. Feikert-Ahalt, C. (2012) Online privacy law: United Kingdom. Available at: (Accessed: 28 May 2016).

KG/HNDBM/04/14 Page 24

You might also like