Computer Centre Management

A Course Material for

CSC 301

S. O. AKINOLA (PhD)

1
 General Introduction and Course Objective

In this course, students are expected to learn about the design and operations of a Computer
Centre. Functional roles of Computer Centres as well as CBT Centres and Schools’ Computer
Laboratories are also presented. Security issues such as Physical, information, user access and
network security are not left out. The course zeroes down to Project Management techniques in a
Computer Centre.

Course Curriculum Contents

CSC 301 (COMPUTER CENTRE MANAGEMENT)
Planning. Proposal writing. Project Costing. Monitoring and Reviews. Personnel Selection and
Evaluation. Report Writing. Milestones and Deliverables. Project Scheduling: Bar Charts, Gantt
Charts and activity networks. Risk management Issues.
Semester 2, LH 30; PH 45; 3U; Status R

2
Table of Contents

Study Session 1: Computer Centre, Meaning, Types and Services

1.1 Meaning of Computer Centre
1.2 Different names of Computer Centres
1.3 Types of Computer Centres
1.4 Services provided by Computer Centre

Study Session 2: Computer Centre Operations

2.1 Organizational Set-up of a Computer Centre
2.2 How to manage services on daily operations in a Computer Centre
2.3 Customer services at a Computer Centre
2.4 Customer service plans
2.5 How to managing end-user computing
2.6 The types of users in a Computer Centre

Study Session 3: Computer Centre Administration

3.1 Computer and Information Systems Managers
3.2 Computer Systems Analysts
3.3 Computer Software Engineers
3.4 Computer Programmers
3.5 Computer Support Specialists and Systems Administrators

Study Session 4: Physical Design of Computer Centres

4.1 Design principles involved in Computer Centres
4.2 What to include in the planning of a Computer Centre
4.3 Influencing factors of consideration in the design of Computer Centres
4.4 Hardware purchase consideration
4.5 How to plan for upgrade
4.6 Furniture arrangements in Computer Centres
4.7 Facilities required in Computer Centres
4.8 Types of floor designs available for Computer Centres
4.9 Factors to be considered when installing Computer System

Study Session 5: Design of a School’s Computer Laboratory

5.1 Why computer lab design and layout is important
5.2 Classroom computer lab designs
5.3 Four-leaf clover computer lab layouts
5.3 U-shaped computer lab designs
5.4 Inverted u-shaped computer lab layouts

Study Session 6: Computer-Based Test (CBT) Centre Design

6.1 Functions of CBT Centres
6.2 General requirements for setting up a CBT Centre
6.3 Specific requirements for setting up a CBT Centre
6.4 Operations of the CBT Centre’s Closed Circuit Television (CCTV) System
6.5 DVR and Camera system requirements for CBT Centers
6.6 Network cable required for biometric verification

3
Study Session 7: Physical Security Considerations in Computer Centres
7.1 Physical Security
7.2 Guidelines to Create a Secure Environment: Building and Room Construction
7.3 Guidelines to Guard Equipment:
7.4 Guidelines to Rebuff Theft
7.5 Guidelines to Keeping Portable Equipment and Computers
7.6 Guidelines to Regulate Power Supplies:
7.7 Guidelines to Protecting Outputs:
7.8 Duties of a Security Manager

Study Session 8: Information Security Considerations in Computer Centres

8.1 Importance of Securing Information
8.2 Components of Information Security
8.3 Information Security Countermeasures
8.3.1 Transmitting Information Securely (including e-mail):
8.3.2 Presenting Information for Use in a Secure and Protected Way
8.3.3 Backing up Information Appropriately
8.3.4 Storing Information Properly
8.3.5 Disposing of Information in a Timely and Thorough Manner

Study Session 9: Software Security Considerations in Computer Centres

9.1 Importance of Software Security
9.2 Software Security Countermeasures
9.2.1 Coordinate (and Centralize) the Organization's Software Management
9.2.2 Regulate Software Acquisition and Development
9.2.3 Thoroughly Test Newly Acquired and Developed Software

Study Session 10: User Access and Network Securities Considerations in Computer Centres
10.1 User Access Security
10.1.1 User Access Threats
10.1.2 Implement a Program in Which Every User Accesses the System by Means of an
Individual Account
10.1.3 Require Users to "Authenticate" Themselves in Order to Access Their Accounts
10.1.4 Passwords
10.1.5 Establish Standard Account and Authentication Procedures
10.1.6 Recognize that Routine Physical Security Plays an Important Role in User Access
Management
10.1.7 Pay Particular Attention to Remote Access Systems
10.2 Network (Internet) Security
10.2.1 Policy Issues
10.2.2 Network Threats
10.2.3 Network Security Countermeasures
10.2.3.1Protect Your Network from Outsiders:
10.2.3.2Protect Transmissions Sent over the Internet:
10.2.3.3Data Encryption Types

Study Session 11: Ethics and Cleanliness in Computer Centres

11.1 Computer Ethics
11.2 Computer Centre / Lab: Management Ethics
11.3 Computer Centre / Lab Rules and Regulations
11.4 Cleanliness in a Computer Centre / Lab

4
11.5 How to clean a keyboard

Study Session 12: Personnel Selection and Evaluation

12.1 Staff Recruitment
12.2 Staff Recruitment Policy
12.2.1 Sources of Recruitment
12.3 Recruitment Techniques
12.3.1 Appointment Consultants
12.3.2 Use of Selection
12.4 Procedure for Recruiting and Selection of Staffs
12.5 Performance Evaluation
12.5.1 Hardware Assessment Models
12.6 Monitoring Techniques
12.6.1 Properties of Performance Monitor
12.7 Performance Evaluation
12.7.1 Tools for Collecting Data about Usage
12.7.2 Performance Improvement Alternatives

Study Session 13: Contingency Planning in Computer Centres

13.1 Alternative Data and Information Backup
13.2 Description of the Alternatives
Study Session 14: Equipment Selection in Computer Centres
14.1 Approaches to Equipment Selection
14.2 Steps involve in Equipment Selection

Study Session 15: Project Management in Computer Centres

15.1 Meaning and Attributes of a Project
15.2 Project Management’s Activities
15.3 The Success of a Project
15.3.1 Factors that Enhance the Success of Information Technology (IT) Project
15.4 The Role of the IT Project Manager
15.4.1 Ten Most Important Skills and Competencies for Project Managers
15.5 The Importance of Top Management Commitment
15.6 Phases of Project Development
15.7 Project Planning Processes
15.8 Project Execution
15.9 Project Monitoring and Controlling
15.10 Project Milestones

Study Session 16: Introduction to Project Selection and Initiation

16.1 Organizational Planning
16.2 Project Initiation
16.3 Project Proposals
16.4 Project Business Plan
16.5 Financial Evaluation and Selection Methods
16.6 Decision Trees

5
Study Session 17: Project Scheduling in Computer Centres
17.1 Project Scheduling Activities
17.2 Project Scheduling Problems
17.3 Gantt Charts
17.4 Resource Histogram
17.5 Critical Path Analysis
17.6 Program Evaluation and Review Technique (PERT)
17.6.1 Common PERT Terminologies
17.7 Implementation of Gantt chart, PERT and Critical Path Analysis
17.8 PERT’s Advantages
17.9 PERT’s Disadvantages
17.10 Uncertainty in project scheduling

Study Session 18: Projects’ Risks, Success and Failure

18.1 Risks Involved in Project Management
18.2 Factors Determining the Success or Failure of a Project
18.2.1 Interdependent Factors in Project Success
18.2.2 Data Migration and Implementation
18.3 Software Project Failures
18.3.1 Instances of Software Project Failure
18.3.2 Impact of Software Project Failures

6
Study Session 1: Computer Centre, Meaning, Types and
Services

Expected Duration: 1 week or 2 contact hours

Introduction
In this session, you shall be introduced to the meaning, types and functions of Computer Centres.

Learning Outcomes

When you have studied this session, you should be able to explain:

1.1 Meaning of Computer Centre

1.2 Different names of Computer Centres
1.3 Types of Computer Centres
1.4 Services provided by Computer Centre

1.1 What is a Computer Centre?

A computer centre is a data processing centre where various data are being processed and turned
to reliable information. A Computer Centre is usually a service unit to an organization or
institution. It utilizes computing resources to provide diverse computer services to the general
public or the specific organization / institution. Every organization has an objective of setting up
a computer centre, this is to ascertain the extent of relevance of the computer centre to an
organization. The organization must put in place a good detail planning and layout of how the
computer department should be. The manager must give detail planning to productive running,
equipment selection, types of programs to be used, sitting arrangement and employment of
qualified staff.

In addition, a computer centre is an enterprise designed to perform complex and labor-

consuming computational work using electronic computers. Summarily, a computer centre is a
unit within an organization or institution, which contains one or more computers being operated
upon by specialized set of people for processing data.

1.2 Computer Centre Nomenclatures

Normally, all computer centres are responsible for virtually similar tasks in all organizations;
however, their focuses may not be the same. Using a certain name would identify its focused
responsibilities. The following are examples of such naming convention.

(i) Data Processing Centre: This provides business data (Sales, Deposit/Withdrawal,
Airline Ticketing, Student Registration, etc.) and produce summary report or other
business documents.

(ii) MIS Centre: This provides information for managers and executives for making
timely and quality decisions (usually continuing the work of data processing).

7
 (iii) Data Centre: This provides data for use by all departments (e.g. centre to provide
criminal records, population records, etc.)

(iv) Office Automation and Internet Centre: This provides services to all departments
with office automation and communication system.

(v) Computing Service Centre (or Computer Centre): Basically, this provides services
of all types related to business data processing, business applications, and
maintenance services to all departments in the organization.

(vi) IT/ICT Service Centre: This provides services to all units in an organization or
institution with Internet and communication services.

1.3 Types of Computer Centres

The nature of data being processed and level of computerization would determine the type of
computer centre an organization will operate. Broadly speaking, there are two types of computer
centre, viz: Centralized and Decentralized data processing/computer centres.

1.3.1 Centralized Computing Centre

A centralized computer centre handles all processing at a single computer site, maintains a single
central database, has centralized development of applications, provides central technical services,
sets development priorities centrally, and allocates computer resources centrally. The system’s
remote users are served by transporting input and output data physically or electronically.

Centralized computing is computing done at a central location, using terminals that are attached
to a central computer. The computer itself may control all the peripherals directly (if they are
physically connected to the central computer), or they may be attached via a terminal server.
Alternatively, if the terminals have the capability, they may be able to connect to the central
computer over the network. The terminals may be text terminals or thin clients, for example.

At this centre, all the data under processing must pass through the central location. All the
facilities and staffers are concentrated in a place. There is a complete standardization at this
centre. Besides, the centre ensures efficient utilization of the system throughout the day (24
hours service).

It offers greater security over decentralized systems because all of the processing is controlled in
a central location. In addition, if one terminal breaks down, the user can simply go to another
terminal and log in again, and all of their files will still be accessible. Depending on the system,
they may even be able to resume their session from the point they were at before, as if nothing
had happened.

Advantages

An advantage of centralized computer centre is that it provides for standardization in the

collection of data and the release of information.

8
 (i) Centralized sharing of resources: A well-planned centralized system holds data used
across the organization in one place, allowing all staff to access it. This makes it both
faster and easier to undertake organization-wide activities. Central planning and
operation also allows compatible technology and skills to be introduced. Exchange of
hardware, software and staff between organizational systems and units therefore becomes
much easier.

(ii) Avoidance of duplication: One main intention of centralized approaches is to have a

single version of any particular information system for the whole organization, and to
store any item of data once and only once. As a result, there is no wasted effort, no
wasted storage capacity, and no inconsistency of data. Centralized computer centre
reduces the need for multiple hardware’s, software’s, space, personnel and databases.

(iii) Learning and Control: A centralized computer centre provides an organizational focus
for learning and control. This is likely to produce higher quality information systems and
can also reduce costs by:
 avoiding the decentralization problems of non-functioning or malfunctioning
systems,
 avoiding the decentralization problems of inadequate security, maintenance and
documentation, and by
 allowing technology purchases and system developments that are not
organizational

(iv) Achievement of scale economies: Centralized approaches allow most activities to be

undertaken more cheaply per unit. Items purchased externally – computers, software
packages, consumables, staff training, etc. can be decided upon once and then bought in
greater bulk. Activities undertaken internally-from system development to
implementation and maintenance, and management of all these processes – cover a
greater number of staff.

(v) Easy to manage: A centralized computing Centre is easy to manage since central
coordination is involved.

(vi) Less personnel cost: Very few personnel is involved in a centralized computing centre
thereby reducing personnel cost.

Disadvantages of Centralized Computer Centre

(i) Resource Constraints: Centralized approaches require the commitment of four key
resources: money, time, people and skills.

(ii) The central computer performs the computing functions and controls the remote
terminals. This type of system relies totally on the central computer. Should the central
computer crash, the entire system will "go down" (i.e. will be unavailable).

1.3.2 Decentralized Computer Centre

9
A decentralized computer centre may have no central control of system development, no
communication links among autonomous computing units, and stand-alone processors and
databases at various sites. Each unit funds its own information processing activities and is totally
responsible for all development and operation.

Decentralized computing is a trend in modern day business environments. This is the opposite of
centralized computing, which was prevalent during the early days of computers. Decentralized
computing is the allocation of resources, both hardware and software, to each individual
workstation, or office location. In contrast, centralized computing exists when the majority of
functions are carried out, or obtained from a remote centralized location.

Unlike the centralized centre, each location has its own data processing equipment and staffers.
The system can operate independently but may be linked to bigger systems for enhanced
operations i.e. the centre can operate on their own but may be affiliated to larger systems for
enhanced performance. The method used here is otherwise called distributed data processing.

Advantages of Decentralized Computer Centre

User motivation and satisfaction are increased under a decentralized environment. This is
attained because users feel more involved and more responsible, systems are better customized to
their specific needs, and they usually get better response time in routine operations as well as in
requests for changes. In addition:

(i) Users receive reports at system rate.

(ii) Job priority is determined by local management.
(iii) The centre is much easier to control.
(iv) There is a relief on central computer work load.

Disadvantages of Decentralized Computer Centre

(i) Specialize Data Processing staffers are distributed at each location.

(ii) The system may not be large enough to justify employment of specialize DP staff
therefore more profitable applications may not be considered.
(iii) Duplication of effort: it tends to be very costly because units will often duplicate
what others are doing. Duplication may cover analysis, design and implementation of
information systems, gathering and administration of data, and system operation,
support and maintenance.
(iv) Since data of similar entities are held simultaneously in two or more different
locations, it tends to become inconsistent. No one knows which, if any, version of the
data is the most accurate or up-to-date.

Computer centres can also be categorized as General Purpose Centre, Economic Information
Processing Centre and Production Control Centre.

1.3.3 The General-Purpose Computer Centre

The general-purpose computer center has three primary subdivisions: a sector for mathematical
preparation of problems and programming; a sector for the technical operation of electronic

10
computers; and a sector for auxiliary operations (card punching of those old days, duplication,
power supply, and material support).

A general-purpose computer center:

(i) Performs mathematical, scientific-technical, and economic calculations, as well as

operations dealing with the programming of problems.
(ii) Assists in formulating and preparing problems and carries on consultations on questions
of the organization of users’ own computer centers or laboratories.
(iii)Conducts scientific research work in the field of automation of programming and
numerical methods of mathematical and technical digital computer operation.

1.3.4 Computer Centers for processing economic information

A computer center for processing economic information has subdivisions that are specialized
according to the types of economic problems (planning of production, material-technical supply,
financial and bookkeeping service, and so on), as well as subdivisions for receiving all input
information and for sorting results. In addition, these computer centers usually have specialized
subdivisions for product classifiers, for managing the norm system, and for collecting and
processing operational information arriving through communications channels (the so-called
automated data control point).

This type of Computer center are usually the central elements of automated control systems for
enterprises or sectors of the national economy and are administratively subordinate to the
corresponding control bodies (ministries, central boards, plant managements, and so on).

They perform regulated work on plan calculations, processing of reports, financial and book-
keeping calculations, and also single technical and economic calculations. To perform this work,
such computer centers constantly store large volumes of normative and reference data (in the
form of machine archives).

1.3.5 Computer Centers for controlling production processes

Computer centers for controlling production processes do not have large subdivisions of
programmers or economists, since the sets of problems and programs of these centers are
predetermined and do not change during the process of operation. Here most of the employees
are engineers and technicians who run the computers and equipment for automatic
communications with the controlled systems.

This type of computer centre works in real time, automatically receiving raw data from a large
number of sensors of the parameters of processes and issuing control instructions (in a rigidly
assigned cycle) to the operating members (propulsion, heating, and other units). Special
requirements for speed and reliability of operation are demanded of these computer centers.

1.4. Services provided by Computer Centre

(i) To provide computer-related services to personnel and customers

(ii) To provide advice and consultancy for users

11
 (iii) To provide systems development services to users
(iv) To provide data entry services for user
(v) To create and maintain IT standards and procedures
(vi) To provide IT acquisition services to users
(vii) To keep and protect IT and data assets
(viii) To ensure that the organization has adequate/advanced IT progress, which is in
line with the organization’s vision
(ix) To ensure that services provided are meeting with users’ requirements

Summary

In this brief introductory session, you have learnt the meaning of Computer Centres, the different
types and the different services provided by the Computer Centres.

Now attempt to answer the following simple questions:

Self-Assessment Questions

1. Explain the meaning and types of Computer Centres

2. What are the different services provided by Computer Centres?

12
Study Session 2: Computer Centre Operations

Expected Duration: 1 week or 2 contact hours

Introduction
Computer Center will need to provide IT-related services to other departments or units in an
organization. In this Session, these IT-related services are discussed.

Learning Outcomes

When you have studied this session, you should be able to explain:

2.1 Organizational Set-up of a Computer Centre

2.2 How to manage services on daily operations in a Computer Centre
2.3 Customer services at a Computer Centre
2.4 Customer service plans
2.5 How to managing end-user computing
2.6 The types of users in a Computer Centre

2.1 Organizational Set-up of a Computer Centre

The organizational set-up of a Computer Center is divided into three main groups – Operations,
User Services, and Systems Support

(i) Operations – This is responsible for all processing services and the efficient
operation of the equipment
(ii) The user services Group – These are professional programmers who are responsible
for providing technical assistance to the Center's users. These services include:
Consulting, Program Libraries, Documentation, Programming Assistance,
Educational Services, and Microcomputer Support and Services.
(iii) The Systems Support Group, which is responsible for providing technical
assistance and maintenance of system software.

2.2 Management of Services on Daily Operations

The following services must be provided for the customers on daily basis at a computer centre:
(1) Service Planning: know the customers and their expectation
(2) Define service level: Determine what can be done for customers. Computer Center
Manager need to understand what is expected by customers and draft out Service
Level Agreement for further discussion with customers.
(3) Make agreement with customers: It is needed to tell the customers the truth
regarding what the computer center can deliver
(4) Provide services to customers:
 The Centre must organize staffs to provide agreed services
 It must prepare people and resources for such services

13
  It must assist customers when system is down, i.e. to recover the system
within the pre-agreed period
(5) Usage Statistics: Information about the services provided must be collected, e.g.
usage period, usage information, etc.
(6) Services provided must measure: Analysis of services provided
(7) Service Improvements: The Centre must improve its services to better satisfy
customers’ needs

2.3 Customer services at a Computer Centre

The Computer Centre assists customers by:

(i) Providing computing capability, running programs and producing reports, printing
documents, providing operations services, make sure that good performance is provided
(ii) Providing Internet services: Set up Internet and Email accounts, managing mailbox,
providing disks spaces for Web, providing security and virus warning, etc.
(iii)Providing helps: Help users to solve computer usage problems, help users to develop
simple applications, help users to keep their data, help on security
(iv) Providing system development services: Develop system for users
(v) Providing data entry services: This is to capture data into the systems, during these days,
such function seems to be obsolete now. Such services may include storing data in
database, data protection by data backup and recovery. Scanning images into the systems
is also considered as a part of this function.
(vi) Providing consultancy services: Purchasing devices, installing hardware & software, help
users to work more efficiently
(vii) Providing training for users, recently, the use of e-Learning concept of training also
implemented

2.4 Customer Service Plans

What must be done by a Computer Centre at the beginning are:

(i) A good organization structure must be developed by the Centre

(ii) Announce service policy – There is need to ensure service agreement among all parties
(iii) The Centre must ensure that users understand Service Level Agreement (SLA)
(iv) The Centre must set up Key Performance Index (KPI), which is normally used as
Measurement of Service Level Achievement, for example:
 System is up at 95% of the time
 Systems of a certain number (as pre-agreed) will be developed in a certain year (as
previously agreed)
 Response time will be less than 2 seconds
 Crashed system will be replaced within 2 hours
(v) Develop forms for users to submit requests and for collecting performance data
(vi) The Centre must appoint a Steering Committee to help oversee its operations. Normally,
VP in Administration should be the Chairman for his comments and ideas on operations

14
(vii) Performance data must be analyzed in order to improve the services
(viii) Reports are routinely prepared for senior management

2.5 Managing End-User Computing

When number of users increases, it is not possible to maintain good services and users may not
be happy. They may want to develop some systems, which the Center may not be able to
produce for them in time. So users would want to develop systems their by themselves.
Sometimes they buy their own PCs for use and develop their own systems. Such situations may
be dangerous because users may not follow the good methodology or regulations involved. As a
result, the whole system may be subject to security problems.

Techniques that will allow Computer Center Manager to manage users' own development well
are:

(i) Develop policy on user purchase - create standard specifications for hardware and
software to be purchased
(ii) Develop help desk function - have a group of computer staffs to help solve problems
for users
(iii) Communicate Standards throughout organization - such standards as: data standards,
coding standards, naming convention, data backup practices, etc.
(iv) Create regulations to protect users work and system security

2.6 Types of Users in a Computer Centre

Category Description
Indirect End-Users They use information generated from the Information Systems but
do not directly interact with systems
Non-programming End- They interact with systems by entering data and getting results from
Users production systems
Direct End-Users They do their own programming and data analysis on the computer
systems using specially designed programming tools
Information System They are experts in system analysis, design and programming
Professionals
This typical users should be considered a type of specialists rather
than a type of end-users, and in this context, computer staffs can be
considered as this typical user type

15
Summary

In this session, you have learnt the following operations at a Computer Centres: management of
services on daily operations, customer services at a computer centre, customer service plans,
managing end-user computing and types of users in a computer centre.

Now attempt to answer the following simple questions:

Self-Assessment Questions

1. Explain the Techniques that a Computer Center Manager can adopt to manage users’
request when the Centre cannot meet the demand of users.
2. State and explain the different end users of a Computer Centre and their roles.
3. Explain the tasks involved in a Computer Centre’s Customer Service Plan
4. Discuss the services that must be provided for customers on daily basis at a Computer
Centre

16
Study Session 3: Computer Centre Administration

Expected Duration: 1 week or 2 contact hours

Introduction
A Computer Center will definitely need some personnel who carry out the day-to-day activities
of the Centre. In this Session, these the stakeholders involved in the administration of a
Computer Centre are discussed.

Learning Outcomes

When you have studied this session, you should be able to explain the functions and
qualifications of the following administrative and technical positions in a Computer Centre:

3.1 Computer and Information Systems Managers

3.2 Computer Systems Analysts
3.3 Computer Software Engineers
3.4 Computer Programmers
3.5 Computer Support Specialists and Systems Administrators

3.1 Computer and Information Systems Managers

The name of the CISMs varies from organizations to organizations. Sometimes they are called
Computer Centre Managers, IT Directors, Chief Technology Officer, MIS Directors, Project
Managers, Chief Information Officers, etc.

3.1.1 Nature of the Work

In the modern workplace, it is imperative that technology works both effectively and reliably.
Computer and Information Systems Managers (CISMs) play a vital role in the implementation of
technology within their organizations. They do everything from helping to construct a business
plan to overseeing network security to directing Internet operations.

(i) The CISMs plan, coordinate, and direct research and facilitate the computer-related
activities of a Computer Centre. This requires a strong understanding of both
technology and business practices of the organization.
(ii) The CISMs direct the work of systems analysts, computer programmers, support
specialists, and other computer-related workers. They plan and coordinate activities
such as installation and upgrading of hardware and software, programming and
systems design, development of computer networks, and implementation of Internet
and intranet sites.
(iii) They are increasingly involved with the upkeep, maintenance, and security of
networks.
(iv) They analyze the computer and information needs of their organizations from an
operational and strategic perspective and determine immediate and long-range
personnel and equipment requirements.

17
 (v) They assign and review the work of their subordinates and stay abreast of the latest
technology to ensure the organization does not lag behind competitors.
(vi) They evaluate the newest and most innovative technologies and determine how these
can help the organization.
(vii) Management information systems (MIS) directors or information technology (IT)
directors manage computing resources for organizations. They often work under the
chief information officer and plan and direct the work of subordinate information
technology employees. These managers ensure the availability, continuity, and
security of data and information technology services in organizations. In this
capacity, they oversee a variety of user services such as an organization’s help desk,
which employees can call with questions or problems. MIS directors also may make
hardware and software upgrade recommendations based on their experience with an
organization’s technology.
(viii) Project managers develop requirements, budgets, and schedules for their firms’
information technology projects. They coordinate such projects from development
through implementation, working with internal and external clients, vendors,
consultants, and computer specialists. These managers are increasingly involved in
projects that upgrade the information security of an organization.

3.1.2 Work Environment

Computer and information systems managers spend most of their time in offices. Most work at
least 40 hours a week and some may have to work evenings and weekends to meet deadlines or
solve unexpected problems. Some computer and information systems managers may experience
considerable pressure in meeting technical goals with short deadlines or tight budgets. As
networks continue to expand and more work is done remotely, computer and information
systems managers have to communicate with and oversee offsite employees using modems,
laptops, e-mail, and the Internet.

Like other workers who spend most of their time using computers, computer and information
systems managers are susceptible to eyestrain, back discomfort, and hand and wrist problems
such as carpal tunnel syndrome.

3.1.3 Training, Other Qualifications and Advancement

Computer and information systems managers are generally experienced workers who have both
technical expertise and an understanding of business and management principles. A strong
educational background and experience in a variety of technical fields is needed.

Education and training. A bachelor’s degree usually is required for management positions,
although employers often prefer a graduate degree, especially an MBA with technology as a core
component. This degree differs from a traditional MBA in that there is a heavy emphasis on
information technology in addition to the standard business curriculum. This preparation is
becoming important because more computer and information systems managers are making
important technology decisions as well as business decisions for their organizations.

18
Some universities offer degrees in management information systems. These degrees blend
technical subjects with business, accounting, and communications courses. A few computer and
information systems managers attain their positions with only an associate or trade school
degree, but they must have sufficient experience and must have acquired additional skills on the
job. To aid their professional advancement, many managers with an associate degree eventually
earn a bachelor’s or master’s degree while working.

Certification and other qualifications. Computer and information systems managers need a
broad range of skills. Employers look for managers who have experience with the specific
software or technology used on the job, as well as a background in either consulting or business
management. The expansion of electronic commerce has elevated the importance of business
insight and, consequently, many computer and information systems managers are called on to
make important business decisions. Managers need a keen understanding of people, management
processes, and customers’ needs.

Advanced technical knowledge is essential for computer and information systems managers, who
must understand and guide the work of their subordinates yet also explain the work in
nontechnical terms to senior managers and potential customers. Therefore, many computer and
information systems managers have worked as a systems analyst, for example, or as a computer
support specialist, programmer, or other information technology professional.

Although certification is not necessarily required for most computer and information systems
manager positions, there is a wide variety of certifications available that may be helpful in
getting a job. These certifications are often product-specific, and are generally administered by
software or hardware companies rather than independent organizations.

3.2 Computer Systems Analysts

All organizations rely on computer and information technology to conduct business and operate
efficiently. Computer systems analysts help organizations to use technology effectively and to
incorporate rapidly changing technologies into their existing systems. The work of computer
systems analysts evolves rapidly, reflecting new areas of specialization and changes in
technology.

3.2.1 Nature of the Work of Systems Analysts

(i) Computer systems analysts solve computer problems and use computer technology to meet
the needs of an organization.

(ii) They may design and develop new computer systems by choosing and configuring hardware
and software. They may also devise ways to apply existing systems’ resources to additional
tasks.

(iii) Most systems analysts work with specific types of computer systems - for example,
business, accounting, or financial systems or scientific and engineering systems - that vary
with the kind of organization. Analysts who specialize in helping an organization select the

19
 proper system software and infrastructure are often called system architects. Analysts who
specialize in developing and fine-tuning systems often are known as systems designers.

(iv) To begin an assignment, systems analysts consult managers and users to define the goals of
the system. Analysts then design a system to meet those goals. They specify the inputs that
the system will access, decide how the inputs will be processed, and format the output to
meet users’ needs.

(v) Analysts use techniques such as structured analysis, data modeling, information engineering,
mathematical model building, sampling, and cost accounting to make sure their plans are
efficient and complete.

(vi) They also may prepare cost-benefit and return-on-investment analyses to help management
decide whether implementing the proposed technology would be financially feasible.

(vii) When a system is approved, systems analysts determine what computer hardware and
software will be needed to set it up. They coordinate tests and observe the initial use of the
system to ensure that it performs as planned.

(viii) They prepare specifications, flow charts, and process diagrams for computer programmers
to follow; then they work with programmers to “debug,” or eliminate errors, from the
system. Systems analysts who do more in-depth testing may be called software quality
assurance analysts. In addition to running tests, these workers diagnose problems,
recommend solutions, and determine whether program requirements have been met.

(ix) In some organizations, programmer-analysts design and update the software that runs a
computer. They also create custom applications tailored to their organization’s tasks.
Because they are responsible for both programming and systems analysis, these workers
must be proficient in both areas. As this dual proficiency becomes more common, analysts
are increasingly working with databases, object-oriented programming languages, client–
server applications, and multimedia and Internet technology.

(x) One challenge created by expanding computer use is the need for different computer
systems to communicate with each other. Systems analysts work to make the computer
systems within an organization, or across organizations, compatible so that information can
be shared. Many systems analysts are involved with these “networking” tasks, connecting
all the computers internally, in an individual office, department, or establishment, or
externally, as when setting up e-commerce networks to facilitate business among
companies.

3.2.2 Work environment

Computer systems analysts work in offices or laboratories in comfortable surroundings. They

usually work about 40 hours a week—about the same as many other professional or office
workers. Evening or weekend work may be necessary, however, to meet deadlines or solve
specific problems. Many analysts telecommute, using computers to work from remote locations.

20
Like other workers who spend long periods typing on a computer, computer systems analysts are
susceptible to eyestrain, back discomfort, and hand and wrist problems such as carpal tunnel
syndrome or cumulative trauma disorder.

3.2.3 Training, Other Qualifications and Advancement for Systems Analysts

Training requirements for computer systems analysts vary depending on the job, but many
employers prefer applicants who have a bachelor’s degree. Relevant work experience also is very
important. Advancement opportunities are good for those with the necessary skills and
experience.

Education and training

When hiring computer systems analysts, employers usually prefer applicants who have at least a
bachelor’s degree or Higher National Diploma (HND). For more technically complex jobs,
people with graduate degrees are preferred.

The level and type of education that employers require reflects changes in technology.
Employers often scramble to find workers capable of implementing the newest technologies.
Workers with formal education or experience in information security, for example, are currently
in demand because of the growing use of computer networks, which must be protected from
threats.

For jobs in a technical or scientific environment, employers often seek applicants who have at
least a bachelor’s degree in a technical field, such as computer science, information science,
applied mathematics, engineering, or the physical sciences. For jobs in a business environment,
employers often seek applicants with at least a bachelor’s degree in a business-related field such
as management information systems (MIS). Increasingly, employers are seeking individuals who
have a master’s degree in business administration (MBA) with a concentration in information
systems.

Despite the preference for technical degrees, however, people who have degrees in other majors
may find employment as systems analysts if they also have technical skills. Courses in computer
science or related subjects combined with practical experience can qualify people for some jobs
in the occupation.

Employers generally look for people with expertise relevant to the job. For example, systems
analysts who wish to work for a bank should have some expertise in finance, and systems
analysts who wish to work for a hospital should have some knowledge of health management.

Other qualifications

Employers usually look for people who have broad knowledge and experience related to
computer systems and technologies, strong problem-solving and analytical skills, and the ability
to think logically. In addition, because they often deal with a number of tasks simultaneously, the
ability to concentrate and pay close attention to detail is important. Although these workers

21
sometimes work independently, they frequently work in teams on large projects. Therefore, they
must have good interpersonal skills and be able to communicate effectively with computer
personnel, users, and other staff who may have no technical background.

3.3 Computer Software Engineers

Computer software engineers apply the principles of computer science and mathematical
analysis to the design, development, testing, and evaluation of the software and systems that
make computers work. The tasks performed by these workers evolve quickly, reflecting new
areas of specialization or changes in technology, as well as the preferences and practices of
employers.

3.3.1 Nature of the Work of Software Engineers

(i) Software engineers can be involved in the design and development of many types of
software, including computer games, word processing and business applications, operating
systems and network distribution, and compilers, which convert programs to machine
language for execution on a computer.

(ii) Computer software engineers begin by analyzing users’ needs, and then design, test, and
develop software to meet those needs. During this process they create the detailed sets of
instructions, called algorithms that tell the computer what to do. They also may be
responsible for converting these instructions into a computer language, a process called
programming or coding, but this usually is the responsibility of computer programmers.

(iii) Computer software engineers must be experts in operating systems and middleware to
ensure that the underlying systems will work properly.

(iv) Computer applications software engineers analyze users’ needs and design, construct, and
maintain general computer applications software or specialized utility programs. These
workers use different programming languages, depending on the purpose of the program. The
programming languages most often used are C, C++, and Java, with Fortran and COBOL
used less commonly. Some software engineers develop both packaged systems and systems
software or create customized applications.

(v) Computer systems software engineers coordinate the construction, maintenance and
expansion of an organization’s computer systems. Working with the organization, they
coordinate each department’s computer needs—ordering, inventory, billing, and payroll
recordkeeping, for example, and make suggestions about its technical direction. They also
might set up the organization’s intranets—networks that link computers within the
organization and ease communication among various departments.

(vi) Systems software engineers also work for companies that configure, implement, and install
the computer systems of other organizations. These workers may be members of the
marketing or sales staff, serving as the primary technical resource for sales workers.

22
(vii) They also may help with sales and provide customers with technical support. Since the
selling of complex computer systems often requires substantial customization to meet the
needs of the purchaser, software engineers help to identify and explain needed changes. In
addition, systems software engineers are responsible for ensuring security across the systems
they are configuring.

(viii) Computer software engineers often work as part of a team that designs new hardware,
software, and systems. A core team may comprise engineering, marketing, manufacturing,
and design people, who work together to release a product.

3.3.2 Work environment

Computer software engineers normally work in clean, comfortable offices or in laboratories in

which computer equipment is located. Software engineers who work for software vendors and
consulting firms frequently travel overnight to meet with customers. Telecommuting is also
becoming more common, allowing workers to do their jobs from remote locations.

Most software engineers work at least 40 hours a week, but about 17 percent work more than 50
hours a week. Software engineers also may have to work evenings or weekends to meet
deadlines or solve unexpected technical problems.

Like other workers who spend long hours typing at a computer, software engineers are
susceptible to eyestrain, back discomfort, and hand and wrist problems such as carpal tunnel
syndrome.

3.3.3 Training, Other Qualifications and Advancement

Education and training

Most employers prefer applicants who have at least a bachelor’s degree or HND and experience
with a variety of computer systems and technologies. In order to remain competitive, computer
software engineers must continually strive to acquire the latest technical skills. Advancement
opportunities are good for those with relevant experience.

The usual college major for applications software engineers is computer science or software
engineering. Systems software engineers often study computer science or computer information
systems. Graduate degrees are preferred for some of the more complex jobs. Academic programs
in software engineering may offer the program as a degree option or in conjunction with
computer science degrees. Because of increasing emphasis on computer security, software
engineers with advanced degrees in areas such as mathematics and systems design will be sought
after by software developers, government agencies, and consulting firms.

Students seeking software engineering jobs enhance their employment opportunities by

participating in internships or co-ops. These experiences provide students with broad knowledge
and experience, making them more attractive to employers. Inexperienced graduates may be

23
hired by large computer and consulting firms that train new employees in intensive, company-
based programs.

Certification and other qualifications

Systems software vendors offer certification and training programs, but most training authorities
say that program certification alone is not sufficient for the majority of software engineering
jobs.

People interested in jobs as computer software engineers must have strong problem-solving and
analytical skills. They also must be able to communicate effectively with team members, other
staff, and the customers they meet. Because they often deal with a number of tasks
simultaneously, they must be able to concentrate and pay close attention to detail.

As technology advances, employers will need workers with the latest skills. Computer software
engineers must continually strive to acquire new skills if they wish to remain in this dynamic
field. To help keep up with changing technology, workers may take continuing education and
professional development seminars offered by employers, software vendors, colleges and
universities, private training institutions, and professional computing societies. Computer
software engineers also need skills related to the industry in which they work. Engineers working
for a bank, for example, should have some expertise in finance so that they understand banks’
computer needs.

3.4 Computer Programmers

Job titles and descriptions may vary, depending on the organization, but computer programmers
are individuals whose main job function is programming. Programmers usually write programs
according to the specifications given by computer software engineers and systems analysts. After
engineers and analysts design software—describing how it will work—the programmer converts
that design into a logical series of instructions that the computer can follow. The programmer
codes these instructions in a conventional programming language such as COBOL; an artificial
intelligence language such as Prolog; or one of the more advanced object-oriented languages,
such as Java, C++, or ACTOR.

Different programming languages are used depending on the purpose of the program.
Programmers generally know more than one programming language, and because many
languages are similar, they often can learn new languages relatively easily. In practice,
programmers often are referred to by the language they know, such as Java programmers, or by
the type of function they perform or environment in which they work—for example, database
programmers, mainframe programmers, or Web programmers.

Computer programmers often are grouped into two broad types—applications programmers and
systems programmers. Applications programmers write programs to handle a specific job, such
as a program to track inventory within an organization. They also may revise existing packaged

24
software or customize generic applications purchased from vendors. Systems programmers, in
contrast, write programs to maintain and control computer systems software for operating
systems, networked systems, and database systems. These workers make changes in the
instructions that determine how the network, workstations, and central processing unit of a
system handle the various jobs they have been given, and how they communicate with peripheral
equipment such as terminals, printers, and disk drives. Because of their knowledge of the entire
computer system, systems programmers often help applications programmers determine the
source of problems that may occur with their programs.

3.4.1 Nature of the Work of Computer Programmers

(i) Computer programmers write, test, and maintain the detailed instructions, called
programs that computers follow to perform their functions.

(ii) Programmers also conceive, design, and test logical structures for solving problems by
computer.

(iii) With the help of other computer specialists, they figure out which instructions to use to
make computers do specific tasks.

(iv) Many technical innovations in programming—advanced computing technologies and

sophisticated new languages and programming tools, for example—have redefined the
role of a programmer and elevated much of the programming work done today.

(v) Programmers also update, repair, modify, and expand existing programs. Some,
especially those working on large projects that involve many programmers, use
computer-assisted software engineering (CASE) tools to automate much of the coding
process. These tools enable a programmer to concentrate on writing the unique parts of a
program. Programmers working on smaller projects often use “programmer
environments,” applications that increase productivity by combining compiling, code
walk through, code generation, test data generation, and debugging functions.
Programmers also use libraries of basic code that can be modified or customized for a
specific application. This approach yields more reliable and consistent programs and
increases programmers’ productivity by eliminating some routine steps.

(vi) Programmers test a program by running it to ensure that the instructions are correct and
that the program produces the desired outcome. If errors do occur, the programmer must
make the appropriate change and recheck the program until it produces the correct
results. This process is called testing and debugging. Programmers may continue to fix
problems for as long as a program is used.

(vii) Programmers working on a mainframe, a large centralized computer, may prepare

instructions for a computer operator who will run the program.

(viii) Programmers also may contribute to the instruction manual for a program.

25
 (ix) Programmers may work directly with experts from various fields to create specialized
software—either programs designed for specific clients or packaged software for
general use—ranging from games and educational software to programs for desktop
publishing and financial planning. Programming of packaged software constitutes one
of the most rapidly growing segments of the computer services industry.

3.4.2 Work environment

Programmers spend the majority of their time in front of a computer terminal, and work in clean,
comfortable offices. Telecommuting is becoming more common, however, as technological
advances allow more work to be done from remote locations.

Most computer programmers work about 40 hours per week. However, long hours or weekend
work may be required to meet deadlines or fix unexpected technical problems. Like other
workers who spend long periods in front of a computer terminal typing at a keyboard,
programmers are susceptible to eyestrain, back discomfort, and hand and wrist problems such as
carpal tunnel syndrome.

3.4.3 Training, Other Qualifications and Advancement

Education and training

A bachelor’s degree commonly is required for computer programming jobs, although a two-year
National Diploma or certificate may be adequate for some positions. Employers favor applicants
who already have relevant programming skills and experience. Skilled workers who keep up to
date with the latest technology usually have good opportunities for advancement.

Some computer programmers hold a college degree in computer science, mathematics, or

information systems, whereas others have taken special courses in computer programming to
supplement their degree in a field such as accounting, finance, or another area of business.

Most systems programmers hold a four-year degree in computer science. Extensive knowledge
of a variety of operating systems is essential for such workers. This includes being able to
configure an operating system to work with different types of hardware and being able to adapt
the operating system to best meet the needs of a particular organization. Systems programmers
also must be able to work with database systems, such as DB2, Oracle, or Sybase.

In addition to educational attainment, employers highly value relevant programming skills, as

well as experience. Although knowledge of traditional programming languages still is important,
employers are placing an emphasis on newer, object-oriented languages and tools such as C++
and Java. Additionally, employers seek people familiar with fourth- and fifth-generation
languages that involve graphic user interface and systems programming.

Because technology changes so rapidly, programmers must continuously update their knowledge
and skills by taking courses sponsored by their employer or by software vendors, or offered
through local community colleges and universities.

26
Certification and other qualifications

When hiring programmers, employers look for people with the necessary programming skills
who can think logically and pay close attention to detail. Programming calls for patience,
persistence, and the ability to perform exacting analytical work, especially under pressure.
Ingenuity and creativity are particularly important when programmers design solutions and test
their work for potential failures. The ability to work with abstract concepts and to do technical
analysis is especially important for systems programmers because they work with the software
that controls the computer’s operation.

Because programmers are expected to work in teams and interact directly with users, employers
want programmers who are able to communicate with non-technical personnel. Business skills
are also important, especially for those wishing to advance to managerial positions.

Certification is a way to demonstrate a level of competence and may provide a jobseeker with a
competitive advantage. In addition to language-specific certificates, product vendors or software
firms also offer certification and may require professionals who work with their products to be
certified. Voluntary certification also is available through various other organizations.

3.5 Computer Support Specialists and Systems Administrators

In the last decade, computers have become an integral part of everyday life at home, work,
school, and nearly everywhere else. Of course, almost every computer user encounters a problem
occasionally, whether it is the annoyance of a forgotten password or the disaster of a crashing
hard drive. The explosive use of computers has created demand for specialists who provide
advice to users, as well as for the day-to-day administration, maintenance, and support of
computer systems and networks.

Computer support specialists and systems administrators constantly interact with customers and
fellow employees as they answer questions and give advice. Those who work as consultants are
away from their offices much of the time, sometimes spending months working in a client’s
office.

As computer networks expand, more computer support specialists and systems administrators
may be able to provide technical support from remote locations. This capability would reduce or
eliminate travel to the customer’s workplace. Systems administrators also can administer and
configure networks and servers remotely, although this practice is not as common as it is among
computer support specialists.

3.5.1 Nature of the Work

(i) Computer support specialists provide technical assistance, support, and advice to customers
and other users. This occupational group includes technical support specialists and help-
desk technicians.

27
(ii) These troubleshooters interpret problems and provide technical support for hardware,
software, and systems.

(iii) They answer telephone calls, analyze problems by using automated diagnostic programs,
and resolve recurring difficulties. Support specialists work either within a company that uses
computer systems or directly for a computer hardware or software vendor. Increasingly,
these specialists work for help-desk or support services firms, for which they provide
computer support to clients on a contract basis.

(iv) Technical support specialists respond to inquiries from their organizations’ computer users
and may run automatic diagnostics programs to resolve problems.

(v) They also install, modify, clean, and repair computer hardware and software.

(vi) In addition, they may write training manuals and train computer users in how to use new
computer hardware and software.

(vii) These workers also oversee the daily performance of their company’s computer systems and
evaluate how useful software programs are.

(viii) Help-desk technicians respond to telephone calls and e-mail messages from customers
looking for help with computer problems. In responding to these inquiries, help-desk
technicians must listen carefully to the customer, ask questions to diagnose the nature of the
problem, and then patiently walk the customer through the problem-solving steps.

(ix) Help-desk technicians deal directly with customer issues and companies value them as a
source of feedback on their products. They are consulted for information about what gives
customers the most trouble, as well as other customer concerns. Most computer support
specialists start out at the help desk.

(x) Network and computer systems administrators design, install, and support an organization’s
computer systems. They are responsible for local-area networks (LAN), wide-area networks
(WAN), network segments, and Internet and intranet systems.

(xi) Network and computer systems administrators work in a variety of environments, including
professional offices, small businesses, government organizations, and large corporations.
They maintain network hardware and software, analyze problems, and monitor networks to
ensure their availability to system users. These workers gather data to identify customer
needs and then use the information to identify, interpret, and evaluate system and network
requirements. Administrators also may plan, coordinate, and implement network security
measures.

(xii) Systems administrators are responsible for maintaining network efficiency. They ensure that
the design of an organization’s computer system allows all of the components, including
computers, the network, and software, to work properly together. Furthermore, they monitor
and adjust the performance of existing networks and continually survey the current

28
 computer site to determine future network needs. Administrators also troubleshoot problems
reported by users and by automated network monitoring systems and make
recommendations for future system upgrades.

(xiii) In some organizations, computer security specialists may plan, coordinate, and implement
the organization’s information security. These workers educate users about computer
security, install security software, monitor networks for security breaches, respond to cyber-
attacks, and, in some cases, gather data and evidence to be used in prosecuting cybercrime.
The responsibilities of computer security specialists have increased in recent years as cyber-
attacks have become more common. This and other growing specialty occupations reflect an
increasing emphasis on client-server applications, the expansion of Internet and intranet
applications, and the demand for more end-user support.

3.5.2 Work environment

Computer support specialists and systems administrators normally work in well-lighted,

comfortable offices or computer laboratories. They usually work about 40 hours a week, but if
their employer requires computer support over extended hours, they may be “on call” for rotating
evening or weekend work. Overtime may be necessary when unexpected technical problems
arise. Like other workers who type on a keyboard for long periods, computer support specialists
and systems administrators are susceptible to eyestrain, back discomfort, and hand and wrist
problems such as carpal tunnel syndrome.

3.5.3 Training, Other Qualifications and Advancement

Education and training

A college degree or HND is required for some computer support specialist positions, but
certification and relevant experience may be sufficient for others. A bachelor’s degree or HND is
required for many network and computer systems administrator positions. For both occupations,
strong analytical and communication skills are essential.

Due to the wide range of skills required, there are many paths of entry to a job as a computer
support specialist or systems administrator. Training requirements for computer support
specialist positions vary, but many employers prefer to hire applicants with some formal college
education. For some jobs, relevant computer experience and certifications may substitute for
formal education. For systems administrator jobs, many employers seek applicants with
bachelor’s degrees, although not necessarily in a computer-related field.

A number of companies are becoming more flexible about requiring a college degree or HND for
support positions. In the absence of a degree/HND, however, certification and practical
experience are essential. Certification training programs, offered by a variety of vendors and
product makers, may help some people to qualify for entry-level positions.

Other qualifications

29
People interested in becoming a computer support specialist or systems administrator must have
strong problem-solving, analytical, and communication skills because troubleshooting and
helping others are vital parts of the job. The constant interaction with other computer personnel,
customers, and employees requires computer support specialists and systems administrators to
communicate effectively on paper, via e-mail, over the phone, or in person. Strong writing skills
are useful in preparing manuals for employees and customers.

Summary

In this session, you have learnt the stakeholders of a Computer Centre. These are Computer and
Information Systems Managers, Computer Systems Analysts, Computer Software Engineers,
Computer Programmers and Computer Support Specialists and Systems Administrators

Now attempt to answer the following simple questions:

Self-Assessment Questions

1. Identify the job roles of any three levels of administration in a Computer Centre.
2. Assuming you are invited for an interview by a Computer Centre for the position of
Systems Analysts, what are your expected qualifications and job roles for the position?

30
Study Session 4: Physical Design of Computer Centres

Expected Duration: 1 week or 2 contact hours

Introduction
A Computer Center or data center is a facility used to house computer systems and associated
components, such as telecommunications and storage systems. It generally includes backup
power supplies, data communications connections and equipment, environmental controls (e.g.,
air conditioning, fire suppression), security devices and staff offices. In this Session, you shall be
introduced to factors of consideration when designing a Computer or Data Centre.

Learning Outcomes

When you have studied this session, you should be able to:

4.1 understand the design principles involved in Computer Centres

4.2 know what to include in the planning of a Computer Centre
4.3 understand influencing factors of consideration in the design of Computer Centres
4.4 understand the hardware purchase consideration
4.5 know how to plan for upgrade
4.6 understand the furniture arrangements in Computer Centres
4.7 understand the facilities required in Computer Centres
4.8 understand the types of floor designs available for Computer Centres
4.9 understand factors to be considered when installing Computer System

4.1 Design Principles

The design of a Computer Centre should take actual environment, hardware and software
situations, staff status and service object into account. The aims and objectives of establishing a
Computer Centre must not be left out. Initial design problems and other issues include a secure
and accessible location; climate control; lighting and seating design; power requirements,
including circuits, outlets and filtering equipment; lab size; computer security; staffing,
maintenance, including policies and rate of service; staff training and establishment of rules and
procedures for computer usage
It is important to conduct evaluation for all possible layouts either when a Computer Centre is
newly designed or is under renovation. The evaluation process is based on the requirement of
users. For example, the evaluation methods are based on number of computers it could occupy
and utility of space as measurement parameters. Quantitative measurement may give efficient
evaluation as they give more objective and more accurate data processing. Therefore, three
quantitative measurements are necessary to be considered: capacity, total surface area and utility
of space. The second and third measurement could be used independently as they measure
different aspect each.

31
The design of a Computer Centre involves the following design criteria:
1. Site Selection / Location: The type of functions to be carried out in a Computer Centre will
determine its location, design, cost layout, equipment, infrastructure and personnel. A
Computer Centre for a University is better located within the University Environment.
Location factors include proximity to power grids, telecommunications infrastructure,
networking services, transportation lines and emergency services. Others are flight paths,
neighboring uses, geological risks and climate (associated with cooling costs). [
2. Designing office and rooms: The number and size of offices needed for staff as well as for
conveniences must be taken into consideration when designing a Computer Centre
3. Designing the whole centre: Aesthetics must be built into the design of the whole Centre. The
surroundings must be designed well to accommodate car park, shade trees, etc.
4. Detailing the facilities: Facilities that are necessary to be put in the Centre must be catered for
at the outset of the Centre’s design. Quantities, size, space needed for installation, wiring of
the equipment (whether surface or conduit), all these must be considered and incorporated
into the design of the Computer Centre.

4.2 Planning the Centre

Planning should take into account the following special considerations:
(i) Partitioning of the Centre into air-conditioned and non-air-conditioned areas
(ii) Floor preparation for equipment installation in the air condition areas
(iii) Quiet zone in personnel areas (management offices, system support, operations
scheduling, visiting programmers, library, conference room, coffee room).
(iv) Solid and soundproof walls (over 40 dB in passage ways to separate air conditioned
from non-air-conditioned and noisy from quiet areas)
(v) Extensive use of moveable walls to allow for ongoing adjustments to technical and
task-related developments
(vi) Inclusion of reserve space in air conditioned and non-air conditioned areas
(vii) Provisions for visitors so that they do not disturb operations: (Many computer centers
no longer permit machine room tours for security reasons, but portion of the operation
may be viewed through safety glass from a gallery).

4.3 Influencing Factors of Consideration

(1) Purpose - The purpose of a computing facility or centre will greatly impact most design
aspects including room layout, computer hardware, printing systems, projection/presentation
systems, etc. Consider what the primary use of this Centre will be:
 Open computer use – Users like students, staff and others come and go to use the
computers for assignments or projects
 Instructional computing facility – The Centre is used for instruction, led by a single
person

32
  Collaborative work – The Centre is used by users in a group project setting
 Laboratory work - computers are used for data collection or in a laboratory setting
(2) Specific application - The greatest influence on the computer hardware itself is the
intended application and operating system. These will drive the need for more powerful
computers, larger monitors, specific printing needs, and other technical decisions.
(3) Budget - There are always budget limitations. Find the limits and project priorities (these
priorities should be influenced by the above factors) and decide on trade-offs. Is new
furniture sacrificed for more powerful computers? Is advanced printing left behind in favour
of a projection system?
(4) Staffing/Maintenance - A Computing Centre requires staffing to install, configure, and
maintain hardware and software. The size, complexity, and purpose of a Computing Centre
will determine the staffing needs. The lack of proper staffing and maintenance may limit a
facility availability or usefulness.
(5) Size – Is the Computer Centre going to be one room of a building, one or more floors, or an
entire building, and can hold 1,000 or more servers?
(6) Space, power, cooling, and costs in the Computer Center must be put into consideration.
(7) Mechanical engineering infrastructure - heating, ventilation and air conditioning
(HVAC); humidification and dehumidification equipment; pressurization.
(8) Electrical engineering infrastructure design - utility service planning; distribution,
switching and bypass from power sources; uninterruptible power source (UPS) systems

4.4 Hardware Purchase Consideration

For all of the following hardware items, one should consider the reliability, serviceability, and
warranty of the specific items. This can greatly impact the maintenance costs and headaches
down the road. At least a three-year warranty is recommended on all computer hardware if
available.
(1) Workstation hardware - This central aspect of the Centre is influenced by all of the
previously mentioned factors. Consider the needs in the following areas:
 CPU - What level of processing power is required by the applications?
 Memory - What amount of RAM is required by the applications?
 Primary storage space - How much storage space is required to install the local
applications? Will users be storing documents on the local machines? Do applications
require a great deal of swap space?
 Sub-systems - evaluate your needs for:
 Networking - generally only a 10/100 Ethernet card is required, but always
consider the latest in town.
 Audio - Sound card, speakers, headphones, microphones
 Video - Video card speed and memory
 Secondary storage - CD, CD-R, DVD, Zip, Flash drives, etc.
 Input - Keyboard and mouse variations

33
  Projectors and Screens
 Monitor - Is a large monitor needed for graphics or engineering work?
(2) Server hardware - Most Computer Centres rely on a server for application serving, print
serving, or storage. This hardware can vary greatly depending on the specific use of the
server.
(3) Networking - Networking is a core component of Computer Centres; it allows access to
Internet resources, access to email, and the ability to collaborate remotely. Potential
networking costs include installation/activation of Ethernet jacks (B-jacks), monthly B-jack
fees, hubs/switches for networking within the room (not needed if each computer has a B-
jack), and cabling. Networking may represent a good portion of the cost of the facility.

(4) Printing - Most Computer Centres require some form of printing to be available. For most
applications this simply means the ability to print black and white text documents, but there
are a variety of printing needs. Another consideration is the quantity of printing expected in
the facility. This greatly influences the specific model of printer within a type of printer.
The following are the most popular forms of printing in campus Computer Centres:
 Black and white laser printing
 Color printing (laser or inkjet)
 Plotting
(5) Other peripherals - The purpose and specific application of a Computer Centre may
require additional hardware not in a traditional computing lab. These are some common
peripherals used in special applications:
 Scanning
 Special storage (CD-R, Jaz, DVD-R, External Disks, etc.)
 Special input (tablets, mapping, data acquisition, etc.)
 Audio/Video systems (projector, sound, etc.) - Many Computer Centres, especially
instructional ones, benefit from the ability to display information for the entire room.
This may include the ability to project computer screens, project television/video
tapes/DVDs, play audio tapes/CDs, and amplify input from microphones. More advanced
systems even allow instructors to project any of the workstation screens to a projector or
to other computer screens on the fly.

4.5 Planning for Upgrade

Any computer hardware and software will eventually have to be replaced as it becomes
obsolete. Computer Centres should have an upgrade plan and budget for both hardware and
software. In general, a three-year replacement cycle may be used for hardware in Computer
Centres. Software is replaced more frequently, usually as new, more useful, versions are
released. Budgeting for new software is difficult due to the unpredictable nature of software
development, but plan must be made on spending about a third of the original software costs
each year in upgrades.

34
4.6 Furniture Arrangements

The purpose of Computer Centres is the strongest influence on the furniture and layout of the
Centre. An open computer lab may simply be rows of computers on basic tables. An
instructional Centre may have rows all facing the front of the room for instruction. A
collaborative Centre may have single computers (or groups of computers) at large tables
designed to seat many students. At least one workstation in each Centre should be placed on an
adjustable height table for accessibility by people using wheelchairs. In an instructional Centre,
the instructor’s workstation should also be placed on an adjustable height table.

Accessibility - In addition to placing accessible tables in the lab, one should also consider the
accessibility of the computer applications (using special input/output hardware or software),
other systems (printing, A/V equipment, etc.), and the accessibility of the room layout. More
detailed information about accessibility is available from the CU Boulder Assistive Technology
Lab.
Power - Often the existing power circuit(s) in a room are not sufficient for a Computer Centre.
Examine your power needs and resources, and contact facilities management regarding power
system upgrades.

4.7 Facilities Required

The following are the physical facilities to be planned for in a typical Computer Centre.
(i) Raised floor: let the wind blow under the floor
(ii) False ceiling
(iii) Air conditioner to control the temperature and humidity in the Computer
center. Thermal Guidelines for Data Processing Environments recommends a
temperature range of 16–24 °C (61–75 °F) and humidity range of 40–55% with a
maximum dew point of 15°C as optimal for data center conditions.
(iv) Smoke and heat detectors (Fire alarms). Smoke detectors are usually installed to
provide early warning of a developing fire by detecting particles generated by
smoldering components prior to the development of flame. This allows investigation,
interruption of power, and manual fire suppression using hand held fire extinguishers
before the fire grows to a large size. Passive fire protection elements include the
installation of fire walls around the data center, so a fire can be restricted to a portion
of the facility for a limited time in the event of the failure of the active fire protection
systems, or if they are not installed.
(v) Rooms and offices to be designed
(vi) Machine room
(vii) Operator working area
(viii) Storage for paper, tapes, disks and outputs
(ix) Customer engineer working area

35
 (x) Technician area
(xi) System development areas: for system analysts and programmers
(xii) Library: for storing books, journals and software
(xiii) Conference and meeting rooms
(xiv) Training rooms
(xv) Director rooms
(xvi) Secretary rooms
(xvii) Operator and guest areas
(xviii) Toilet
(xix) Rest rooms
(xx) Areas for storing power units and air conditioners: such areas are needed to be
designed so that there will be no problem in case of power supply shortage.
(xxi) Back-up power area. Backup power consists of one or more uninterruptible power
supplies, Solar and inverter installations and/or diesel generators.

Also to be included in the design of a Computer Centre are:

(i) Dust prevention mechanism
(ii) Pest control strategies
(iii) Bedrooms for night shift operators
(iv) Transportation facilities
(v) Burglar prevention strategies (installation of burglary proofs, alarms, etc)

4.8 Floor Design

Computer or Data Centers typically have raised flooring made up of 60 cm (2 ft) removable
square tiles. The trend is towards 80–100 cm (31–39 in) void to cater for better and uniform air
distribution. These provide a plenum for air to circulate below the floor, as part of the air
conditioning system, as well as providing space for power cabling.
Telcordia GR-2930, NEBS: Raised Floor Generic Requirements for Network and Data Centers,
presents generic engineering requirements for raised floors that fall within the strict NEBS
guidelines.
There are many types of commercially available floors that offer a wide range of structural
strength and loading capabilities, depending on component construction and the materials used.
The general types of raised floors include stringerless, stringered, and structural platforms, all of
which are discussed in detail in GR-2930 and summarized below.

4.8.1 Stringerless Raised Floors

One non-earthquake type of raised floor generally consists of an array of pedestals that provide
the necessary height for routing cables and also serve to support each corner of the floor panels.
With this type of floor, there may or may not be provisioning to mechanically fasten the floor
panels to the pedestals. This stringerless type of system (having no mechanical attachments

36
between the pedestal heads) provides maximum accessibility to the space under the floor.
However, stringerless floors are significantly weaker than stringered raised floors in supporting
lateral loads and are not recommended.

There are two construction types of floors for network and Computer / data center equipment.
Following are generic descriptions of these types of floors.

4.8.2 Stringered Raised Floors

This type of raised floor generally consists of a vertical array of steel pedestal assemblies (each
assembly is made up of a steel base plate, tubular upright, and a head) uniformly spaced on two-
foot centers and mechanically fastened to the concrete floor. The steel pedestal head has a stud
that is inserted into the pedestal upright and the overall height is adjustable with a leveling nut on
the welded stud of the pedestal head.

4.8.3 Structural Platforms

One type of structural platform consists of members constructed of steel angles or channels that
are welded or bolted together to form an integrated platform for supporting equipment. This
design permits equipment to be fastened directly to the platform without the need for toggle bars
or supplemental bracing. Structural platforms may or may not contain panels or stringers.

Data cabling is typically routed through overhead cable trays in modern data centers. But some
are still recommending under raised floor cabling for security reasons and to consider the
addition of cooling systems above the racks in case this enhancement is necessary. Smaller/less
expensive data centers without raised flooring may use anti-static tiles for a flooring surface.
Computer cabinets are often organized into a hot aisle arrangement to maximize airflow
efficiency.

4.9 Factors to be considered when installing Computer System

Depending on the type of computer centre, certain factors have to be considered when installing
computer system. The factors are:

(i) Local Support: It is important to discover the level of support available locally from
different manufactures of hardware. In most cases, the availability of such support would
be a major factor in preferring a particular make of machine, even if initial cost are
higher.
(ii) Hardware Security: Physical security around computer centres and laboratories need to
be stepped up because of the activities of looters. Security attention should be given to
the computer hardware because of their small sizes; if the physical security is slack
valuable and costly component of the system might be lost.
(iii) Dust: It is almost always advisable to provide dust cover on computer equipment when
not in use, and in some areas special dust filters may be needed to prevent dust
penetrating the casing.
(iv) Heat: Because of the heat been produced by the computer, full air conditioned office is
highly imperative. It is advisable to buy portable air condition unit or install cooling fan
in micro itself.

37
 (v) Power Supply: Computers cannot function without electricity. Electric generators must
be provided at the centre in case of the public power supply failure. In addition, the
generator should be supported with power stabilizer and uninterruptible power supply
(UPS). Power stabilizer protect the computer the harmful effects of fluctuations while
UPS maintain the continuity of power supply in the gap between the switch over public
supply to in- house generator or vise – versa.
(vi) Humidity: An unusually assemble of humidity can also be a problem, leading to
corrosion of electric contact; it may be advisable to use non- corrodible plugs and socket
or to use a contact less keyboard for example.
(vii) Accessories: It is essential to have a supply of computer accessories and part of a micro
and all peripheral equipment.
(viii) Workshop: Basic maintenance facilities will be needed. It is not necessary to be an
electronic engineer to do routine maintenance such as disc head alignment, to change
board in the computer, or to run the diagnostics programs which will at least help to
locate a fault.
(ix) Communication Facilities: These facilities must be provided to provide a link between
the main computer centre and its terminals.
(x) Space Requirement: From 400sq. ft. to several hundred thousand sq. ft; length-to-width
ratio should be approximately 2:3; no long, narrow rooms.
(xi) Floor loading: should be sufficient, preferably with a sound-absorbent and antistatic
covering.

Summary
In this session, you have been introduced to the physical design of a Computer Centre. The
design criteria, facilities required, furniture arrangement, floor design and staffing policy were all
discussed.

Now attempt to answer the following questions:

Self-Assessment Questions

1. Mention and explain any ten facilities required in a Computer Centre.

2. Assuming you are a Computer Centre Manager and you want to purchase hardware
equipment for the Centre. Discuss the factors of consideration in hardware acquisition.
3. Planning to build a Computer Centre is an arduous task. Discuss.

38
Study Session 5: Design of a School’s Computer Laboratory

Expected Duration: 1 week or 2 contact hours

Introduction
Certainly, the layout of the lab depends on the equipment, the furniture, and space available. The
purpose of this Session is to discuss some basic computer lab layouts and their advantages and
disadvantages. Any of these layouts can be modified to satisfy the individual needs of the
institution. It just takes a little planning and imagination to adapt any of these designs to a
specific application.

Learning Outcomes

When you have studied this session, you should be able to explain:

5.1 why computer lab design and layout is important

5.2 classroom computer lab designs
5.3 four-leaf clover computer lab layouts
5.3 u-shaped computer lab designs
5.4 inverted u-shaped computer lab layouts

5.1 Why Computer Lab Design and Layout is Important

Computer labs are more than just rooms with lots of computers. Care must be taken to ensure
that the lab is easy to access and fulfills its purpose. Many schools, colleges and Universities use
computer labs to allow student access to the software necessary to complete coursework.
Computer labs are also used to instruct students on computer use, programming, and related
subjects. However, many institutions give little thought to the design and layout of the lab. Too
often, they simply fill a room with computers and set up the machines any way they fit inside the
room.

Computer labs must be designed intelligently and serve the purpose they were intended to serve.
Imagine if parking lots did not have lines telling you where to park and everyone just drove in
and parked wherever they wanted. Soon no one would be able to enter to exit. The lines in
parking lots create important rules about how you should park in the lot.

Similarly, the design and layout of a computer lab creates rules and defines how the lab can be
used. Thought given to the layout of a computer lab dictates the usefulness of the lab and
increases user satisfaction which justifies its expense and assists in future investments in
upgrades.

39
5.2 Classroom Computer Lab Designs

Figure 5.1: Classroom Computer Lab layout (Source: John Garger, 2011)

The classic classroom computer lab design serves as the default layout in many Schools and
Colleges. However, it does have two major advantages. First, it serves as a great instruction
room where students learn computer topics from an instructor at the front of the room. With
everyone facing the same direction, it allows instructors to see the faces of the students with
which to read non-verbal cues as to whether students are learning the material or need more help.
Second, it is similar to the layout of other classroom environment emphasizing that the students
are there to learn.

One disadvantage of the classroom layout is the need to disturb other students along the rows of
computers as students enter and exit the lab. For labs where students are coming and going, the
classroom layout is not ideal. In addition, the classroom layout is not conducive to team work. It
is difficult for students to work together, especially on collective projects and in peer-assist
teaching models.

40
5.3 Four-Leaf Clover Computer Lab Layouts

Figure 5.2: Four-Leaf Clover Computer Lab Layout (Source: John Garger, 2011)

The four-leaf clover design offers the most privacy for students and reduces to a minimum the
possibility of cheating during tests or exercises. It also eliminates the need for students to disturb
others when entering and exiting the lab and allows instructors to go from student to student to
address individual problems and concerns.

One disadvantage of the four-leaf clover design has to do with attention spans. When students
are sitting at their own computers, instructors will not be able to see what each student is doing at
his/her workstation. Students may not be paying attention to lessons or may be surfing to
inappropriate websites in labs equipped with Internet access.

Four-leaf clover designs can also be more expensive if each computer sits on its own table. Some
computer lab furniture is made specifically for this design offering space for four computers on
one table or desk.

The next two designs are less traditional but offer some things the classroom layout and the four-
leaf clover layout do not.

41
5.3 U-Shaped Computer Lab Designs

Figure 5.3: U-Shaped Computer Lab Designs (Source: John Garger, 2011)

The U-shaped computer lab layout encourages engagement between instructors and students.
Instructors can enter the U and engage with students one-on-one. This design also serves as the
most conducive layout for computer maintenance as technicians do not have to disturb others to
gain access to the computers. In addition, students will not interfere with other students’ work
while entering and exiting the lab.

Unfortunately, the U-shaped design offers little opportunity for instructors to monitor what
students are doing and looking at on their monitors. This design is not compatible with test
taking and requires many assistants to monitor students. Furthermore, this design often takes up
more space that other layouts.

42
5.4 Inverted U-Shaped Computer Lab Layouts

Figure 5.4: Inverted U-Shaped Computer Lab Layouts (Source: John Garger, 2011)

Like the U-shaped layout, the Inverted U-shape also offers engagement between instructors and
students. In addition, the layout allows for the most convenient method of monitoring students.
For individual learning, this layout minimizes the distance instructors must walk to move from
workstation to workstation and student to student.

Like the classroom layout, traffic into and out of the Inverted U-shape can become constrictive
especially when all of the students must enter and exit at the same time. This congestion is
reduced if students are entering and exiting individually as in an open lab paradigm where
students can come and go as they please. In addition, this layout takes up the same amount of
space as the U-shaped design. If space is not a consideration, either of the U-shaped layouts is
appropriate.

Summary

There are many options when designing the layout of a computer lab. The key is to make sure
form is following function. Thought and planning at the beginning of designing the lab ensures
that students and instructors are satisfied with what the lab offers. Choosing a sub-optimal layout
can negatively affect student learning and reduce the engagement between instructors and
students.

Now attempt to answer the following questions:

Self-Assessment Questions

1. Discuss the importance of a Computer Lab to a College.

43
 2. Explain the structures, advantages and disadvantages of the different types of a College
Computer Lab designs.

Study Session 6: Computer-Based Test (CBT) Centre Design

Expected Duration: 1 week or 2 contact hours

Introduction

Computer-Based Test (CBT) Centres are established to provide online or electronic-based

examinations for students via the use of computers and other electronic gadgets. In this Session,
you shall be briefly introduced to functions and requirements for establishing CBT Centres.

Learning Outcomes

When you have studied this session, you should be able to:

6.1 understand the functions of CBT Centres

6.2 understand the general requirements for setting up a CBT Centre
6.3 understand the specific requirements for setting up a CBT Centre
6.4 understand the operations of the CBT Centre’s Closed Circuit Television (CCTV) System
6.5 understand the DVR and Camera system requirements for CBT Centers
6.6 understand the network cable required for biometric verification

6.1 Functions of CBT Centres

Computer-Based Test (CBT) Centres are proliferating in the country now possibly because of
the new mode of conducting the University Matriculation Examinations (UME) organized by
the Joint Admission and Matriculation Board (JAMB). Over one million candidates normally
partake in this examination yearly. There is no single Computer Centre or Laboratory that can
accommodate this large number of candidates. Therefore, government and private individuals
are establishing CBT centres to assist JAMB and other examination bodies conduct their
examinations in the country. It is purely a business venture today as nothing goes for free. As at
the year 2020, a minimum of N1.5M is required to establish a CBT Centre in Nigeria.
6.2 General Requirements for Setting up a CBT Centre
1. Infrastructure (Building, Chairs, Tables and few other things).
The size of a CBT building will largely depend on the capacity of the CBT center that one
wants. An existing building could be converted to a CBT centre but we need to be double
sure of the quality of the building. When designing the tables and chairs, it is suggested that
one visits one or two accredited CBT centers to see how their chairs and tables are
designed.
2. Technical (computers, servers, network design, electrical design, CBT software, inverter,
generator and few other things).

44
3. Management (Man power that will manage the center during and after every exams). A
good computer administrator and five support staffs are minimally needed.
4. Cost (setting up a CBT center require lot of cash). The total cost of setting up of a CBT
Centre varies depending on the capacity that one wants. The cost of setting up a JAMB
CBT center is quite pricey and expensive. But it will be more simple, and cheaper, if one
already has an accredited and authoritative Cyber Cafe, which is bigger to carry up to 250
systems at once.
6.3 Specific Requirements for Setting Up a CBT Centre

(1) Minimally, a 3KVA server is required of a CBT centre and one other, as a backup server.
(2) 250 capacity hall with back up of 25 seats
(3) Availability of back-up power supply (power generating set of minimum 40kva for a
centre with 250 systems; 60 KVA for 350 systems and 100kva for above 350 systems) and
UPS/inverters that can carry all systems for a minimum of two (2) hours.
(4) Air-conditioners in the hall and the server room. Adequate and functional air-conditioners
and lighting must be provided.
(5) The computer systems must be connected to a robust computer server with a capacity to
carry 250 systems concurrently.
(6) Closed Circuit Television (CCTV) cameras installed in the halls. Internet Protocol (IP)
Camera (CCTV) is compulsory for all CBT centers
(7) Provision of individual cubicle with minimum length of 26 inches, breadth of 18 inches and
height of 18 inches and appropriate seat for each system.

(8) Minimum of 15 inches flat screen Computer monitors for desktop or 17 inches for laptop.
(9) All the computer systems must be linked together on Cable Local Area Network topology
(LAN). (Note: Wireless Computer connection is not allowed for JAMB Examination).
(10) Adequate security and minimum of five (5) technical personnel and one network engineer
(11) The centre must be adequately fenced for security.
(12) Provision must be made for a holding room or reception facility e.g. canopy with chairs,
etc.

45
(13) The centre must not be in shared premises such as cinema hall, shopping mall, market, etc.
(14) Provision of up to date Antivirus and all the systems must be virus free.
(15) Minimum of Windows 7 or higher version of windows operating system.
(16) The area of examination, which is the rooms and halls, has to be covered properly by the
signal jammer. During the examination, the signals from the outside have to be restricted
with the help of signal jammer.
(17) The centre should have a stable mobile connection such as Airtel/MTN

6.4 The CBT Centre’s Closed Circuit Television (CCTV) System

This system has to be established in every CBT centre for better security during the examination.
The reasons why the installation of the CCTV cameras in every centre is required are:

(i) Recording of any activities in the centre and outside it during the test.
(ii) Remote viewing of the activities.
(iii)Ability to store the recordings for longer than one month.
(iv) Live access to the centre for remote viewing by the examination Board.

Every centre is required to install a Digital Video Recorder (DVR) and a camera. They have to
possess a user manual on these devices. Detailed specification of a video recorder and camera
requirements are usually provided by the examination bodies for the CBT Centres.

The cameras have to cover the entrance and exit doors, walk ways (if any), examination rooms,
external building, biometric verification area, the lobby and server room. Also, all the technical
supplies have to be supported by the professional CCTV engineer, who has to report any loss of
video to the installer. JAMB, as at 2020 requires that CCTV Systems must be wired. Wireless
CCTV Systems are not allowed. The following are additional requirements of a CBT Centre as
specified by JAMB in 2020:

Holding Rooms must be in good proximity to the examination hall and must be adequately sized

Make-shift CBT centres are NOT allowed; all centres must therefore be dedicated CBT centres
that are used and maintained as such all year round

(i) 100 Access codes to each Centre and monitored

(ii) Opening of a minimum 10 access point out of 100 for each Centre
(iii)All centres must be within MTN or AIRTEL network coverage
(iv) All Centre networks must be powered by Switches. No hubs allowed
(v) Centres are strongly advised to use static IP addresses rather than Dynamic IP Addressing
(vi) Conveniences must be provided both within the Examination hall and waiting areas
(vii) There must be no flying cables. All cables MUST be trunked

There are 2 major types of DVR/Cameras in the market.

46
 a) Digital Video Recorder (DVR) with IP Cameras and
b) DVR with analog cameras

Due to the higher cost of IP CCTV cameras, the DVR can be implemented with analog
cameras. What is majorly required is the Network capability of the DVR to enable remote
access through RJ45 port. (Wireless DVRs are not advised).

6.5 DVR and Camera System Requirements for CBT Centers

Each center is expected to acquire the following specification of CCTV devices

1. Digital Video Recorder

1. Playback through local software

2. Remote Playback through Wired Network
3. Standard search and navigation control
4. Playback with DVR App or standard browser access
5. H.264 minimum video compression technology
6. DVR/HVR/NVR 3 in 1 functionality required
7. P2P Remote live viewing on Smartphone, tablet or PC via easy to use App or browser
8. Smart search function with easy playback
9. Minimum 8 Channel 720P High-resolution day/night camera capable
10. Support motion detection
11. Support email alerts
12. Pre-installed minimum of 1 TB SATA Hard drive or higher
13. Flexible display port with VGA and HDMI output
14. USB Mouse for local access
15. IR Remote control
16. Password functionality for DVR Access
17. RJ45 Network port required for
(a) Capability for Live IP configuration
(b) Image or video export to USB media device e.g. USB Drive.
(c) Active noise filtering and voice recording

2. Camera Specification

1. Weatherproof Indoor and Outdoor cameras

2. True Daylight and Night monitoring capability with minimum 66 Ft IR Range (IP66)
3. IR Night vision LED cameras
4. Minimum video standards: PAL (50f/s) and NTSC (60 f/s)
5. Separate power adapters for cameras
6. High-resolution CMOS sensor

47
 7. Minimum 1500 TVL
8. IP Cameras at a marginally higher price acceptable.

3. User manual (DVR and Camera)

4. Power specification

1. 12 Volt DVR with minimum 3000mA adapter

2. 12 Volt Cameras with minimum 2000mA adapter
3. Maximum of 4 Cameras per 2000mA power adapter
4. Maximum of 8 Cameras per 3000mA power adapter
5. Camera should have voice recording capabilities

6.5.1 CCTV Installation

1. Each CCTV system will require the DVR be installed in the Server room or any
secure/restricted access room.
2. Maximum length of wiring for each camera must not exceed 150Ft for video power camera
cables (all-in-one pre-made length)
3. High quality BNC Female camera adapter
4. For internal cameras, dome or sectional cameras can be used.
5. For external cameras, bullet /outdoor cameras should be used.
6. Independent backup power to be provided for CCTV system
7. Camera installation must be on ceiling at all times with no visible cabling.
8. All cameras must be out of physical reach of all staff and candidates.
9. Power distribution boxes are required for powering the CCTV cameras. Direct connection to
power supply adaptor not advised.

6.5.2 CCTV Coverage Areas

Each Camera system must cover the following areas

2. Entry door (from the inside)

3. Exit door (from the inside)
4. Cross-sectional coverage for examination rooms
5. External building (including front doors)
6. If in proximity, Biometric verification area.
7. Candidate’s waiting for area/lobby
8. Server room

6.5.3 Support and Maintenance

1. Each CCTV installation must be supported/performed by a trained CCTV engineer

48
2. All video loss on any camera must be reported immediately to the installer

6.6 Network Cable for Biometric Verification

1. A single NETWORK CABLE to connect biometric verification system (point) to Server

Room
2. All biometric verifications (before & after examination) would be captured real-time by
the Examination Delivery Server
3. Use of STAR TOPOLOGY for LAN for easy troubleshooting and system maintenance

A CBT Centre (Source: https://www.nairaland.com/2331249/requirements-setting-up-cbt-

centre)

49
Examinees in CBT Session (Source: https://www.nairaland.com/2331249/requirements-setting-
up-cbt-centre)

Summary

No doubt, CBT Centres are useful facilities for conducting electronic examinations in the world
today. You have been introduced to the requirements for setting up a CBT Centre in this Session,
both personnel and technical.

Now attempt to answer the following questions:

Self-Assessment Questions

1. Assuming you are interested in setting up a CBT Centre, state any 10 major requirements
you must satisfy before embarking on such a venture.
2. State all the equipment needed for setting up a CBT Centre.

50
Study Session 7: Physical Security Considerations in
Computer Centres

Expected Duration: 1 week or 2 contact hours

Introduction

Securing a Computer Centre is usually the result of a series of compromises: what is needed
versus what can be afforded and implement. Ideally, old and unusable buildings are replaced by
modern and more serviceable facilities, but that is not always the case in the real world. If we
find ourselves in this situation, the risk assessment process is used to identify
our vulnerabilities and become aware of the preferred security solutions. In this Session, you
shall be introduced to physical security requirements of a Computer or Data Centre.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following
physical security concepts with respect to Computer Centers:

7.1 Physical Security

7.2 Guidelines to Create a Secure Environment: Building and Room Construction
7.3 Guidelines to Guard Equipment:
7.4 Guidelines to Rebuff Theft
7.5 Guidelines to Keeping Portable Equipment and Computers
7.6 Guidelines to Regulate Power Supplies:
7.7 Guidelines to Protecting Outputs:
7.8 Duties of a Security Manager

7.1 Physical Security

The risk assessment results should arm us with the information required to make sound
decisions. Our findings might even show that not every guideline is required to meet the specific
needs of our site (and there will certainly be some variation based on need priorities). Once
decided on, however, actually initiating a strategy is often as simple as raising staff awareness
and insisting on adherence to regulations. Some strategies might require basic "'handyman"'
skills to install simple equipment (e.g., key locks, fire extinguishers, and surge protectors), while
others definitely demand the services of consultants or contractors with special expertise (e.g.,
window bars, automatic fire equipment, and alarm systems). In any case, if the organization
determines that it is necessary and feasible to implement a given security strategy, installing
equipment should not require effort beyond routine procedures for completing internal work
orders and hiring reputable contractors.

Hiring full-time guards is only one of many options for dealing with security monitoring
activities. Part-time staff on watch during particularly critical periods is another. So are video
cameras and the use of other staff (from managers to receptionists) who are trained to monitor

51
security as a part of their duties. The point is that by brainstorming a range of
possible countermeasure solutions we can come up with several effective ways to monitor a
Computer Centre. The key is that the function is being performed. How it is done is secondary
and completely up to the organization and its unique requirements.

Physical security requires that the Computer Centre site(s) be safeguarded in a way that
minimizes the risk of resource theft and destruction. To accomplish this, decision-makers must
be concerned about building construction, room assignments, emergency procedures, regulations
governing equipment placement and use, power supplies, product handling, and relationships
with outside contractors and agencies.

The physical plant must be satisfactorily secured to prevent those people who are not authorized
to enter the site and use equipment from doing so. A building does not need to feel like a fort to
be safe. Well-conceived plans to secure a building can be initiated without adding undue burden
on your staff. After all, if they require access, they will receive it--as long as they were aware of,
and abide by, the organization's stated security policies and guidelines. The only way to ensure
this is to demand that before any person is given access to a system, they have first signed and
returned a valid Security Agreement. This necessary security policy is too important to permit
exceptions.

Examples of physical threats include:

 Natural events (e.g., floods, earthquakes, and tornados)

 Other environmental conditions (e.g., extreme temperatures, high humidity, heavy rains,
and lightning)
 Intentional acts of destruction (e.g., theft, vandalism, and arson)
 Unintentionally destructive acts (e.g., spilled drinks, overloaded electrical outlets, and
bad plumbing)

7.2 Guidelines to Create a Secure Environment: Building and Room Construction

1. Don't arouse unnecessary interest in your critical facilities: A secure room should
have "low" visibility (e.g., there should not be signs in front of the building and
scattered throughout the hallways announcing "expensive equipment and sensitive
information this way").
2. Maximize structural protection: A secure room should have full height walls and
fireproof ceilings.
3. Minimize external access (doors): A secure room should only have one or two doors
- they should be solid, fireproof, lockable, and observable by assigned security staff.
Doors to the secure room should never be propped open.
4. Minimize external access (windows): A secure room should not have excessively
large windows. All windows should have locks.
5. Maintain locking devices responsibly: Locking doors and windows can be an
effective security strategy as long as appropriate authorities maintain the keys and
combinations responsibly. If there is a breach, each compromised lock should be
changed.

52
 6. Investigate options other than traditional keyhole locks for securing areas as is
reasonable: Based on the findings from your risk assessment, consider alternative
physical security strategies such as window bars, anti-theft cabling (i.e., an alarm
sounds when any piece of equipment is disconnected from the system), magnetic key
cards, and motion detectors.
7. Be prepared for fire emergencies: In an ideal world, a secure room should be
protected from fire by an automatic fire-fighting system. Note that water can damage
electronic equipment, so carbon dioxide systems or halogen agents are recommended.
If implemented, staff must be trained to use gas masks and other protective
equipment. Manual firefighting equipment (i.e., fire extinguishers) should also be
readily available and staff should be properly trained in their use.
8. Maintain a reasonable climate within the room: A good rule of thumb is that if
people are comfortable, then equipment is usually comfortable--but even if people
have gone home for the night, room temperature and humidity cannot be allowed to
reach extremes (i.e., it should be kept between 50 and 80 degrees Fahrenheit and 20
and 80 percent humidity). Note that it's not freezing temperatures that damage disks,
but the condensation that forms when they thaw out.
9. Be particularly careful with non-essential materials in a secure computer
room: Technically, this guideline should read "no eating, drinking, or smoking
near computers," but it is quite probably impossible to convince staff to implement
such a regulation. Other non-essential materials that can cause problems in a secure
environment and, therefore, should be eliminated include curtains, reams of paper,
and other flammables.

7.3 Guidelines to Guard Equipment:

1. Keep critical systems separate from general systems: Prioritize equipment based on
its criticality and its role in processing sensitive information. Store it in secured areas
based on those priorities.
2. House computer equipment wisely: Equipment should not be able to be seen or
reached from window and door openings, nor should it be housed near radiators,
heating vents, air conditioners, or other duct work. Workstations that do not routinely
display sensitive information should always be stored in open, visible spaces to
prevent covert use.
3. Protect cabling, plugs, and other wires from foot traffic: Tripping over loose wires
is dangerous to both personnel and equipment.
4. Keep a record of your equipment: Maintain up-to-date logs of equipment
manufacturers, models, and serial numbers in a secure location. Be sure to include a
list of all attached peripheral equipment. Consider videotaping the equipment
(including close-up shots) as well. Such clear evidence of ownership can be helpful
when dealing with insurance companies.
5. Maintain and repair equipment: Have plans in place for emergency repair of critical
equipment. Either have a technician who is trained to do repairs on staff or make
arrangements with someone who has ready access to the site when repair work is
needed. If funds allow, consider setting up maintenance contracts for your critical
equipment. Local computer suppliers often offer service contracts for equipment they
sell, and many workstation and mainframe vendors also provide such services. Once
53
 you've set up the contract, be sure that contact information is kept readily
available. Technical support telephone numbers, maintenance contract numbers,
customer identification numbers, equipment serial numbers, and mail-in information
should be posted or kept in a log book near the system for easy reference. Remember
that computer repair technicians may be in a position to access your confidential
information, so make sure that they know and follow your policies regarding outside
employees and contractors who access your system.

7.4 Guidelines to Rebuff Theft

1. Identify your equipment as yours in a covert way: Label the inside of equipment
with the organization's name and contact information to serve as powerful evidence
of ownership. Engraving the equipment is even better.
2. Make unauthorized tampering with equipment difficult: Replace regular body case
screws with Allen-type screws or comparable devices that require a special tool (e.g.,
an Allen wrench) to open them.
3. Limit and monitor access to equipment areas: Keep an up-to-date list of personnel
authorized to access sensitive areas. Never allow equipment to be moved or serviced
unless the task is pre-authorized and the service personnel can produce an authentic
work order and verify who they are. Require picture or other forms of identification if
necessary. Logs of all such activity should be maintained. Staff should be trained to
always err on the cautious side (and the organization must support such caution even
when it proves to be inconvenient).

7.5 Guidelines to Keeping Portable Equipment and Computers

1. Never leave a laptop computer unattended: Small, expensive things often disappear
very quickly - even more quickly from public places and vehicles!
2. Store laptop computers wisely: Secure laptops in a hotel safe rather than a hotel
room, in a hotel room rather than a car, and in a car trunk rather than the back seat.
3. Stow laptop computers appropriately: Just because a car trunk is safer than its back
seat doesn't mean that the laptop won't be damaged by an unsecured tire jack. Even if
the machine isn't stolen, it can be ruined all the same. Stow the laptop and its battery
safely!
4. Don't leave a laptop computer in a car trunk overnight or for long periods of
time: In cold weather, condensation can form and damage the machine. In warm
weather, high temperatures (amplified by the confined space) can also damage hard
drives.

7.6 Guidelines to Regulate Power Supplies:

1. Be prepared for fluctuations in the electrical power supply: Do so by (1) plugging

all electrical equipment into surge suppressors or electrical power filters; and (2)
using Uninterruptible Power Sources (UPSs) to serve as auxiliary electrical supplies
to critical equipment in the event of power outages.

54
 2. Protect power supplies from environmental threats: Consider having a professional
electrician design or redesign your electrical system to better withstand fires, floods,
and other disasters.
3. Select outlet use carefully: Although little thought generally goes into plugging
equipment into an outlet, machines that draw heavily from a power source can affect,
and be affected by, smaller equipment that draws energy from the same outlet.
4. Guard against the negative effects of static electricity in the office place: Install
anti-static carpeting and anti-static pads, use anti-static sprays, and encourage staff to
refrain from touching metal and other static-causing agents before using computer
equipment.

7.7 Guidelines to Protecting Outputs:

1. Keep photocopiers, fax machines, and scanners in public view: These types of
equipment are very powerful tools for disseminating information; so powerful, in
fact, that their use must be monitored.
2. Assign printers to users with similar security clearances: You don't want employees
looking at sensitive financial information (e.g., staff salaries) or confidential
student/staff information (e.g., individual records) while they are waiting for their
documents to print. It is better to dedicate a printer to the Director of Finance than to
have sensitive data scattered around a general use printer. Don't hesitate to put
printers in locked rooms if that is what the situation demands.
3. Label printed information appropriately: Confidential printouts should be clearly
identified as such.
4. Demand suitable security procedures of common carriers when shipping/receiving
confidential information: Mail, delivery, messenger, and courier services should be
required to meet your organization's security standards when handling your
confidential information.
5. Dispose of confidential waste adequately: Print copies of confidential information
should not be placed in common dumpsters unless shredded.

7.8 Duties of a Security Manager

A Security Manager must:

1. Communicate to staff that protecting the system is not only in the organization’s interests,
but also in the best interest of users.
2. Increase staff awareness of security issues.
3. Provide for appropriate staff security training.
4. Monitor user activity to assess security implementation.

Summary
You have been introduced to strategies for securing a Computer Centre’s physical building as
well as its equipment and outputs.
Now answer the following questions.

Self-Assessment Questions

55
1. State the guidelines to safeguard a Computer Centre physical building
2. What are the functions of a Security Manager in a Computer Centre
3. State the guidelines for protecting outputs in a Computer Centre

56
Study Session 8: Information Security Considerations in
Computer Centres

Expected Duration: 1 week or 2 contact hours

Introduction
A threat is any action, actor, or event that contributes to risk. Information is a vital output from a
Computer Centre. In this Session, consideration is given to securing information in Computer
Centres.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following
Information security concepts with respect to Computer Centers:

8.1 Importance of Securing Information

8.2 Components of Information Security
8.3 Information Security Countermeasures
8.3.1 Transmitting Information Securely (including e-mail):
8.3.2 Presenting Information for Use in a Secure and Protected Way
8.3.3 Backing up Information Appropriately
8.3.4 Storing Information Properly
8.3.5 Disposing of Information in a Timely and Thorough Manner

8.1 Importance of Securing Information

One of an organization's most valuable assets is its information. Local, state, and federal laws
require that certain types of information (e.g., individual student records) be protected from
unauthorized release. This facet of information security is often referred to as protecting
confidentiality. While confidentiality is sometimes mandated by law, common sense and good
practice suggest that even non-confidential information in a system should be protected as well -
not necessarily from unauthorized release as much as from unauthorized modification and
unacceptable influences on its accessibility.

8.2 Components of Information Security

1. Confidentiality: Preventing unauthorized disclosure and use of information

2. Integrity: Preventing unauthorized creation, modification, or deletion of information
3. Availability: Preventing unauthorized delay or denial of information

Examples of information threats include:

1. Natural events (e.g., lightning strikes, and aging and dirty media)
2. Intentional acts of destruction (e.g., hacking and viruses)
3. Unintentionally destructive acts (e.g., accidental downloading of computer viruses,
programming errors, and unwise use of magnetic materials in the office)

57
8.3 Information Security Countermeasures

The following countermeasures address information security concerns that could affect a
Computer Centre’s site. These strategies are recommended when risk assessment identifies or
confirms the need to counter potential breaches in a system's information security.

8.3.1 Transmit Information Securely (including e-mail):

1. Use e-mail only for routine office communication: Never send sensitive information
as e-mail. If e-mail absolutely must be used, encrypt the file and send it as an
attachment rather than in the text of the e-mail message.
2. Encrypt everything before it leaves your workstation: Even your password needs to
be encrypted before leaving the workstation on its way to the network server-
otherwise it could be intercepted as it travels network connections.
3. Physically protect your data encryption devices and keys: Store them away from
the computer but remember where you put them. Use the same common-sense
principles of protection you should be giving your bank card's personal identification
number (PIN).
4. Inform staff that all messages sent with or over the organization's computers
belong to the organization: This is a nice way of saying that everything in the office
is subject to monitoring.
5. Use dial-up communication only when necessary: Do so only after the line has been
satisfactorily evaluated for security. Do not publicly list dial-up communication
telephone numbers.
6. Confirm that outside networks from which there are dial-ins satisfy your security
requirements: Install automatic terminal identification, dial-back, and encryption
features (technical schemes that protect transmissions to and from off-site users).
7. Verify the receiver's authenticity before sending information anywhere: Ensure that
users on the receiving end are who they represent themselves to be by verifying:
a. Something they should know-a password or encryption key; this is the least
expensive measure but also the least secure.
b. Something they should have-for example, an electronic keycard or smart card.
c. Something they are - biometrics like fingerprinting, voice recognition, and retinal
scans; these strategies are more expensive but also more secure.

8. Consider setting up pre-arranged transmission times with regular information

trading partners: If you know to expect transmissions from your trading partners at
specific times and suddenly find yourself receiving a message at a different time,
you'll know to scrutinize that message more closely. Is it really your trading partner
sending the message? Why has the pre-arranged time been ignored? Has the message
been intercepted and consequently knocked off schedule?
9. Maintain security when shipping and receiving materials: When sending sensitive
information through the mail, or by messenger or courier, require that all outside
service providers meet or exceed your security requirements.

58
8.3.2 Present Information for Use in a Secure and Protected Way

1. Practice "views" and "table-design" applications: A "view" selects only certain

fields within a table of information for display, based on the user's access rights.
Other table fields are excluded from the user's view and are thus protected from use.
For example, although a school record system may contain a range of information
about each student, Food Services staff can view only information related to their
work and Special Education staff can view only information related to their work.
This type of system maintains information much more securely than traditional paper
systems, while at the same time increasing statistical utility and accountability
options.
2. Use "key identifiers" to link segregated information: If record information is
maintained in a segregated manner (e.g., testing files are kept in a
different database than special education files) for security purposes, a common file
identifier (e.g., a National Identity Number) can be used to match records without
unnecessarily divulging the identity of individuals and compromising confidentiality.

8.3.3 Back up Information Appropriately

1. Back up not only information, but also the programs you use to access
information: Back up operating system utilities so that you retain access to them
even if your hard drive goes down. Also maintain current copies of
critical application software and documentation as securely as if they were sensitive
data. Caution: Some proprietary software providers may limit an organization's legal
right to make copies of programs, but most allow for responsible backup procedures.
Check with your software provider.
2. Consider using backup software that includes an encryption option when backing
up sensitive information: Encryption provides additional security that is well worth
the extra effort, since it ensures that even if unauthorized users access your backup
files, they still can't break confidentiality without also having access to your
encryption key. If you adopt this recommendation, be sure to change your encryption
key regularly.
3. Verify that your backups are written to the disk or tape accurately: Choose a backup
program that has a verification feature.
4. Rotate backup tapes: Although backup tapes are usually quite reliable, they tend to
lose data over time when under constant use. Retire tapes after two to three months of
regular use (i.e., about 60 uses) to a backup activity that requires less regular use
(e.g., program backups). Also note that routine tape drive cleaning can result in
longer tape life.
5. Maintain a log of all backup dates, locations, and responsible
personnel: Accountability is an excellent motivator for getting things done properly.
Remember to store the logs securely.
6. Avoid over-backing up: Too many backup files can confuse users and thereby
increase the possibility of exposing sensitive information. Clear hard drives, servers,
and other storage media that contain old backup files to save space once you have
properly secured (and verified) the last complete and partial backup.

59
 7. Test your backup system: This point has been made numerous times throughout the
document, but it truly cannot be overemphasized!
8.3.4 Store Information Properly

1. Apply recommended storage principles to both original and backup files

alike: Backup files require the same levels of security as do the master files (e.g., if
the original file is confidential, so is its backup).
2. Clearly label disks, tapes, containers, cabinets, and other storage devices: Contents
and sensitivity should be prominently marked so that there is less chance of mistaken
identity.
3. Segregate sensitive information: Never store sensitive information in such a way that
it commingles with other data on disks or other removable data storage media.
4. Restrict handling of sensitive information to authorized personnel: Information,
programs, and other data should be entered into, or exported from, the system only
through acceptable channels and by staff with appropriate clearance.
5. Write-protect important files: Write-protection limits accidental or malicious
modification of files. Note that while write-protection is effective against some
viruses, it is by no means adequate virus protection in itself.
6. Communicate clearly and immediately about security concerns: Train staff to
promptly notify the system administrator/security manager when data are, or are
suspected of being, lost or damaged.
7. Create a media library if possible: Storing backups and sensitive material in a single
location allows for security to be concentrated (and perhaps even intensified). Note,
however, that an on-site media library is not a substitute for off-site backup
protection.

8.3.5 Dispose of Information in a Timely and Thorough Manner

Institute a specific information retention and disposal policy as determined by the

organization's needs and legal requirements: All data have a finite life cycle. Consult local,
federal, and state regulations for guidance before implementing the following:
1. Establish a realistic retention policy.
2. Mark files to indicate the contents, their expected life cycle, and appropriate
destruction dates.
3. Do not simply erase or reformat media, but overwrite it with random binary code.
Sophisticated users can still access information even after it has been erased or
reformatted, whereas overwriting actually replaces the discarded information.
4. Consider degaussing (a technique to erase information on a magnetic media by
introducing it to a stronger magnetic field) as an erasure option.
5. Burn, shred, or otherwise physically destroy storage media (e.g., paper) that cannot be
effectively overwritten or degaussed.
6. Clean tapes, disks, and hard drives that have stored sensitive data before reassigning
them: Never share disks that have held sensitive data unless they have been properly
cleaned. Also remember to clean magnetic storage media before returning it to a
vendor for trade-ins or disposal.

60
Summary
In this Session, Transmitting, Presenting, Backing up, Storing and Disposing of information in a
Computer Centre were discussed.
Now answer the following questions.
Self-Assessment Questions
1. State the guidelines for Transmitting information in a Computer Centre
2. What are ways of disposing information in a Computer Centre?

61
Study Session 9: Software Security Considerations in
Computer Centres

Expected Duration: 1 week or 2 contact hours

Introduction

Saying that software is an integral part of a computer system is like saying that the steering
wheel is an integral part of an automobile. It's an understatement if ever there was one. All the
technological and mechanical muscle in the world is virtually useless without a way of
controlling it - and software is precisely the means by which users control what they are doing on
a computer system. Application software affects all areas of computing. It defines the concepts
of word processing and spreadsheets, and allows for e-mail and other forms of electronic
communication that have recently become so prevalent. Its security, therefore, is essential to the
overall security of information and system in a Computer Centre.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following
Software security concepts with respect to Computer Centers:

9.1 Importance of Software Security

9.2 Software Security Countermeasures
9.2.1 Coordinate (and Centralize) the Organization's Software Management
9.2.2 Regulate Software Acquisition and Development
9.2.3 Thoroughly Test Newly Acquired and Developed Software

9.1 Importance of Software Security

Because certain aspects of software security can become quite technical, administrators should
work closely with technical staff throughout the policy-development process. Software security
requires policies on software management, acquisition and development, and pre-implementation
training. Unlike many personnel aspects of system security, appropriate software use requires
that products and equipment match in a range of technical specifications. Policy-makers may,
therefore, choose to pay close attention to the advice of technical staff when considering
software issues and generating policy. Software users (virtually anyone who turns on a
computer) should also be surveyed about the types of software required to perform their jobs, the
ways in which those pieces of software are used, and the kinds and amount of training that are
necessary to properly prepare staff to meet their job requirements.

9.2 Software Security Countermeasures

The following countermeasures address software security concerns that could affect your
site(s). These strategies are recommended when risk assessment identifies or confirms the need
to counter potential breaches in the security of your software system.

62
9.2.1 Coordinate (and Centralize) the Organization's Software Management

1. Centrally control all critical system software: (1) Know what programs are being
added, deleted, and changed in your system; (2) control all additions, deletions, and
modifications; and (3) take all necessary steps to ensure that new and old software
work together appropriately (i.e., that they interface).
2. Initiate formal testing and certification procedures for new/modified
software: Require that any new or modified software be tested rigorously and
certified as fully operational before releasing it for general use.
3. Maintain an off-site location for critical backup copies: Backups of any and all
software, databases, and information that serve critical functions should reside in a
secure off-site location and be readily accessible when and if needed. Backups require
the same level of protection as master files (i.e., if the files are designated as
confidential, treat the backups as confidential as well). Periodically check that the
backups function as expected so that there are no surprises if and when they are really
needed.
4. Secure master copies of software and associated documentation: If master copies
and/or their instructions are lost, an entire system can be put in jeopardy. But while
documentation must be protected, it must also be kept available to users who have
legitimate questions about proper use of the software.
5. Never lend or give proprietary software to unlicensed users: By definition,
proprietary software means that it isn't yours to give someone else makes their living
by selling it.
6. Tolerate nothing but licensed and organizationally approved software on workplace
equipment: Games are fun and software from home can sometimes be useful, but
they have no place on organizational equipment unless explicitly authorized.
7. Monitor software use (and hard drive inventories) to counter possible copyright
infringements: Unlicensed software on organizational equipment puts the entire
organization at risk for fines and other penalties stemming from copyright violations.
Software inventories should include the name of the manufacturer, version number,
assigned computer (as applicable), and function.
8. Permit only authorized personnel to install software: In this way you know exactly
what software is being introduced to your system and that it is being installed
properly.
9. Train staff on software use and security policies: The best designed software
for accessing and manipulating information is useless if staff are unable to use it
properly.

9.2.2 Regulate Software Acquisition and Development

1. Define security needs before purchasing or developing new software: After

identifying your needs through a risk assessment, the findings should be used as the
criteria by which you select appropriate software products.
2. Require written authorization before anyone tampers with software: Any changes to
software requires a paper trail of what, why, and under whose auspices software was
modified.

63
 3. Conduct design reviews throughout the development process: Continued feedback
from expected users during development ensures that the product will
satisfy functional specifications and security requirements.
4. Modify archived copies of software (not the copy that is up and running on the
system): By doing so, you can be sure that you are not putting active applications and
files at risk. Once the modified copy passes testing and is certified as operational,
then and only then should it be loaded onto the system for use with "live" data.
5. Require that all software developed or modified by a programmer be reviewed by a
second, independent programmer: This review should verify that all code is
appropriate and correct.
6. Maintain master files of all developed software independent of the programmer:
Software belongs to the Computer Centre, not the programmer. By controlling all
original copies, the Centre clearly guarantees this ownership.
7. Require documentation for all new or revised programming: Requisite
documentation includes the name of the developer, the name of the programming
language, the development date, the revision number, and the location of the master
copy (i.e., the source code).
8. Verify authenticity of public programs: If software downloaded from
the Internet must be used with sensitive information, be sure that it has not been
tampered with by checking for a digital signature to verify its authenticity.

9.2.3 Thoroughly Test Newly Acquired and Developed Software

1. Specifically search for common types of computer viruses: Have technical staff
check for common viruses such as Trojan Horses and worms.
2. Verify that all software user functions are working properly before putting
the software into operation: Check that new software meets anticipated user needs,
current system requirements, and all organizational security standards. This
recommendation is also applicable when upgrading software.
3. Back up old files before installing new software and software upgrades: Don't risk
the latest copies of your files/records until you're certain that your new versions are
up and running properly.
4. Never test application software with "live" data: Don't risk losing real information if
the software doesn't pass the test. Instead, verify software integrity with dummy files
and/or copies of non-sensitive files.
5. Test on independent machines: Initial software testing should never occur on
computers that are connected to the system. By maintaining a separate test
environment, the entire system is not at risk if the software malfunctions.
6. Run existing and upgraded versions of software in parallel during final testing
phases: By running the old software at the same time as the new and improved
software, you can verify that the new versions generate the same or better results than
the existing system.

64
Summary
In this Session, safeguarding measures for software in a Computer Centre were discussed.
Now answer the following questions.
Self-Assessment Questions
1. State the guidelines for coordinating software management in a Computer Centre
2. What are ways of regulating software acquisition in a Computer Centre?

65
Study Session 10: User Access and Network Securities
Considerations in Computer Centres

Expected Duration: 1 week or 2 contact hours

Introduction

User access as well as network (internet) securities are also essential security considerations in a
Computer Centre. Measures to counter threats of user access and network are discussed in this
Session.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following
user and network security concepts with respect to Computer Centers:

10.1 User Access Security

10.1.1 User Access Threats
10.1.2 Implement a Program in Which Every User Accesses the System by Means of an
Individual Account
10.1.3 Require Users to "Authenticate" Themselves in Order to Access Their Accounts
10.1.4 Passwords
10.1.5 Establish Standard Account and Authentication Procedures
10.1.6 Recognize that Routine Physical Security Plays an Important Role in User Access
Management
10.1.7 Pay Particular Attention to Remote Access Systems
10.2 Network (Internet) Security
10.2.1 Policy Issues
10.2.2 Network Threats
10.2.3 Network Security Countermeasures
10.2.3.1 Protect Your Network from Outsiders:
10.2.3.2 Protect Transmissions Sent over the Internet:
10.2.3.3 Data Encryption Types

10.1 User Access Security

User access security refers to the collective procedures by which authorized

users access a computer system and unauthorized users are kept from doing so. To make this
distinction a little more realistic, however, understand that user access security limits even
authorized users to those parts of the system that they are explicitly permitted to use (which, in
turn, is based on their "need-to-know"). After all, there is no reason for someone in Staff Payroll
to be given clearance to confidential student records.

User access security demands that all persons (or systems) who engage network resources be
required to identify themselves and prove that they are, in fact, who they claim to be. Users are

66
subsequently limited to access to those files that they absolutely need to meet their job
requirements, and no more. To accomplish this, decision-makers must establish policies
regulating user account systems, user authentication practices, log-in procedures, physical
security requirements, and remote access mechanisms.

10.1.1 User Access Threats

Examples of user access threats include:

1. Intentional acts (e.g., shared user accounts, hacking, and user spoofing or impersonating)
2. Unintentional acts (e.g., delayed termination of inactive accounts, unprotected passwords,
and mismanaged remote access equipment)

The following countermeasures address user access security concerns that could affect a
Computer Centre and equipment. These strategies are recommended when risk assessment
identifies or confirms the need to counter potential user access breaches in your security system.

10.1.2 Implement a Program in Which Every User Accesses the System by Means of an
Individual Account

1. Limit user access to only those files they need to do their jobs: Providing access that
is not needed greatly contributes to risk without a corresponding increase in benefit.
Why bother?
2. Avoid shared accounts: Individual activity cannot be differentiated unless there are
individual accounts.
3. Secure the user account name list: Because of its importance to system security, the
user account list should be considered to be confidential and should never be made
public. Give b consideration to storing it as an encrypted file.
4. Monitor account activities: Keep a record of all system use (many systems perform
this function through an audit trail feature).
5. Terminate dormant accounts after a pre-set period of inactivity (e.g., 30 days):
Legitimate users can always reapply and reestablish their accounts.

10.1.3 Require Users to "Authenticate" Themselves in Order to Access Their Accounts

(i.e., make sure that they prove that they are who they are representing themselves
to be)

Select an authentication system: The right choice for an authentication system depends
on the needs of the organization and its system, and should be based on the findings of a
risk assessment. Note that the following options progress from least secure to most
secure, as well as (not surprisingly), least expensive to most expensive:

1. Something the user knows (e.g., a password)

2. Something the user has (e.g., an electronic key card)
3. Something the user is (e.g., biometrics - finger printing, voice recognition, and
hand geometry)

67
10.1.4 Passwords

Because passwords are the most common method of user authentication, they deserve special
attention.

Password selection:

1. Require that passwords be at least six characters in length (although eight to ten are
preferable).
2. Prohibit the use of passwords that are words, names, dates, or other commonly
expected formats.
3. Forbid the use of passwords that reflect or identify the account owner (e.g., no
birthdates, initials, or names of pets).
4. Require a mix of characters (i.e., letters/numbers and upper/lower case if the system
is case sensitive).

One way to effectively create apparently random passwords that can be memorized easily is to
use the first letter of each word in a favorite quote, capitalize every other letter, and add a
number. For example, Longfellow's "One if by land, two if by sea" (from Paul Revere's Ride)
becomes the password "oIbLtIbS3".

Password maintenance:

1. Require the system administrator to change all pre-set passwords that are built into
software (e.g., supervisor, demo, and root).
2. Systematically require passwords to be changed at pre-set intervals (e.g., once per
month).
3. Maintain zero-tolerance for password sharing.
4. Forbid unsecured storage of personal passwords (e.g., they should not be written on a
Post-It™ note and taped to the side of a monitor).
5. Never send a password as a part of an e-mail message.
6. Warn users not to type their password when someone may be watching.
7. Mask (or otherwise obscure) password display on the monitor when users type it in.
8. Remind users that it is easy to change passwords if they think that theirs may have
been compromised.
9. Maintain an encrypted history of passwords to make sure that users are not simply
recycling old passwords when they should be changing them.
10. Monitor the workplace to ensure that all regulations are being followed.

10.1.5 Establish Standard Account and Authentication Procedures (known as log-in

procedures)

1. Limit users to acceptable log-in times: There is no reason for an average day-shift
employee to be able to access the system in the middle of the night.

68
 2. Limit users to acceptable log-in locations: There is no reason for an average
employee with a terminal on his or her desk to access the system from his or her
supervisor's desk.
3. Set reasonable limits to the number of allowable log-in attempts: Enable the system
to assume that anyone who can't enter a password correctly after three attempts may,
in fact, not be who they say they are. Allow users more than one or two attempts or
else they might make mistakes simply because they are worried about getting shut
out. After three incorrect attempts, the account should be suspended (to prevent an
intruder from simply calling back and trying three more times). Legitimate users can
always have their accounts reopened by contacting the security manager.
4. Require staff to log off the system and turn off the computer: The last important step
of logging on properly is logging off properly. Users should be required to log off
every time they leave their workstations (e.g., for lunch, breaks, and meetings). After
all, an unauthorized user has free reign to an authorized user's access when a
computer is left unattended and logged into the system.

10.1.6 Recognize that Routine Physical Security Plays an Important Role in User Access
Management

1. Protect every access node in the system: An "access node" is a point on a network
through which you can access the system. If even one such point is left unsecured,
then the entire system is at risk. A good example of frequently forgotten access nodes
are modular network plugs that are often built into conference rooms (into which
portable computers can be plugged). If unauthorized users can get to such a node with
a laptop, they are in position to attack the system.
2. Protect cables and wires as if they were access nodes: If a sophisticated intruder can
access a span of cable that is used as a connector between pieces of equipment, he or
she may be able to access the entire system. Physically accessing the wiring is
referred to as "tapping the line." High-end equipment can monitor electrical
emanations (known as Radio Frequency Interference) from wiring without even
physically touching the cable.
3. Disconnect floppy drives from servers: A sophisticated intruder can boot-up (the
technical term for "starting the system") from an external disk drive.
4. Install screen savers (with mandatory locking features): Prevent information from
being read by anyone who happens to be walking past the display monitor.

10.1.7 Pay Particular Attention to Remote Access Systems (i.e., when someone, including
an authorized user, accesses your system from off-site via a modem)

1. Consider requiring pre-approval for remote access privileges: An identified subset

of employees to monitor is more manageable than every random person who calls
into the system.
2. Remind staff that remote access is particularly subject to monitoring activities:
Increased risk requires increased vigilance.

69
 3. Set modems to answer only after several rings: An authorized user will know that he
has dialed a "slow" modem and will therefore be willing to wait. A random-dialer
looking to bump into modems may be less likely to be so patient.
4. Use a "call back" communication strategy with remote access users: Once users
call in and properly identify themselves, the connection is dropped and the system
then calls back the authorized users at a pre-approved access location.
5. Use software that requires "message authentication" in addition to "user
authentication": Even if a user can provide the right password, each message sent
and received must have its delivery verified to ensure that an unauthorized user didn't
interrupt the transmission.
6. Never transmit sensitive information over public telephone lines unless the
transmission has first been encrypted: Unless a line can be verified as secure, it must
be considered to be susceptible to tampering.
7. Investigate security features of external networks to which the system connects:
The Internet and other networks are not just things your staff can access and browse--
they are two-way lines of communication. If security cannot be verified, then
additional precautions must be taken (e.g., gateways and firewalls).
8. Install firewalls on your system at external access points: A firewall is by far the
most common way to secure the connection between your network and outside
networks. It works by allowing only trusted (authenticated) messages to pass into
your internal network from the outside (see also Chapter 9).
9. Never list dial-in communication numbers publicly: Why advertise what authorized
users should already know?
10. Disable modems when not in use: No need to provide a viable line of access to and
from the system unless it's necessary.
11. Never leave a modem on automatic answer mode: Such a practice opens the door to
unauthorized and unsupervised system access.
12. Permit modem use only from secure locations: Never allow a modem to be
connected to a system machine that is not itself protected by a firewall or gateway.
13. Grant Internet access only to those employees who need it to perform their jobs: A
student might need the Internet for legitimate learning purposes, but a staff assistant
probably does not.
14. Remind students and staff that the Internet (and all system activity for that matter)
is for approved use only: There are countless Internet sites and activities that have no
positive influence on the education environment. They have no place on the system.
15. Require all users to sign Appropriate Use Agreements before receiving access to the
system: Signed Security Agreements verify that users have been informed of their
responsibilities and understand that they will be held accountable for their actions.

10.2 Network (Internet) Security

Network security, especially as it relates to the biggest network of all, the Internet, has emerged
as one of today's highest-profile information security issues. Many education organizations have
already connected their computing resources into a single network; others are in the process of
doing so. The next step for these organizations is to weigh the costs and benefits of opening a

70
connection between their private networks (with their trusted users) and the unknown users and
networks that compose the Internet.

10.2.1 Policy Issues

Connecting to the Internet doesn't necessarily raise its own security policy issues as much as it
focuses attention on the necessity of implementing security strategies properly. Internet security
goals fall within two major domains. The first centers around protecting your networks,
information, and other assets from outside users who enter your network from the Internet. The
second deals with safeguarding information as it is being transmitted over the Internet.

10.2.2 Network Threats

Examples of network threats include:

1. Intentional acts of destruction (e.g., address spoofing and masquerading)

2. Unintentionally destructive acts (e.g., accidental downloading of
computer viruses and improper release of information)

10.2.3 Network Security Countermeasures

Because the Internet is relatively new, it isn't surprising that its standards are still being
established and agreed upon. Consequently, it also shouldn't be surprising that its existing
mechanisms for governing information exchanges are varied, not uniformly implemented, and, in
many cases, not interoperable. Thus, it is only fair to admit that although the
following countermeasures will greatly increase Internet security, more sophisticated and
robust solutions remain on the horizon.

The following countermeasures address network security concerns that could affect your site(s)
and equipment. These strategies are recommended when risk assessment identifies or confirms
the need to counter breaches in the security of your network.

10.2.3.1 Protect Your Network from Outsiders:

1. Implement applicable security recommendations as raised in previous

chapters: Solid defense against external Internet threats includes the proper
implementation of relatively straightforward security measures
like encryption software, virus scanners, remote access regulations, and passwords.
2. Isolate your network through the use of a firewall: Installing a firewall enables the
organization to decide which types of messages should be allowed into
the system from external sources (e.g., "nothing with identifiable virus coding" and
"nothing with decryptor coding structures"). The actual installation and operation of
the complex features requires expert technical assistance, but policy-makers can make
informed decisions about product features all the same.

71
 3. Locate equipment and information that is intended for external users outside of the
firewall: If an organization's Web server is intended to provide information and
services to the public, it should not be located on the private side of the firewall. Nor
should it be able to access confidential information that resides inside the firewall.
This way, if the public Web server should ever be compromised,
confidential information is still protected.

10.2.3.2 Protect Transmissions Sent over the Internet:

1. Use Secure Sockets Layer (SSL) Servers to secure financial and information
transactions made with a Web browser: In a secure Web session, your Web
browser generates a random encryption key and sends it to the Web site host to be
matched with its public encryption key. Your browser and the Web site then encrypt
and decrypt all transmissions.
2. Authenticate messages through the use of digital signatures: A digital signature
amounts to a "fingerprint" of a message. It depicts the message such that if the
message were to be altered in any way, the "fingerprint" would reflect it--thus making
it possible to detect counterfeits. The converse, of course, is that if the "fingerprint"
does not change during transmission, you can be confident that the message was not
altered.
3. Authenticate messages through the use of timestamps or sequence
numbers: Another way to recognize when messages have been modified is to
challenge the "freshness" of the message. This is done by embedding time stamps,
sequence numbers, or random numbers in the message to indicate precisely when and
in what order the message was sent. If a received message's time and sequence are not
consistent, you will be alerted that someone may have tampered with the
transmission.
4. Authenticate message "receivers" through the use of digital certificates: By
requiring an authentication agent or digital certificate, you force the person on the
other end of the transmission to prove his or her identity. In the digital world, trusted
third parties can serve as certificate authorities--entities that verify who a user is for
you. In this way, digital certificates are analogous to a state-issued driver's license. If
you trust the party that issues the certificate (e.g., the state or the certificate authority),
then you don't need to try to verify who the user is yourself.
5. Encrypt all messages sent over the Internet: As more and more messages are sent
over larger and larger networks, information becomes increasingly vulnerable to
assault. Encryption has become a leading tool to combat this vulnerability. Like other
countermeasures, it can be very effective if used properly and regularly.

10.2.3.3 Data Encryption Types

The process of encrypting and decrypting files depends on which encryption model your security
solution employs. Encryption models vary in the number and size of the key(s) they use. As a
general rule, the larger the key, the tougher it is to crack. There are two major types of
encryption keys, systems currently in use:

72
 1. In a Single Key Encryption System, parties exchange a key known only to
themselves, and use that key to encrypt and decrypt messages. The fundamental
premise of this system is that parties must securely communicate the secret key to
each other in order to encrypt and decrypt messages.
2. The Public/Private Key Encryption System is based on a pair of mathematically
related keys - a public key and a private key. Each key can decrypt information
encrypted by the other. Your public key is used by anyone who wishes to send you an
encrypted message or to verify your digital signature. Your private key is known only
to you and is used to decrypt messages sent to you through the public key, or to
digitally sign messages you are sending. This model allows for a much larger number
of users than single key encryption because you need not have a separate key sent
secretly to every trading partner.

Consensus appears to be moving the Internet toward a public/private key system in which third-
party organizations that are entrusted as certificate authorities provide key management. Key
management refers to the secure administration of encryption keys so that they become available
to users only when and where they are required. This system is often referred to as the Public
Key Infrastructure.

Summary

User access and network security issues as they affect a Computer Centre are discussed in this
Session. Now answer the following questions.

Self-Assessment Questions

1. How do you protect data transmissions over the Internet?

2. Discuss any two measures of controlling user access in a Computer Centre.
3. What are the problems of passwords usage and how do we go around these problems?

73
Study Session 11: Ethics and Cleanliness in Computer
Centres

Expected Duration: 1 week or 2 contact hours

Introduction
Rules, routines, and procedures are very important in a Computer Centre or Laboratory.
Computer ethics are set of acceptable behaviour that must be exhibited by users in a computing
environment, to ensure safety of the users, equipment, Computing devices and the entire
environment. In this Session, attempt is made to highlight some of these ethics as well as ways of
ensuring cleanliness in a Computer Centre or Laboratory.

Learning Outcomes

When you have studied this session, you should be able to understand:

11.1 Computer Ethics

11.2 Computer Centre / Lab: Management Ethics
11.3 Computer Centre / Lab Rules and Regulations
11.4 Cleanliness in a Computer Centre / Lab
11.5 How to clean a keyboard

11.1 Computer Ethics

Ethics is a set of moral principles that govern the behaviour of a group or individual in an
environment. Computer ethics is a set of moral principles that regulate the use of computers in a
Computer Centre or Computer Laboratory.

11.2 Computer Centre / Lab: Management Ethics

A computer centre or Lab must be managed properly. Unlike our homes we need to keep a
computer room or centre or lab in a good condition always by:

1. Making it free of dust: daily dusting of computers after sweeping the room. After sometime,
a computer engineer should use a blower to blow off dust from within the computer.
2. Maintaining appropriate lighting: a computer centre/room/lab must not be dark while
computers are being used. Steady flow of electricity and Uninterruptible Power Supply
(UPS) should be used. A UPS is a device used to store electricity for the computer in case of
power failure.
3. Maintaining adequate and appropriate ventilation. A cooling system is very necessary all
the time for computers. Fans and air conditioners should be used always to avoid computers
being damaged because of heat.
4. Proper setup of computer system: all connections should be done before usage.
5. Eating, explosion and drinking should be avoided while in computer room.

74
6. Noise should be avoided in a computer room.
7. A maintenance officer should check all computers before and after use.

11.3 Computer Centre / Lab Rules and Regulations

In a Computer Centre / Laboratory, certain rules and regulations should be observed. They
include:

1. Chairs and tables should be arranged in a comfortable manner so as to ease movement within
the computer laboratory.
2. Power points should be attached to the wall close to each computer.
3. The system unit and peripherals such as monitors, keyboard, mice etc. should be arranged in
an orderly manner.
4. A Computer Centre / laboratory should be out of bound for non-users.
5. Computers should be booted properly before use and shut down properly after use to avoid
damage to the memory files of the computer.
6. There should be no smoking, eating or drinking in the computer laboratory.
7. Keep the computer away from direct sunlight and sources of heat.
8. Be careful about using Flash disks or other external storage devices from unknown sources as
the computer could easily get infected with a virus.
9. Hands should be washed thoroughly before and after the Centre or Laboratory (Imagine all
the hands that touch keyboards every day, and all the germs that come with them!)
10. Food, candy, gum, and beverages should be kept out of the computer centre or lab.
11. No rushing into a Computer Centre or Lab. Enter silently.
12. Students should be instructed to stay in their seats while working (unless instructed
otherwise).
13. Switches, cables, or cords must not be tampered with by outsiders to the Centre / Lab.
14. When headphones are used by individual users, they must be set to an appropriate volume
level. If someone can hear what another person is playing through his/her headphones, the
headphone is probably too loud.
15 Take good care of headphones. Wind up the cords, then hang them or box them up.
16. In a Centre or Lab accommodating students, they should be asked to focus on their own
works. Helping a neighbor is usually a nice thing, but not in the Centre or lab, unless they are
permitted to do so. Why? 1) Wrong information may be passed to another student, 2) The
instructor can usually help more efficiently. 3) If students are assisted by other students, they
will never learn to do it themselves. Of course, collaboration is good, but not when students
are asked to do individual works.
17. There are talking times and non-talking times.
18. After the day’s activities, check to make sure things are clean and organized, applications are
closed, and the centre/lab is left better than you found it.
19. Users should be advised to always work at their assigned computers. If the computer doesn't
seem to be working, they should inform the staff in charge. (Tip: If students have class

75
 numbers, assign them to the same numbered computers. This helps with accountability for
computer care, pushing in chairs, finding lost documents, etc.)
20. No loading or deleting of any software on the systems in the centre / lab.

11.4 Cleanliness in a Computer Centre / Lab

1. Computers, keyboards, screens, mice, and counter tops need to be cleaned regularly.
2. Dusting - Swiffer sweepers or Swiffer dusters work very well. Pressurized air cans can help
with keyboards and other hard-to-dust computer parts.
3. Cleaning wipes work well for cleaning and disinfecting computer surfaces and keyboards.
Do not clean computers with wipes that contain bleach.
4. Computer screen cleaner can help avoid streaks when cleaning screens. Dry them off with a
soft screen-cleaning cloth.
5. Unplug the mouse and keyboard before cleaning.
6. Wear gloves and wash your hands when finished!

11.5 How to Clean a Keyboard

1. The easiest method of cleaning a keyboard, which can be surprisingly effective, is to unplug
it, turn it upside down and shake it vigorously (though not so much that you drop it!). Try
doing it over a sink or sheet of newspaper.

2. For a more effective ‘dusting’, spray between the keys with a can of compressed air, which
one should be able to find at most computer or electronic specialist shops. Remember that
this will only loosen stubborn crumbs – you’ll still need to shake the dust and dirt free.

This type of cleaning won’t get rid of dirt that’s become stuck to the inside of the keyboard;
for example, where you’ve spilt drops of sticky liquid (particularly sugary coffee). In this
case you’ll need to reach in between each key with a cotton bud (Q-Tip) that’s been dipped
in a suitable cleaning substance. The best is isopropyl alcohol, which you’ll usually found
sold as rubbing alcohol. It’s a relatively safe substance, but be extra-careful to keep it away
from flames (such as a lit cigarette), and make sure to wash your hands thoroughly
afterward.

3. In some circumstances, this sticky dirt can build-up so much that you can’t reach it with a
cotton bud. In this case you’ll need to remove the keys. You can do this with pretty much
any object that’s thin enough to act as a lever, but don’t use a knife or scissors as this can be
dangerous. Instead try a flat-head screwdriver or, better, a sturdy pair of tweezers. You’ll
need to apply a gentle force to pop the key out of place without breaking anything.

4. Technically you can remove any key, but any unusually shaped one such as the Enter key or
space bar can be difficult to get back into place, so it may not be worth the effort. Once
you’ve taken off all the keys you are removing, you need to remove any dust from the
keyboard (either with a duster or compressed air), then wipe the surface with a cloth lightly
soaked in isopropyl alcohol. For a thorough job wipe each key as well. When you come to

76
 replace the keys, be sure to put them back in the right place! Putting the key back requires a
firm, but not hard, amount of force.

5. If cleaning a keyboard doesn’t improve its performance, or you find you have to clean it so
often it becomes overly time-consuming, you may find it makes more sense to simply buy a
new one. A new purchase is also a good chance to get a better quality keyboard (particularly
if it came as part of a complete PC package) or one with extra features such as special keys
for controlling media players, a cordless facility, or even a built-in handset for Internet
phone services such as Skype.

Summary

In this Session you have been taken through the ethics and cleanliness in a Computer Centre. The
rules and regulations in a Computer Centre as well as different methods to clean a keyboard were
discussed.

Now answer the following questions.

1. State five management ethics in a Computer Centre or Laboratory

2. State any ten rules and regulations in a Computer Centre
3. Discuss the various ways of cleaning a computer keyboard

77
Study Session 12: Personnel Selection and Evaluation
Expected Duration: 1 week or 2 contact hours

Introduction

How do we recruit staff into a Computer Centre? How do we evaluate monitor and evaluate the
performance of both the hardware and software in a Computer Centre? These issues are
addressed in this Session.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following:

12.1 Staff Recruitment

12.2 Staff Recruitment Policy
12.2.1 Sources of Recruitment
12.3 Recruitment Techniques
12.3.1 Appointment Consultants
12.3.2 Use of Selection
12.4 Procedure for Recruiting and Selection of Staffs
12.5 Performance Evaluation
12.5.1 Hardware Assessment Models
12.6 Monitoring Techniques
12.6.1 Properties of Performance Monitor
12.7 Performance Evaluation
12.7.1 Tools for Collecting Data about Usage
12.7.2 Performance Improvement Alternatives

12.1 Staff Recruitment

Recruitment is a way of hiring people and their skills in particular field or industry. Recruitment
thus opens the window for skill evaluation and a quality control over services provided by the
company that is adopting the recruitment process. This exercise may involve the use of
appointment consultants or direct employment into an organization called selection. It is
important to state that recruitment is more than the literal meaning of employment. It means and
refers to the following:

Things to be in place before employing labour are:

1. Expectation of the recruiting officer before the process
2. Techniques to carry out recruitment of labour
3. Help for applicants
4. Number of labour needed and to what capacity they hold
5. Experiences attached to each capacity
6. Duration of services
7. Wages and general cost performance
78
12.2 Staff Recruitment Policy

A typical computer centre team consist of the operations team who performs daily management
of the computer centre including 7/24 operator coverage, logistical planning for the computer
centre, hardware movements and warranty/escalation follow-up for the system. There are
obviously two choices open to management. They can recruit experience personnel and thus reap
the benefit of that experience or they can re-train existing staff in computer techniques. In doing
this, a number of factors used to be considered or the advantages and disadvantages of each
option.

(a) Recruitment of Experience Personnel

Advantages
(i) Benefit of the experience.
(ii) Little or no computer training required.
(iii) A fresh eye often sees weakness in a system.

Disadvantages
(i) Demand exceeds supply, therefore high salary levels.
(ii) No knowledge of company perhaps even industry.
(iii) No company loyalties.
(iv) Problem of interaction with existing staff.
(v) Gamble of recruiting an unknown person

(b) Re – Training of Present Staff

Advantages:
(i) Retain existing loyalties.
(ii) No need to spend time in teaching company operation
(iii) Personality and ability already known.
(iv) Acceptance to existing staff (assuming right people selected).

Disadvantages:
(i) Computer training necessary.
(ii) Over familiarities with the way things are done and reluctant to change the present
methods.

12.2.1 Sources of Recruitment

In the recruitment of staff, a Computer Centre may look at the following:

(i) Advertisements:

This can be done through, media houses like newspapers, journals, radio, television, internet and
so on. Advertising agencies could be used to execute this task. Correct choice of media is highly
necessary. Emphasis should be laid on the quality of the placed adverts. Such advertisement must

79
be carefully worded, neatly set out, and stressing the main features. On the other hand, a poor
advertisement may raise doubts about the company’s ability and efficiency. Salary range, name
of the company, prospects and box numbers should be stated when advertising.

(ii) Employment Services Agency:

The method is used to recruit manual worker and clerical staff. A register is maintained which
shows the list of the people seeking jobs and their qualifications.

(iii) Employee Recommendations:

These have the advantage that applicants will know a lot about the firm when they arrive and
employee may have more interest in their work if allowed to recommend workers. This can be
done by employee or by other personalities that have a good knowledge about the job and its
state. It helps to acquire scarce skills at reduced prices.

(iv) Professional Organizations: Usually keep record of vacancies.

(v) The use of staff notice board
(vi) Private employment bureaus which charge fees for every employee supplied.
(vi) Universities, technical colleges, schools and other training centres can be used as a source of
recruitment. This avenue gives an opportunity to employ the best from bodies.

12.3 Recruitment Techniques

12.3.1 Appointment Consultants

The aims and objective of management development is to get the right man, with the right
equipment, in the right place at the right time. Many organizations tend to use consultants for the
following reason:
i) Assessment of candidate is impartial.
ii) Cost implication, the cost is low
iii) Information about the candidates, the abilities and experience acquired will be known

12.3.2 Use of Selection

This is a method of recruiting workers whereby a panel is set up in an organization to carry out
the exercise. When the shortlist of candidates for interview is drawn up. A time table should be
prepared allocating specific periods for each interview so that there is sufficient time to interview
each person properly. The objectives of interview are:

(i) to assess personality of applicants.

(ii) to obtain further details of certain matters
(iii) to agree on terms of employment
(iv) to provide candidates with more information about the job.

80
12.4 Procedure for Recruiting and Selection of Staffs

(a) A staff requisition form is required to be completed by the department where the vacancy
arises, noting full details of the vacancy, job title and date of commencement. This form can
then be given to personnel department for advertisement.
(b) Advertisement is placed using any of the method discussed above.
(c) Shortlist drawn up and interview arranged.
(d) References can be taken up before the interviews and are used to determine the final selection
of the interviews.
(e) Interviewing of the candidates. This may be structured using standard procedures and
techniques or unstructured.
(f) Test for specific skill often come up during interview. Professional qualifications claimed
should be checked.
(g) Medical examination is also necessary to determine those that are fit or otherwise for the job.
(h) Unsuccessful candidates are informed of the decision.
(i) Successful candidates are informed and company records updated.

12.5 Performance Evaluation

During all phases of the production of a real - time system, it is necessary to be able to measure
the performance of those parts of the system already constructed or to be built, this will enable
the designer to know how to gauge whether the system is going to meet the performance
requirements or in some point during the system development, a decision must be made as to
what computing hardware will be used in the final system being constructed. Once the system is
constructed, it is possible to obtain an accurate measure of system performance. From this, it is
possible that the system will meet its requirement and to highlight any areas needing further
optimization.

12.5.1 Hardware Assessment Models

Hardware performance is usually modeled as a set of parameters like clock cycle rates,
instruction execution times, store access time, bus speed and direct memory access speeds. The
magnitude of these parameters will have a fundamental effect on the ultimate performance of the
system. Great care must be taken when using any given parameters to compare the efficiency of
two different pieces of hardware. The parameters cannot be taken in isolation; they must be
viewed in light of the overall system behaviour. Other techniques that can be used to model
system hardware include the following:

(1) Instruction Mixes: These are mathematical models (models of programs) formed by
calculating a figure of merit and this model are expected in running system. This figure is
determined by adding together the execution times of each instruction weighted by the
relative frequency with which the particular instruction is expected to appear in the systems
software.

81
(2) Synthetic Program: This involves an act of writing a program to emulate the behavior
expected of typical programs in the final system rather than making assumptions as to the
expected instruction mix. This is called a synthetic program. The program simply exercises
the hardware in a way thought to be typical of the future system software. Again, a figure of
merit is calculated by summing the instruction execution times.

(3) Benchmark: A benchmark is a complete program, written to be representative of class of a

program in a complete system. This program forms part of the system. It runs on the
hardware and the performance is measured, hence the method provides a more realistic
workload. The method is limited to existing system; the hardware must be available and the
program written.

12.6 Monitoring Techniques

Modeling techniques are used during preliminary stages of system design and development,
when the system and its facilities are not yet in operation. However, once the system reaches the
construction stage, performance information can be obtained by observing the actual system.
This can be done in two ways;

(i) By monitoring the hardware.

(ii) By monitoring the software.

(i) Hardware Monitors

These consist of hardware devices designed for data performance with an analysis program
which summarizes the data collected. Hardware monitors have great advantages of being totally
independent of the system under examination. The monitor can be used to measure clock cycles,
values in any part of the hardware as well as event occurring simultaneously in different part of
the system.

Limitation
The monitor can only provide information as to data bus and address bus values, register values,
etc., but cannot translate information derived from a hardware monitor into meaningful
behaviour system data.

(ii) Software Monitors

A software monitor is program whose job is to collect and store data concerning the state of the
system pre- determined times. The major advantage of software monitor is that it can be given
knowledge of the variable names, process and other logical items in the system. It can monitor
the system as it is seen by designer.

Limitation
Software monitors have inherent disadvantages. Running a software performance monitor can be
disturbed and may even bias the behaviour of the system under observation. This is especially

82
true in a real- time environment where the timing of process activity is so important. Software
monitors can be standing or embedded.

12.6.1 Properties of Performance Monitor

(a) At the prime requirements, the monitor must be able to extract the necessary performance
characteristics from the system it is measuring, that is, the monitor should access information
associated with the status of the various system entities. Again, it implies that the sampling
rate is sufficiently rapid to recognize every occurrence of all significant events and that some
timing effect is not making any event.

(b) The monitor must not cause minimum interference to the system being measured. That is, the
monitor must use the minimum of processing time and take up a small area of memory as
possible.

(c) The monitor must be convenient to use. It must be easily incorporated in the system; the user
must be able to adjust the fineness of observation and the events when triggering the
measurements. Most importantly, the output must be meaningful.

12.7 Performance Evaluation

Computer Performance Evaluation is the measurement and evaluation of the performance of a

computer system, aimed at ensuring that a minimum amount of effort, expense, and waste is
incurred in the production of data-processing services, and encompassing such tools as canned
programs, source program optimizers, software monitors, hardware monitors, simulation, and
bench-mark problems.

The Performance Evaluation steps/tasks are:

(i) Computer Center must announce the service level policies on:
• Operating Labor
• Uptime
• Time to repair
• Response time

(ii) The objectives of the performance evaluation are to collect data about the usage and
performance

(iii) Evaluate whether the performance is acceptable. If not, find out the problems and change the
configurations, change the system software, recognize the disks, etc.

(iv) Prepare reports to the top management

A System programmer is usually in charge of these tasks. The System Programmer must:

83
(i) Have some ideas about performance: start the job with the least turnaround time first
(ii) Know all system functions very well
(iii) Develop system operations model
(iv) Compare performance data with the model
(v) Stimulate the new operations model
(vi) Change the physical model
(vii) Recollect, re-compare, and readjust again

12.7.1 Tools for Collecting Data about Usage

(i) Most companies have software to collect all system data

(ii) IBM has its Software Management Facilities (SMF), which collect data about all usage on
various devices
(iii) Microsoft also has software to collect data about usage

12.7.2 Performance Improvement Alternatives

The alternative to a faulty computer system is to

(i) buy new CPU and
(i) reconfigure programs
It is cheaper to do so, and in some cases, it may solve all problems by just doing so

Summary

In this unit you have learnt that recruitment is a way of hiring people and their skills in particular
field or industry. The main sources of recruitment are advertisement, employment service
agency, employee recommendation, professional Organizations, the use of staff notice board,
private employment bureaus and universities, technical colleges, schools and other training
centres.

You have also learnt that hardware performance is usually modeled as a set of parameters like
clock cycle rates, instruction execution times, store access time, bus speed and direct memory
access speeds. Other techniques that can be used to model system hardware including the
following: instruction mixes, synthetic program and bench mark. Performance information can
be obtained by observing the actual system and this can be done in two ways; by monitoring the
hardware and by monitoring the software.

Now answer the following questions.

Self-Assessment Questions

1. What are
(a) the techniques used to model system performance?
(b) the monitoring techniques for obtaining performance information?
(c) the limitations experienced when observing the system?

84
 2. What is performance evaluation? State all the tasks involved in performance evaluation

Study Session 13: Contingency Planning in Computer

Centres

Expected Duration: 1 week or 2 contact hours

Introduction
Contingency planning involves the preparation of procedures that will facilitate a timely
recovery from events that disrupt data processing and recovery action procedures. These issues
are addressed in this Session.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following:

13.1 Alternative Data and Information Backup

13.2 Description of the Alternatives

13.1 Alternative Data and Information Backup

Planning an alternative processing strategy requires an understanding and identification of

critical processing requirements. This session specifies requirement categories that planner may
use as a guide for defining site-specific requirements. The requirements will serve as criteria for
selecting the most suitable alternative processing support.

Selection of any alternative depends upon the severity and longevity of a harmful effect. No
matter what circumstances arise, it is prudent to develop backup procedures and to select
alternative processing support in advance. A well-documented, thoroughly tested and workable
strategy will help reduce long delays and hasten a rapid return to normal operations.

Depending on the size of an organization, a workable capability can affect successful recovery
from disaster. Senior management must take responsibility for planning, funding,
implementation, testing and certification of an alternate processing strategy. He should also
recognize the importance of a workable, cost effective alternate processing strategy.

A summary of the action necessary to develop a successful backup processing strategy is as

follows:

85
i) Conduct risk analysis, that is, the process of identifying, either quantitatively or
qualitatively, the impact of potential threats to an organization’s operating computer
facilities.

ii) Identify critical applications. These are those without which the organization could not
function. Prior identification of applications which support major business functions will
help reduce delays and hasten the prompt start of critical processing. These critical
applications and software should be sufficiently protected against loss.

iii) Rank critical applications based on their importance to the mission of the organization.
This hasten implementation with fewer delays and loses that can result in interrupt data
processing may be significantly reduced.

iv) Define critical time delays that can be tolerated without degrading the mission.

v) Store critical data, programs and documentation off –site.

vi) Ensure the backup site can provide sufficient computer resources to handle the critical
work load

vii) Ensure the site being considered will be available within sufficient time to meet
processing schedules.

viii) Ensure the backup site can provide a compatible hardware configuration.

ix) Ensure the operation system software at the alternate facility is compatible.

x) Ensure the alternate site can provide enough space to accommodate essential staff.

xi) Ensure the adequacy of the environmental systems at the alternate facility.

xii) Determine telecommunications requirement, ensuring minimal communications support

can be provided by the alternate facility.

xiii) Evaluate the location of the backup facility, planning resolutions for possible problems
that can occur when using a remote facility.

xiv) Develop a comprehensive test plan, ensuring the backup facility will allow adequate time
for testing.

xv) Ensure that security controls at the alternate facility provide a sufficient level of protection
for data and equipment.

xvi) Understand all pricing agreements, allocating funds for backup supporting advance of an
emergency.

86
xvii) Ensure that all agreements are well documented.

13.2 Description of the Alternatives

The preceding section discussed the requirements and criteria for evaluating alternate processing
methods. This section describes the alternatives and discusses the criterion that is significant for
each alternative.
All this backup alternatives help to recover from disaster and prevent the occurrence of such. The
alternatives described in this section include:
(i) Passive Approach Method
The company orders new equipment: hardware, software and prepare for the physical facilities
set up. On delivery, the equipment will be used to establish another centre.
(ii) Application Backup
The Company goes into agreement with a vendor who will supply the detail computing facilities
to establish another one.
(iii) Service Bureaus
Service bureaus provides contingency for a fee that are primarily used for production processing.
In a time-shared environment, supported by batch and interactive programming systems.
Transmission of work to the service bureaus is by means of telecommunications. A contract is
generally negotiated which requires subscribers to pay a monthly membership fee for a
predetermined period of time.
Advantages
1. It provides immediate access.
2. The service is moderately priced.

Disadvantages
1. It provides a short time access.
2. Limited security is provided for the equipment.
3. Support given to these service bureaus may change with normal business.

(iv) Time Brokers

These serve as a resource for obtaining backup support. Time brokers fine, for a fee, available
processing time on other systems. Processing arrangements are made entirely through this third
party service. Advantages and disadvantages are same as that of the service bureaus.

(v) Dedicated Contingency Centres (Or Hot Sites)

These are fully equipped computer centres which include one or more computer and standard
peripheral equipment. These centres are equipped with that of a large number of subscribing

87
organizations. Subscribers are expected to notify the contingency centre through Telephone or
Writing.
Services are provided to the subscribers based on the order in which the notifications are
received. The centres provide compatible hardware and software configurations and additional
peripheral equipment are provided at an added cost.
Advantages
1. The centres are operationally ready for the immediate occupancy.
2. The centres are environmentally controlled.
3. Some communications capabilities are provided.

Disadvantage: The contingency centres are difficult to maintain.

(vi) Membership in Share Contingency Facilities
Shared contingency facilities are essentially the same as dedicated contingency centres. The
differences is in the fact that membership is typically formed by a group of similar organizations
which used or could use identical hardware. Limited members are involved and as a result of
this, the use of facility is reduced. Again shared costs by members reduce budget impact on each
organization.
(vii) Empty Shells
These are large unfurnished space which can be leased to house computers and
telecommunications equipment. Clients must provide hardware, prepare the shell for processing
and test the air condition, power and other facilities provided for effective use.
Note: Users are required to restore the site to its original state before leaving.
Advantages
1. The shell provides immediate occupancy as soon as an organization experiences disaster.
2. The shell also provides a long – term occupancy.

Disadvantages
1. The shell requires delivery and installation of equipment.
2. It also requires a great time frame before becoming operational.

(viii) Reciprocal Agreement

Reciprocal agreements are formally written, signed document between two or more facilities.
Each as agreed to allow other use of its computer resources during an emergency. A reciprocal
agreement requires that both organizations recognized that during an emergency both will
operate in a reduced mode if resources are shared simultaneously.
Advantages
1. It provides some processing support

88
 2. It is less expensive

Disadvantages
1. Agreements are unenforceable
2. The method promotes feeling of false security

(ix) Separate Locations under the same Management

The method consists of two or more data processing installations which are managed by the
same organization but are geographically located far enough so that they are not likely to be
physically affected by the same disaster. The hardware must be sufficient at each location to
support the critical work load.
Advantages
1. It provide immediate backup
2. The approach proves effective provided such firm has means of establishing this centre.

(x) Fortress Concept with Full Redundancy

Here all resources are put in one location. There is complete duplication of all hardware,
software and environmental systems. This method is viable in areas where there is no danger
from floods, tornados, hurricanes, earth faults and like conditions. Heavy security needs to be put
in place.
Advantages
1. Redundant hardware and environmental control under one roof.
2. If the centre is secured, it provides a viable option.

Disadvantages
1. It is very expensive
2. The centre is subject to total outage.

(xi) Reversion to Manual Processing

This approach reverts back to a manual operation: It may be workable choice if manual
procedures that duplicate the automated processes are documented otherwise the method may be
impractical to rewrite them. This approach can be used with another alternative. Although the
completion of work is slow.
(xii) Uses of Microcomputers
This approach to backup processing, integrates operations that can be supported by
microcomputers or intelligent terminals. Integration of microcomputers into the organization

89
may ensure less dependence on the central host for computing power because of the jobs that can
be done using microcomputers.
Advantages
1. There is less depending upon host.
2. The approach will allow processing of selected application.

Disadvantages
1. Database Inconsistence
(xiii) Portable Sites
Trailers can be equipped with minimal hardware and environmental control and brought to a
designated location for backup processing. It provides some processing support and may be
necessary to limit the hardware configuration.
(xiv) Empty Building
These are warehouses or other buildings which can be wired, equipped, furnished and
environmentally prepared.
Advantages
1. It can be converted into data facility and later used for overload operations.
2. It can provide office space when it is not available at the alternate facility.

Disadvantages
1. The building must be environmentally controlled.
2. It requires installation and delivery of hardware.
3. Greater time frame becomes operational.

(xv) Insurance
Insurance is neither a method nor a substitute for developing an alternate processing strategy. It
is a method for obtain financial reimbursement for the loss of hardware and the physical facility
but it make no allowances for the information contained on tapes and discs.

Summary
This Session explains the action necessary for developing a successful backup processing
strategy and also describes the alternatives and the criterion that is significant for each
alternative.
Now answer the following questions.
Self-Assessment Questions

90
An effective system requires a steady backup processing alternatives and good plan. For the
security and cost effectiveness of the laboratory under care, briefly discuss the followings:
(a) Contingency planning
(b) Five actions that are necessary to develop a successful backup processing strategy
(c) Backup alternative considered the best for the laboratory and why?

91
Study Session 14: Equipment Selection in Computer Centres

Expected Duration: 1 week or 2 contact hours

Introduction
Equipment selection involves the selection of a set of equipment to be used in production based
on technical and economic criteria. It involves the types and quantity of equipment required to
perform a variety of operation. Equipment selection should be undertaken by the data processing
committee upon the completion of the basic systems design. Recommendations are made by this
committee; this is usually presented in a report called Feasibility Report.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following:

14.1 Approaches to Equipment Selection

14.2 Steps involve in Equipment Selection

14.1 Approaches to Equipment Selection

There are two basic methods of selecting equipment but only one is recommended. These are:
1. Recommended Approach: The recommended approach to the equipment selection is
submitting detailed systems information to each equipment manufacturer.

2. Alternative Approach: An alternative approach to equipment selection is having each

equipment manufacturer conduct a length systems review on the firm’s premises. The
approach is not recommended because it disregards the data compiled by the feasibility
study to date and requests that the equipment manufacturers start from scratch. This
approach consumes a lot of time and a huge amount of money must have been expanded
before carrying out the exercise.

14.2 Steps involve in Equipment Selection

Basically, there are four steps to be taken when selecting equipment for an organization.
1. Determine Equipment Manufacturers

An equipment manufacture is determined on the basis of his interest in receiving a bid

invitation. Each manufacture should indicate in writing whether he wishes to receive a
bid invitation. There is no need to prepare a packet of specifications, flowchart, decision
table, and comparable material if the manufacturer has no interest in bidding on the
newly designed system.

92
2. Submit an invitation to manufacturers

Having shown interest in receiving invitation the company submits bid invitation to the
interested equipment supplies. In this case, the same set of data is sent to all competing
manufacturers. Data submitted to these manufacturers must be complete and self-
explanatory. Bid invitations submitted to equipment manufacturers include:

(i) list of new system Specification

This is taken directly from the system analysis and system design phases. The contents of
the bid invitation include these areas:

(a) Company’s general information such as:

 Description of the company and its activities
 Overview of the present data processing equipment and applications.
 Unusual data processing exceptions and problems.
 Other important general information.

(b) Future data processing plan idle.

 Target data of information of new system
 Equipment decision date by the company.
 Deadline date for submitting proposal.
 Criteria to employ in analyzing and comparing manufacturers proposal.
 Listing of areas covers by the new system.

(c) List of new system specifications

 Planned inputs.
 Methods and procedure for handling data.
 Output needs
 Other requirement and considerations.
 New system flowchart
 Data to be forwarded by each manufacturer including the proposal.

(ii) Design of New System

The use of flowchart and decision tables accompanying each bid invitation is necessary.
They depict the new system design for each functional areas as well as interrelationships
among new systems.

93
 (iii) Conferences with Manufacturers

During the conference, legitimate questions will be raised by the various firms.
Many of questions centre on those areas which may have need of modification

3. Evaluate Manufacturer’s Proposal

After submission of the proposal by each manufacturer, the next step is oral presentation.
Which will hit the important point of the proposal and the representatives then compel to
answer questions? After the completion by all manufacturers, the data processing committee
then evaluates the information contained in the various proposals. There are many criteria
that can be developed for evaluating manufacturer’s proposal. Among these are : extent of
automation proposed, evaluating of throughput performance (though analysis of the
equipment time required to process the data ), type of equipment, method for acquiring
equipment, delivery of equipment, installation requirements, manufacturer’s assistance,
programming assistance contracts, compliance with terms of bid invitation among others

4. Select Equipment Manufacturer(s)

This is a difficult task for the data processing committee. The selection process is much
easier if the equipment proposed is identical for all practical purpose. The choice is that this
situation is based on lowest cost equipment. In most cases, this approach is not generally
used since most manufacturers have certain equipment features that differ from their
competitors. Hence various methods have been developed for evaluating and selecting
equipment.

(a) Decision Table for Evaluation Process

A decision table for a final evaluation not only defines the important criteria in compact
notation, but also permits an objective evaluation, since the value has been determined
before the acceptance of the manufacturers. At the end of the exercise, a table is then
prepare where high scores are allocated for those manufacturers that perform well, the
highest manufacturer is selected. The method is realistic and precise approach in making
this final decision for a real-time management information system.

(b) Weighting Method for Evaluation Process

This consists of assigning different weighting factors to each criterion. Each

manufacturer is given a score for each for weighting factor. In most cases, the score is
lower than the absolute value of the weighting factor. The values of all criteria are totaled
which represent the total point for each manufacturer. As with decision table, the
competitor with the highest score is selected.

94
(c) Performance Method for Evaluation Process

This involves evaluation of equipment superiority and performance. All aspect of the
machines performance must be included including those with various hardware speeds,
reliability of the equipment, efficient software and similar considerations. Having looked
through various methods the next step is to select best approach for evaluating process.
The purpose of spending so much time, effort and expense on the feasibility study is to
obtain the best data processing equipment for the firm. Having selected a manufacturer,
the contract is signed by a top-level executive, who has been the guiding force for both
committees (executive and data processing). This brings the feasibility study to a formal
close.

(d) Cost Performance for Equipment Selection.

Many financing plans are available to the firm when acquiring data processing
equipment. These include rental, outright purchase, option to buy and third party leasing
(lease back arrangements).

(i) Rental Contracts: is the most common method of acquiring equipment which
state the specific monthly rate and the number of hours for operating on one, two
or three shift basis with rate adjustment for excessive down-time. Down-time is
the time when the system is not working. The terms of the contract including
renewal, cancellation and manufacturer’s policy or even rental are subject to
careful evaluation by the data processing team. The policy of over time rental can
be a significant factor in the cost of the computer.

(ii) Purchase: The decision to purchase must take into account two important factors:
 Obsolescence
 Availability of capital funds.

By obsolescence, we mean a situation where equipment becomes outdated. Most

firms that purchase equipment do so just after a new generation of computers
have been announced. Once another generation is announced, the problem of
disposal can be significant since the firm will get a better trade on a new system
with current manufacturer versus another one. This may prevent the study group
from selecting the best equipment for the proposed system because of the
financial factors involved.

The decision to purchase or lease is resolved sometimes by the number of shifts.

An evaluation of two or three shift operation gives a much higher return on
investment resulting in a buy decision.

95
Summary
In this Session, you learnt that:
(i) Equipment selection involves the selection of a set of equipment to be used in
production based on technical and economic criteria.
(ii) The two basic methods of selecting equipment are recommended approach and
alternative approach.
(iii) The four steps involve in equipment’s selection for an organization are: determine
equipment manufacturers, submit bid invitation to manufacturers, evaluate
manufacturers proposal and select equipment manufacturer(s)

Now answer the following questions

Self-Assessment Questions
1. State the two basic approaches used in selecting computer equipment.
2. Describe the steps involved in equipment selection.

96
Study Session 15: Project Management in Computer Centres
Expected Duration: 1 week or 2 contact hours
Introduction
Project management in some form has existed for thousands of years, and it was likely used in
the construction of the wonders of the ancient world. Modern project management, including the
use of the engineering and management disciplines, started around the turn of the 20th century.
Around that time, managers of such projects faced pressure from proponents of scientific
management to organize in a centralized way and control not just what was done but the details
of how and when it was done (Yates, 2000). Project management techniques have been the
modern way for Information Technology (IT) project developments. In this Session, you shall be
introduced to Project Management techniques.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following:

15.1 Meaning and Attributes of a Project

15.2 Project Management’s Activities
15.3 The Success of a Project
15.3.1 Factors that Enhance the Success of Information Technology (IT) Project
15.4 The Role of the IT Project Manager
15.4.1 Ten Most Important Skills and Competencies for Project Managers
15.5 The Importance of Top Management Commitment
15.6 Phases of Project Development
15.7 Project Planning Processes
15.8 Project Execution
15.9 Project Monitoring and Controlling
15.10 Project Milestones

15.1 Meaning and Attributes of a Project

A project is “a temporary endeavor undertaken to create a unique product, service, or result.”
Operations, on the other hand, is work done in organizations to sustain the business. Projects are
different from operations in that they end when their objectives have been reached or the project
has been terminated. The following are the attributes of a project:
(i) A project has a unique purpose. Every project should have a well-defined objective.
(ii) A project is temporary. A project has a definite beginning and end.
(iii) A project is developed using progressive elaboration. Projects are often defined
broadly when they begin, and as time passes, the specific details of the project
become clearer. Therefore, projects should be developed in increments. A project
team should develop initial plans and then update them with more detail based on
new information.

97
 (iv) A project requires resources, often from various areas. Resources include people,
hardware, software, and other assets. Many projects cross departmental or other
boundaries to achieve their unique purposes. To meet new project objectives, people
from other companies—product suppliers and consulting companies—may be added.
Resources, however, are limited and must be used effectively to meet project and
other corporate goals.
(v) A project should have a primary customer or sponsor. Most projects have many
interested parties or stakeholders, but someone must take the primary role of
sponsorship. The project sponsor usually provides the direction and funding for the
project.
(vi) A project involves uncertainty. Because every project is unique, it is sometimes
difficult to define its objectives clearly, estimate how long it will take to complete, or
determine how much it will cost. External factors also cause uncertainty, such as a
supplier going out of business or a project team member needing unplanned time off.
This uncertainty is one of the main reasons project management is so challenging,
especially on projects involving new technologies.

An effective project manager is crucial to a project’s success. Project managers work with
the project sponsors, the project team, and the other people involved to meet project goals.

15.2 Project Management’s Activities

Project management is the tools, techniques, and processes for defining, planning, organizing,
controlling, and leading a project as it completes its tasks and delivers the results. It is “the
application of knowledge, skills, tools, and techniques to the project activities in order to meet or
exceed stakeholder needs and expectations from a project”. It involves the planning,
organization, monitoring, and control of all aspects of a project and also the management,
leadership, and motivation of all involved parties to achieve the project objectives within agreed
time, cost, quality, safety, and performance criteria.

Project management is also defined as “the application of knowledge, skills, tools, and
techniques to project activities to meet project requirements.” Project managers must strive not
only to meet specific scope, time, cost, and quality goals of projects, they must also facilitate the
entire process to meet the needs and expectations of people involved in project activities or
affected by them.
The following are the various activities involved in project management:
1. Project scope management involves defining and managing all the work required to
complete the project successfully.
2. Project time management includes estimating how long it will take to complete the work,
developing an acceptable project schedule, and ensuring timely completion of the project.
3. Project cost management consists of preparing and managing the budget for the project.
4. Project quality management ensures that the project will satisfy the stated or implied needs
for which it was undertaken.

98
5. Project human resource management is concerned with making effective use of the people
involved with the project.
6. Project communications management involves generating, collecting, disseminating, and
storing project information.
7. Project risk management includes identifying, analyzing, and responding to risks related to
the project.
8. Project procurement management involves acquiring or procuring goods and services for a
project from outside the performing organization.
9. Project stakeholder management includes identifying and analyzing stakeholder needs while
managing and controlling their engagement throughout the life of the project.
10. Project integration management is an overarching function that affects and is affected by
all of the other knowledge areas.
Project managers must have knowledge and skills in all 10 of these areas. Project management
tools and techniques assist project managers and their teams in carrying out work in all the 10
knowledge areas of project management highlighted above. For example, some popular time-
management tools and techniques include Gantt charts, project network diagrams, and critical
path analysis.
15.3 The Success of a Project
A software project is successful when:
1. The project met scope, time, and cost goals
2. The project satisfied the customer/sponsor.
3. The results of the project met its main objective, such as making or saving a certain
amount of money, providing a good return on investment, or simply making the sponsors
happy.

15.3.1 Factors that Enhance the Success of Information Technology (IT) Project
Why do some IT projects succeed and others fail? According to the Standish Group, “CHAOS
Activity News” (August 2011), the following factors enhance the success of IT projects.
1. User involvement
2. Executive support
3. Clear business objectives
4. Emotional maturity
5. Optimizing scope
6. Agile process
7. Project management expertise
8. Skilled resources
9. Execution
10. Tools and infrastructure

99
A 2011 U.S. government report listed the top three reasons why federal technology projects
succeed:
1. Adequate funding
2. Staff expertise
3. Engagement from all stakeholders

15.4 The Role of the IT Project Manager

The job description for a project manager can vary by industry and by organization, but most
project managers perform similar tasks regardless of these differences. In fact, project
management is a skill needed in every major IT field, from database administrator to network
specialist to technical writer.
Among the roles of an IT project Manager are:
Business analysis, requirements gathering, project planning, budget estimating, development,
testing, and implementation. The IT Project Manager is responsible for working with various
resource providers to ensure development is completed in a timely, high-quality, and cost-
effective manner.
15.4.1 Ten Most Important Skills and Competencies for Project Managers
Jennifer (2006) gave 10 important skills a project manager must have in order to function well.
1. People skills
2. Leadership
3. Listening
4. Integrity, ethical behavior, consistency
5. Strength at building trust
6. Verbal communication
7. Strength at building teams
8. Conflict resolution, conflict management
9. Critical thinking, problem solving
10. Understanding and balancing of priorities

15.5 The Importance of Top Management Commitment

People in top management positions, of course, are key stakeholders in projects. A very
important factor in helping project managers successfully lead projects is the level of
commitment and support they receive from top management. Without this commitment, many
projects will fail. Some projects have a senior manager called a champion who acts as a key
proponent for a project. The sponsor can serve as the champion, but often another manager can
more successfully take on this role. As described earlier, projects are part of the larger
organizational environment, and many factors that might affect a project are out of the project

100
manager’s control. Several studies cite executive support as one of the key factors associated
with virtually all project success.

Top management commitment is crucial to project managers for the following reasons:
1. Project managers need adequate resources. The best way to kill a project is to withhold
the required money, human resources, and visibility. If project managers have top
management commitment, they will also have adequate resources and not be distracted
by events that do not affect their specific projects.

2. Project managers often require approval for unique project needs in a timely manner. For
example, on large IT projects, top management must understand that unexpected
problems may result from the nature of the products being developed and the specific
skills of people on the project team. The team might need additional hardware and
software halfway through the project for proper testing, or the project manager might
need to offer special pay and benefits to attract and retain key project personnel. With top
management commitment, project managers can meet these needs.

3. Project managers must have cooperation from people in other parts of the organization.
Because most IT projects cut across functional areas, top management must help project
managers deal with the political issues that often arise. If certain functional managers are
not responding to project managers’ requests for necessary information, top management
must step in to encourage the functional managers to cooperate.

4. Project managers often need someone to mentor and coach them on leadership issues.
Many IT project managers come from technical positions and are inexperienced as
managers. Senior managers should take the time to give advice on how to be good
leaders. They should encourage new project managers to take classes to develop
leadership skills and allocate the time and funds for managers to do so.

15.6 Phases of Project Development

A project life cycle is a collection of project phases. Project life cycles define what work will be
performed in each phase, what deliverables will be produced and when, who is involved in each
phase, and how management will control and approve work produced in each phase. A
deliverable is a product or service, such as a technical report, a training session, a piece of
hardware, or a segment of software code, produced or provided as part of a project.

The first two traditional project phases (concept and development) focus on planning, and are
often referred to as project feasibility. The last two phases (implementation and close-out) focus
on delivering the actual work, and are often referred to as project acquisition. A project should
successfully complete each phase before moving on to the next. This project life cycle approach
provides better management control and appropriate links to the ongoing operations of the
organization.

101
In the concept phase of a project, managers usually develop some type of business case, which
describes the need for the project and basic underlying concepts. A preliminary or rough cost
estimate is developed in this first phase, and an overview of the required work is created. A work
breakdown structure (WBS) outlines project work by decomposing the work activities into
different levels of tasks. The WBS is a deliverable oriented document that defines the total scope
of the project. At the end of the concept phase, the committee would be able to deliver a report
and presentation on its findings. The report and presentation would be examples of deliverables.

In the development phase, the project team creates more detailed project management plans, a
more accurate cost estimate, and a more thorough WBS.

The third phase of the traditional project life cycle is implementation. In this phase, the project
team creates a definitive or very accurate cost estimate, delivers the required work, and provides
performance reports to stakeholders.

The last phase of the traditional project life cycle is the close-out phase. In it, all of the work is
completed, and customers should accept the entire project. The project team should document its
experiences on the project in a lessons-learned report.

A project should successfully pass through each of the main project or product phases before
continuing to the next. Because the organization usually commits more money as a project
continues, a management review should occur after each phase to evaluate progress, potential
success, and continued compatibility with organizational goals. These management reviews,
called phase exits or kill points, are very important for keeping projects on track and determining
if they should be continued, redirected, or terminated.

Project management-related deliverables are business case, charter, team contract, scope
statement, WBS, schedule, cost baseline, progress reports, final project presentation, final project
report, lessons-learned report, and any other documents required to manage the project.

15.7 Project Planning Processes

The table below summarizes the project planning processes.
Project management Planning Process Outputs
Knowledge area
1. Project Develop project management Project management plan
Integration plan
Management
2. Project Scope 1. Plan scope management 1. Scope management plan
Management 2. Requirements management plan

2. Collect requirements 1. Requirements documentation

2. Requirements traceability
matrix
3. Define scope
1. Project scope statement

102
 2. Project documents updates
4. Create WBS
1. Scope baseline
2. Project documents updates
3. Project Time 1. Plan schedule Schedule management plan
Management management
1. Activity list
2. Define activities 2. Activity attributes
3. Milestone list
4. Project management plan
updates

3. Sequence activities 1. Project schedule network

diagrams
2. Project documents updates
4. Estimate activity
resources 1. Activity resource requirements
2. Resource breakdown structure
3. Project documents updates

5. Estimate activity 1. Activity duration estimates

durations 2. Project documents updates

1. Schedule baseline Project

6. Develop schedule schedule
2. Schedule data Project calendars
3. Project management plan
updates
4. Project documents updates

4. Project Cost 1. Plan cost management Cost management plan

Management
2. Estimate costs 1. Activity cost estimates
2. Basis of estimates
3. Project documents updates

3. Determine budget 1. Cost baseline

2. Project funding requirements
3. Project documents updates
5. Project Quality Plan quality management 1. Quality management plan
Management 2. Process improvement plan
3. Quality metrics
4. Quality checklists
5. Project documents updates
6. Project Human Plan human resource Human resource plan
Resource management

103
 Management
7. Project Plan communications 1. Communications management
Communications management plan
Management 2. Project documents updates
3. Project Risk 1. Plan risk management 1. Risk management plan
Management 2. Identify risks 2. Risk register
3. Perform qualitative risk 3. Project documents updates
analysis 4. Project management plan
4. Perform quantitative risk updates
analysis 5. Project documents updates
5. Plan risk responses
4. Project Plan procurement management 1. Procurement management plan
Procurement 2. Procurement statement of work
Management 3. Procurement documents
4. Source selection criteria
5. Make-or-buy decisions
6. Change requests
5. Project Plan stakeholder management 1. Stakeholder management plan
Stakeholder 2. Project documents updates
Management
Source: PMBOK® Guide, Fifth Edition, 2012.
15.8 Project Execution
Executing the project involves taking the actions necessary to ensure that activities in the project
plan are completed. It also includes work required to introduce any new hardware, software, and
procedures into normal operations. The products of the project are created during project
execution, and it usually takes the most resources to accomplish this process. The next table
summarizes the project execution activities for each of the Project Management activities.
Project management Executing Process Outputs
Knowledge area
1. Project Integration Direct and manage project work 1. Deliverables
Management 2. Work performance data
3. Change requests
4. Project management plan
updates
5. Project documents updates
2. Project Scope - -
Management
3. Project Time - -
Management
4. Project Cost - -
Management
5. Project Quality Perform quality assurance 1. Change requests
Management 2. Project management plan
updates

104
 3. Project documents updates
4. Organizational process assets
updates
5. Project Human 1. Acquire project team 1. Project staff assignments
Resource 2. Resource calendars
Management 3. Project management plan
updates

2. Develop project team 1. Team performance

assessments
2. Enterprise environmental
factor updates
3. Manage project team
1. Change requests
2. Project management plan
updates
3. Project documents updates
4. Enterprise environmental
factors updates
5. Organizational process assets
updates
6. Project Manage communications 1. Project communications
Communications 2. Project documents updates
Management 3. Project management plan
updates
4. Organizational process assets
updates
7. Project Risk - -
Management
8. Project Conduct procurements 1. Selected sellers
Procurement 2. Agreements
Management 3. Resource calendars
4. Change requests
5. Project management plan
updates
6. Project documents updates
9. Project Manage stakeholder engagement 1.Issue log
Stakeholder 2.Change requests
Management 3.Project management plan
updates
4.Project documents updates
5.Organizational process assets
updates
Source: PMBOK® Guide, Fifth Edition, 2012.
15.9 Project Monitoring and Controlling

105
Monitoring and controlling is the process of measuring progress toward project objectives,
monitoring deviation from the plan, and taking corrective action to match progress with the plan.
Monitoring and controlling is done throughout the life of a project. It also involves nine of the 10
project management knowledge areas. Table below lists the knowledge areas, monitoring and
controlling processes, and outputs, according to the PMBOK® Guide, Fifth Edition.
Project management Monitoring and Controlling Outputs
Knowledge area Process
1. Project Integration 1. Monitor and control 1. Change requests
Management project work 2. Work performance reports
3. Project management plan
updates
4. Project documents updates

2. Perform integrated 1. Approved change requests

change control 2. Change log
3. Project management plan
updates
4. Project documents updates
2. Project Scope 1. Validate scope 1. Accepted deliverables
Management 2. Change requests
3. Work performance
information
4. Project documents updates

2. Control scope 1. Work performance

information
2. Change requests
3. Project management plan
updates
4. Project documents updates
5. Organizational process
assets updates
3. Project Time Control schedule 1. Work performance
Management information
2. Schedule forecasts
3. Change requests
4. Project management plan
updates
5. Project documents updates
6. Organizational process
assets updates
4. Project Cost Control cost 1. Work performance
Management information
2. Cost forecasts
3. Change requests

106
 4. Project management plan
updates
5. Project documents updates
6. Organizational process
assets updates
5. Project Quality Control quality 1. Quality control
Management measurements
2. Validated changes
3. Validated deliverables
4. Work performance
information
5. Change requests
6. Project management plan
updates
7. Project documents updates
8. Organizational process
assets updates
6. Project Human
Resource - -
Management

7. Project Control communications 1. Work performance

Communications information
Management 2. Change requests
3. Project documents updates
4. Organizational process
assets updates
8. Project Risk Control risk 1. Work performance
Management information
2. Change requests
3. Project management plan
updates
4. Project documents updates
5. Organizational process
assets updates
9. Project Control procurements 1. Work performance
Procurement information
Management 2. Change requests
3. Project management plan
updates
4. Project documents updates
5. Organizational process

107
 assets updates
10. Project Control stakeholder engagement 1. Work performance
Stakeholder information
Management 2. Change requests
3. Project documents updates
4. Organizational process
assets updates
Source: PMBOK® Guide, Fifth Edition, 2012.

15.10 Project Milestones

A milestone on a project is a significant event that normally has no duration. It often takes
several activities and a lot of work to complete a milestone, but the milestone itself is like a
marker to help in identifying necessary activities. Milestones are also useful tools for setting
schedule goals and monitoring progress. For example, milestones on a project might include
completion and customer sign-off of documents, such as design documents and test plans;
completion of specific products, such as software modules or installation of new hardware; and
completion of important process-related work, such as project review meetings and tests. Not
every deliverable or output created for a project is really a milestone. Milestones are the most
important and visible events. For example, the term milestone is used in several contexts, such as
in child development. Parents and doctors check for milestones, such as a child first rolling over,
sitting, crawling, walking, and talking.

Milestones can be a particularly important part of schedules, especially for large projects. Many
people like to focus on meeting milestones, so you can create them to emphasize important
events or accomplishments on projects. Normally, you create milestones by entering tasks with
zero duration. In Microsoft Project, you can mark any task as a milestone by checking the
appropriate box in the Advanced tab of the Task Information dialog box. The duration of the task
will not change to zero, but the Gantt chart will show the milestone symbol to represent that task
based on its start date.

To make milestones meaningful, some people use the SMART criteria to help define them. The
SMART criteria are guidelines suggesting that milestones should be:

• Specific
• Measurable
• Assignable
• Realistic
• Time-framed

For example, distributing a marketing plan is specific, measurable, and assignable if everyone
knows what should be in the marketing plan, how it should be distributed, how many copies
should be distributed and to whom, and who is responsible for the actual delivery. Distributing
the marketing plan is realistic and able to be time-framed if it is an achievable event and
scheduled at an appropriate time.

108
The five key points of using project milestones include the following:
1. Define milestones early in the project and include them in the Gantt chart to provide a visual
guide.
2. Keep milestones small and frequent.
3. The set of milestones must be all-encompassing.
4. Each milestone must be binary, meaning it is either complete or incomplete.
5. Carefully monitor the critical path

Summary
In this Session, you have been introduced to the project management activities: planning and
implementation. Now answer the following questions
Self-Assessment Questions
1. What are project, project management and project milestones?
2. State the activities involved in software project planning.
3. Describe how project monitoring and controlling are carried out.

109
Study Session 16: Introduction to Project Selection
and Initiation
Expected Duration: 1 week or 2 contact hours

Introduction
Careful selection of which projects to initiate is vital to the success of an organization. Project
initiation represents a future commitment of both human and financial resources as well as of
management attention. If a choice is careless or inappropriate, then the consequences may be
severe and long lasting. In this Session, methods for the proper selection and initiation of
projects are discussed with regard to overall organizational goals and business justification.

Learning Outcome

When you have studied this session, you would have learnt methods for the proper selection and
initiation of projects with respect to:

16.1 Organizational Planning

16.2 Project Initiation
16.3 Project Proposals
16.4 Project Business Plan
16.5 Financial Evaluation and Selection Methods
16.6 Decision Trees

16.1 Organizational Planning

Organizational planning and the associated decision processes occur at several levels of the
company, including the operational level, the tactical level, and the strategic level. The
operational level is concerned with day-to-day activities in operating the business, including
running the ongoing projects. The management focus at this level is on efficiency, productivity,
and quality: managers make sure that things are done right. The tactical level is concerned with
short-term planning (i.e., annually). The management focus at this level is on effectiveness,
consistency, and accuracy; here, managers make sure the right things are being done. The
strategic level is concerned with long-term planning (i.e., 5 to 10 years), and the focus is on
competitiveness and the value of the organization’s service and/or products as perceived by the
customers and other stakeholders.

Most of this Session is focused on the operational level, which concerns the planning, execution,
and control of approved projects, thus addressing the question, “Are we doing our projects
right?” Project managers play the leading role in this level of management. For those types of
decisions, although project managers should be involved, business analysts and upper IT
management play the lead role.

110
16.2 Project Initiation

Projects are initiated from the recognition that:

(a) there is a problem (or a specific need) to be addressed, and

(b) that this problem can be addressed through a project to implement some solution.

Problem needs must be quantified (eventually, in terms of requirements for IT projects) for a
project to be formally initiated. The party that recognizes the problem, the party that articulates
the problem, the party that proposes the problem solution, and the party that performs the project
may be different parties, either individually or organizationally. Project proposals are developed
in the organization(s) in response to requests from managers (top down), from workers (bottom
up), and from customers or other stakeholders (external).

Proposals are generally reviewed by line management (which may request a detailed business
plan), and if approved result in a project charter, which is the official go-ahead document. Project
management (when selected and empowered) generally develops a scope statement, which
eventually leads to functional requirements (what the proposed system will do), interface
requirements, and technical requirements (how it will work).

Problem Emergence

Problem Recognition

Problem Articulation

Project Initiation

Proposed Solution

Phases of Project initiation

The problems and needs that are identified, and then articulated, are inherently fuzzy due to
several common circumstances:

 The entire problem is like an iceberg; only a portion of it can be seen

 Customers (end users or benefiting organizations) may be somewhat ignorant or unclear
about their true needs
 The needs change in time

In addition, the proposed solution (that is the subject of the project) may be identified
prematurely. An end user cannot usually relate the problem to the proposed solution in abstract
terms. Customers usually know what they do not want or need much better than they know what
they do want or need, or how to best articulate the same. Customers need to “see” the solution
(or a manifestation thereof) before they can verify an effective match between their problem and

111
the proposed solution. In addition, for large benefiting organizations, there may be multiple (and
possibly conflicting) views of the problem and alternative solutions thereof.

Effective project management involves a recognition of uncertainty in all the initial documents
and plans, and also involves methods and tools that adequately address these uncertainties.

In addition to initial uncertainty and uncertainty that develops as a project proceeds and takes on
tangible forms, the end users may see new possibilities, and they may pressure the performing
organization for changes and enhancements.

16.3 Project Proposals

Historically, IT projects have been justified on one or more of the three F’s: fear, faith, or facts.
The fear approach uses rational such as:

 Our competitors are already developing such a system!

 Upper management and shareholders will consider us behind the technology curve if we
do not do this!

The faith approach uses rational such as:

 Our competitors have done this and it is working for them!
 This type of system is part of our IT infrastructure, and we cannot quantitatively justify it
like we could an additional factory capital equipment item!

A facts-based project proposal would identify the specific benefits of such a project, the rough
costs for developing the project’s associated product, some information about the scope of the
project, project and product risks and uncertainties, and the key stakeholders that may be
involved. Benefits typically involve improving or solidifying an organization’s financial position
(additional revenue and/or reduced costs) through improvements to products and/or processes or
new products (or services). Sometimes the benefit is not of a direct financial nature but is due to
a compliance requirement of some external governing body. Finally, proposals should be
formalized, and structured forms containing the following information may be used.

112
 Project proposal (Dan Brandon, 2006)

16.4 Project Business Plan

After a proposal has been approved for further evaluation, a formal business plan should be
required that elaborates (via extended research and analysis) all of the items shown in the project
proposal above, including a feasibility analysis and reviewing of alternative methods (and even
alternative related project proposals). We say “should be required” because, in reality, many IT
projects are funded without a further detail analysis due to organization issues including egos,
power/politics, and who controls the purse strings.

With a more formal approach, IT projects would typically undergo feasibility analyses from at
least three perspectives: technical feasibility, operational feasibility, and economic feasibility—

113
in other words, Can we build it? Can we maintain it? and Can we make money on it? Economic
feasibility typically involves numerical financial techniques.

Other dimensions of feasibility may also need investigation for certain types of projects, such as
schedule feasibility for a time critical contracting situation, legal feasibility for projects involving
multiple companies and jurisdictions, and political feasibility when conflicting interests prevail
within an organization or within stakeholders, or where the “balance of power” may change in an
organization as a result of the project. The following is an example of the contents for a project
business plan:
Project Business Plan
Table of Contents
I. Opportunity
Background
Problem Description/Customer Needs
Market Window
Proposed Solution
Alternative Solutions
Consistency with Organizational Strategy
Critical Success Factors
II. Benefits
Description of Benefits
Mapping of Benefits to Problem Specifics
Quantification of Benefits
Measurement and Verification of Benefits
III. Resources (Schedule, Cost, People, other)
IV. Financial Analysis
Benefit Cost Ratio
Payback Period
Internal Rate of Return
V. Technical Feasibility
VI. Operational Feasibility
Operation
Maintenance
Total Cost of Ownership
VII. Economic Feasibility
VIII. Organization of Effort/Attention
Benefiting Organization
Performing Organization
Key Stakeholders
Project Organizational Framework
IX. Project Impacts
Performing Organization
Benefiting Organization
Other
X. Initial Risk Assessment
Internal
External
Risk of not Doing Project
XI. Security
XII. Other Issues
Organizational
Socio-Political
Legal, Ethical, Environmental, Health, Safety
Source: Project Business plan (Dan Brandon, 2006)

114
16.5 Financial Evaluation and Selection Methods

There are many numerical techniques used to evaluate the net benefit of a project. Most of these
are financial in nature and rely on future estimates of revenues and costs. The most elementary
technique is the simple cost-benefit analysis, which compares the cost to implement a project
versus the benefit to be realized. For example, if we build a software system at a cost of
N100,000 and it will save us N400,000 over the projected program’s useful system lifetime of 10
years, the benefit-to-cost ratio would be 4 to 1. A simple return on investment (ROI) calculation
can also be made as the ratio of the benefit minus cost over the cost; in this case 300%
(300,000/100,000). Payback periods can also be similarly determined. For this example the
payback period would be determined by dividing the cost (N100,000) by the annual benefit of
N40,000 (N400,000 divided by 10 years) for 2.5 years.

The aforementioned financial metrics do not consider the absolute size of the investment or the
benefit. Simple cost-benefit analysis is also problematic because it ignores the time value of
money. When interest rates are low and short projects are under consideration, this may not be a
serious shortcoming. However when interest rates are high (i.e., over 8%) and the projects under
consideration are long (over several years), then net present value (NPV) techniques should be
used. The formula for NPV (or discounted cash flow) is:

NPV = (B – C)t / (1 + i)t

Where (B – C)t is the benefit minus the cost for period t, and i is the interest rate (cost of
borrowing money or opportunity cost for other uses of cash). For NPV, benefit minus cost is
more formally revenue (cash in) minus expenditures (cash out).

Figure below is an example of a NPV calculation done in a spreadsheet program.

The cost column includes development and long-term total cost of ownership (TCO) values.
TCO includes the incremental ongoing cost of support, operations, and maintenance (above the
status quo). The column for discounted benefit minus cost is calculated from the application of
the above formula. Even though the total benefit minus the total cost is N305,000, the NPV is
only about N44,000 at an interest rate of 10%.

115
Another similar project financial evaluation technique is called the internal rate of return (IRR).
This metric is better than NPV because it is not as sensitive to the uncertainties of future benefits
and costs and to the future interest rates. The internal rate of return is the value of the interest rate
that yields a zero value for NPV; this is sometimes called the return on investment. This can be
calculated in spreadsheet programs by using built-in solver tools. Because, in reality, a quadratic
equation is being solved, multiple IRR values could be found. Thus one must impose additional
constraints on the solution (such as IRR is positive, or in a given range).

Figure below shows the spreadsheet calculation for IRR on the previous example; the IRR here
is about 13%.

Projects with the same net present value may have different internal rates of return. Consider the
two cases shown in the spreadsheet of Figure below. This is another reason that the IRR is a
better way to compare competing projects.

116
16.6 Decision Trees

The financial aforementioned evaluation methods rely on future estimates of revenues and costs.
As the uncertainty in these future estimates increases, the utility of these methods decreases.
Decision trees are another project selection technique that considers the impact of uncertainty in
the decision process. Decision trees are based on the Bayes (1763) rules of conditional
probability, and they are typically implemented in a graphical and/or spreadsheet model.

Suppose there is a set of events, one of which must happen. It is possible to compute the chance
that each will occur through the normal rules of probability. Now suppose that two or more of
these events could give rise to the same observation. What is the probability that the observation
came from a particular one of the events?

Bayes (1763) was so unsure of his rules that he did not publish them. His results were published
by a friend, Richard Price, in 1763. The same results were later verified by the famous French
mathematician Marquis de Pierre Simom LaPlace in 1774. His definition for conditional
probability was:

P(AB) = P(B)P(A|B),

where P is probability, A and B are events, and | means “conditional.” If A can occur if
B does or does not (B’ is not B):

P(AB’) = P(B’)P(A|B’).

Then, because A can occur either way:

P(A) = P(AB) + P(AB’)

P(A) = P(A|B)*P(B) + P(A|B’)*P(B’).

For example, there may be a severe winter. Let severe winter be event B, and the probability of
B is 0.7. Let event A be the selling of over X units of product. If the winter is severe, the
probability of selling more than X units of product is 0.8. If the winter is not severe, the
probability of selling more than X units of product is 0.5. What is the probability of selling more
than X units, that is what is P(A).

P(A) = P(A|B)*P(B) + P(A|B’)*P(B’)

Now P(A|B’) = 1 – P(A|B)

And P(B’) = 1 – P(B)

P(A) = (0.8 * 0.7) + (0.5 * 0.3) = 0.71

This analysis can also be represented graphically.

117
Decision trees are a form of graphical analysis used to select a decision based upon alternatives
and their outcomes. The trees can also be implemented via spreadsheets as well as graphs. Each
outcome has a probabilistic value. The components of a decision tree are:

“decision nodes”—represented by squares

“alternatives”—represented by circles
“states”—represented by ovals
State A
Sales > x
(0.8)

Severe Winter
(0.7) Sales < x State A’
(0.2)

State A
Mild Winter Sales > x
(0.3) (0.5)

Sales < x State A’

(0.5)

The states are known in the sense of their likelihood to occur or not to occur, and each state has
an outcome measured in Naira of benefit.

Summary
You have studied methods for the proper selection and initiation of projects in this Session such
as Organizational Planning, Project Initiation, Project Proposals, Project Business Plan, Financial
Evaluation and Selection Methods
Self-Assessment Question
1. Discuss the following concepts with respect to project management: Planning, Initiation,
Proposal and Financial evaluation.

2. Discuss any two methods of carrying out financial evaluation of a project.

118
Study Session 17: Project Scheduling in Computer Centres
Expected Duration: 1 week or 2 contact hours
Introduction
Henry Gantt developed the Gantt chart in World War I, and it was used in huge projects like the
construction of the Hoover Dam in the 1930s. IT project management appears to go back to the
1950s, when the Critical Path Method (CPM) was developed by DuPont and Remington
Rand/Univac. In this Session, Project Scheduling tools such as Bar Charts, Gantt Charts and
Activity Networks are discussed.

Learning Outcomes

When you have studied this session, you should be able to understand and explain the following:

17.1 Project Scheduling Activities

17.2 Project Scheduling Problems
17.3 Gantt Charts
17.4 Resource Histogram
17.5 Critical Path Analysis
17.6 Program Evaluation and Review Technique (PERT)
17.6.1 Common PERT Terminologies
17.7 Implementation of Gantt chart, PERT and Critical Path Analysis
17.8 PERT’s Advantages
17.9 PERT’s Disadvantages
17.10 Uncertainty in project scheduling

17.1 Project Scheduling Activities

The following are the activities involved in project scheduling:

1. Split project into tasks and estimate time and resources required to complete each task
2. Organize tasks concurrently to make optimal use of workforce
3. Minimize task dependencies to avoid delays caused by one task waiting for another to
complete
4. Dependent on project managers intuition and experience

17.2 Project Scheduling Problems

1. Estimating the difficulty of problems and hence the cost of developing a solution is hard
2. Productivity is not proportional to the number of people working on a task
3. Adding people to a late project makes it later because of communication overheads
4. The unexpected always happens. Always allow contingency in planning

119
17.3 Gantt Charts

A Gantt chart is a standard format for displaying project schedule information by listing project
activities and their corresponding start and finish dates in calendar form. Gantt charts were
devised by Henry Gantt (1917). It represents project schedule with respect to time periods. It is a
horizontal bar chart with bars representing activities and time scheduled for the project activities.

A Gantt chart

17.4 Resource Histogram

This is a graphical tool that contains bar or chart representing number of resources (usually
skilled staff) required over time for a project event (or phase). Resource Histogram is an
effective tool for staff planning and coordination.

120
17.5 Critical Path Analysis

This tool is useful in recognizing interdependent tasks in the project. It also helps to find out the
shortest path or critical path to complete the project successfully. Like PERT diagram, each
event is allotted a specific time frame. This tool shows dependency of event assuming an event
can proceed to next only if the previous one is completed.

The events are arranged according to their earliest possible start time. Path between start and end
node is critical path which cannot be further reduced and all events require to be executed in
same order.

17.6 Program Evaluation and Review Technique (PERT)

PERT (Program/Project Evaluation & Review Technique) chart is a statistical tool that depicts
project as network diagram. It is capable of graphically representing main events of project in
both parallel and consecutive way. Events, which occur one after another, show dependency of
the later event over the previous one.

Events are shown as numbered nodes. They are connected by labeled arrows depicting sequence
of tasks in the project.

PERT was designed as a project management tool to analyze and represent the tasks involved in
completing a given project. First developed by the United States Navy in the 1950s, it is

121
commonly used in conjunction with the Critical Path Method (CPM). PERT is applied as a
decision-making tool designed to save time in achieving end-objectives, and is of particular
interest to those engaged in research and development programs for which time is a critical
factor.

The technique takes recognition of three factors that influence successful achievement of
research and development program objectives: time, resources, and technical performance
specifications. PERT employs time as the variable that reflects planned resource-applications
and performance specifications. With units of time as a common denominator, PERT quantifies
knowledge about the uncertainties involved in developmental programs requiring effort at the
edge of, or beyond, current knowledge of the subject – effort for which little or no previous
experience exists.

Through an electronic computer, the PERT technique processes data representing the major,
finite accomplishments (events) essential to achieve end-objectives; the inter-dependence of
those events; and estimates of time and range of time necessary to complete each activity
between two successive events. Such time expectations include estimates of "most likely time",
"optimistic time", and "pessimistic time" for each activity.
PERT was developed primarily to simplify the planning and scheduling of large and complex
projects. It was developed for the U.S. Navy Special Projects Office in 1957 to support the U.S.
Navy's Polaris nuclear submarine project. It was able to incorporate uncertainty by making it
possible to schedule a project while not knowing precisely the details and durations of all the
activities.

17.6.1 Common PERT Terminologies

1. PERT event: a point that marks the start or completion of one or more activities. It
consumes no time and uses no resources. When it marks the completion of one or more
activities, it is not "reached" (does not occur) until all of the activities leading to that
event have been completed.
2. Predecessor event: an event that immediately precedes some other event without any
other events intervening. An event can have multiple predecessor events and can be the
predecessor of multiple events.
3. Successor event: an event that immediately follows some other event without any other
intervening events. An event can have multiple successor events and can be the successor
of multiple events.
4. PERT activity: the actual performance of a task which consumes time and requires
resources (such as labor, materials, space, machinery). It can be understood as
representing the time, effort, and resources required to move from one event to another.
A PERT activity cannot be performed until the predecessor event has occurred.
5. PERT sub-activity: a PERT activity can be further decomposed into a set of sub-
activities. For example, activity A1 can be decomposed into A1.1, A1.2 and A1.3. Sub-
activities have all the properties of activities; in particular, a sub-activity has predecessor
or successor events just like an activity. A sub-activity can be decomposed again into
finer-grained sub-activities.

122
6. Optimistic time: the minimum possible time required to accomplish an activity (o) or a
path (O), assuming everything proceeds better than is normally expected
7. Pessimistic time: the maximum possible time required to accomplish an activity (p) or a
path (P), assuming everything goes wrong (but excluding major catastrophes).
8. Most likely time: the best estimate of the time required to accomplish an activity (m) or a
path (M), assuming everything proceeds as normal.
9. Expected time: the best estimate of the time required to accomplish an activity (te) or a
path (TE), accounting for the fact that things don't always proceed as normal (the
implication being that the expected time is the average time the task would require if the
task were repeated on a number of occasions over an extended period of time).
te = (o + 4m + p) ÷ 6

10. Standard deviation of time : the variability of the time for accomplishing an activity (σ te)
or a path (σTE)
σte = (p - o) ÷ 6

11. Float or slack is a measure of the excess time and resources available to complete a task.
It is the amount of time that a project task can be delayed without causing a delay in any
subsequent tasks (free float) or the whole project (total float). Positive slack would
indicate ahead of schedule; negative slack would indicate behind schedule; and zero slack
would indicate on schedule.
12. Critical path: the longest possible continuous pathway taken from the initial event to the
terminal event. It determines the total calendar time required for the project; and,
therefore, any time delays along the critical path will delay the reaching of the terminal
event by at least the same amount.
13. Critical activity: An activity that has total float equal to zero. An activity with zero float
is not necessarily on the critical path since its path may not be the longest.
14. Lead time: the time by which a predecessor event must be completed in order to allow
sufficient time for the activities that must elapse before a specific PERT event reaches
completion.
15. Lag time: the earliest time by which a successor event can follow a specific PERT event.
16. Fast tracking: performing more critical activities in parallel
17. Crashing critical path: Shortening duration of critical activities

123
PERT network chart for a seven-month project with five milestones (10 through 50) and six
activities (A through F).

17.7 Implementation of Gantt chart, PERT and Critical Path Analysis

The first step to scheduling the project is to determine the tasks that the project requires and the
order in which they must be completed. The order may be easy to record for some tasks
(e.g. When building a house, the land must be graded before the foundation can be laid) while
difficult for others (There are two areas that need to be graded, but there are only enough
bulldozers to do one). Additionally, the time estimates usually reflect the normal, non-rushed
time. Many times, the time required to execute the task can be reduced for an additional cost or a
reduction in the quality.

In the following example there are seven tasks, labeled A through G. Some tasks can be done
concurrently (A and B) while others cannot be done until their predecessor task is complete
(C cannot begin until A is complete). Additionally, each task has three time estimates: the
optimistic time estimate (o), the most likely or normal time estimate (m), and the pessimistic
time estimate (p). The expected time (te) is computed using the formula (o + 4m + p) ÷ 6.

Time estimates
Activity Predecessor Expected time
Opt. (o) Normal (m) Pess. (p)
A — 2 4 6 4.00
B — 3 5 9 5.33
C A 4 5 7 5.17
D A 4 6 10 6.33
E B, C 4 5 7 5.17
F D 3 4 8 4.50
G E 3 5 8 5.17

Once this step is complete, one can draw a Gantt chart or a network diagram.

124
A Gantt chart created using Microsoft Project (MSP)

Note
(1) the critical path is in red,
(2) the slack is the black lines connected to non-critical activities,
(3) since Saturday and Sunday are not work days and are thus excluded from the schedule, some
bars on the Gantt chart are longer if they cut through a weekend.

A Gantt chart created using OmniPlan

Note:
(1) the critical path is highlighted,
(2) the slack is not specifically indicated on task 5 (d), though it can be observed on tasks 3 and 7
(b and f),

125
(3) since weekends are indicated by a thin vertical line, and take up no additional space on the
work calendar, bars on the Gantt chart are not longer or shorter when they do or don't carry
over a weekend.

A network diagram can be created by hand or by using diagram software. There are two types of
network diagrams, activity on arrow (AOA) and activity on node (AON). Activity on node
diagrams are generally easier to create and interpret.

To create an AON diagram, it is recommended (but not required) to start with a node
named start. This "activity" has a duration of zero (0). Then we draw each activity that does not
have a predecessor activity (a and b in this example) and connect them with an arrow from start
to each node. Next, since both c and d list a as a predecessor activity, their nodes are drawn with
arrows coming from a. Activity e is listed with b and c as predecessor activities, so node e is
drawn with arrows coming from both b and c, signifying that e cannot begin until
both b and c have been completed. Activity f has d as a predecessor activity, so an arrow is
drawn connecting the activities. Likewise, an arrow is drawn from e to g. Since there are no
activities that come after f or g, it is recommended (but again not required) to connect them to a
node labeled finish.

126
A network diagram created using Microsoft Project (MSP). Note the critical path is in red.
A node like this one (from Microsoft Visio) can be used to display the activity name, duration,
ES, EF, LS, LF, and slack.

By itself, the network diagram pictured above does not give much more information than a Gantt
chart; however, it can be expanded to display more information. The most common information
shown is:
1.The activity name
2.The normal duration time
3.The early start time (ES)
4.The early finish time (EF)
5.The late start time (LS)
6.The late finish time (LF)
7.The slack

In order to determine this information it is assumed that the activities and normal duration times
are given. The first step is to determine the ES and EF. The ES is defined as the maximum EF of
all predecessor activities, unless the activity in question is the first activity, for which the ES is
zero (0). The EF is the ES plus the task duration (EF = ES + duration).

1. The ES for start is zero since it is the first activity. Since the duration is zero, the EF is
also zero. This EF is used as the ES for a and b.
2. The ES for a is zero. The duration (4 work days) is added to the ES to get an EF of four.
This EF is used as the ES for c and d.
3. The ES for b is zero. The duration (5.33 work days) is added to the ES to get an EF of
5.33.
4. The ES for c is four. The duration (5.17 work days) is added to the ES to get an EF of
9.17.
5. The ES for d is four. The duration (6.33 work days) is added to the ES to get an EF of
10.33. This EF is used as the ES for f.
6. The ES for e is the greatest EF of its predecessor activities (b and c). Since b has an EF of
5.33 and c has an EF of 9.17, the ES of e is 9.17. The duration (5.17 work days) is added
to the ES to get an EF of 14.34. This EF is used as the ES for g.
7. The ES for f is 10.33. The duration (4.5 work days) is added to the ES to get an EF of
14.83.
8. The ES for g is 14.34. The duration (5.17 work days) is added to the ES to get an EF of
19.51.
9. The ES for finish is the greatest EF of its predecessor activities (f and g). Since f has an
EF of 14.83 and g has an EF of 19.51, the ES of finish is 19.51. Finish is a milestone (and
therefore has a duration of zero), so the EF is also 19.51.

127
Barring any unforeseen events, the project should take 19.51 work days to complete. The next
step is to determine the late start (LS) and late finish (LF) of each activity. This will eventually
show if there are activities that have slack. The LF is defined as the minimum LS of all successor
activities, unless the activity is the last activity, for which the LF equals the EF. The LS is the LF
minus the task duration (LS = LF − duration).

1. The LF for finish is equal to the EF (19.51 work days) since it is the last activity in the
project. Since the duration is zero, the LS is also 19.51 work days. This will be used as
the LF for f and g.
2. The LF for g is 19.51 work days. The duration (5.17 work days) is subtracted from the LF
to get an LS of 14.34 work days. This will be used as the LF for e.
3. The LF for f is 19.51 work days. The duration (4.5 work days) is subtracted from the LF
to get an LS of 15.01 work days. This will be used as the LF for d.
4. The LF for e is 14.34 work days. The duration (5.17 work days) is subtracted from the LF
to get an LS of 9.17 work days. This will be used as the LF for b and c.
5. The LF for d is 15.01 work days. The duration (6.33 work days) is subtracted from the LF
to get an LS of 8.68 work days.
6. The LF for c is 9.17 work days. The duration (5.17 work days) is subtracted from the LF
to get an LS of 4 work days.
7. The LF for b is 9.17 work days. The duration (5.33 work days) is subtracted from the LF
to get an LS of 3.84 work days.
8. The LF for a is the minimum LS of its successor activities. Since c has an LS of 4 work
days and d has an LS of 8.68 work days, the LF for a is 4 work days. The duration (4
work days) is subtracted from the LF to get an LS of 0 work days.
9. The LF for start is the minimum LS of its successor activities. Since a has an LS of 0
work days and b has an LS of 3.84 work days, the LS is 0 work days.

The next step is to determine the critical path and if any activities have slack. The critical path is
the path that takes the longest to complete. To determine the path times, add the task durations
for all available paths. Activities that have slack can be delayed without changing the overall
time of the project. Slack is computed in one of two ways, slack = LF − EF or slack = LS − ES.
Activities that are on the critical path have a slack of zero (0).

1. The duration of path a d f is 14.83 work days.

2. The duration of path a c e g is 19.51 work days.
3. The duration of path b e g is 15.67 work days.

The critical path is a c e g and the critical time is 19.51 work days. It is important to note that
there can be more than one critical path (in a project more complex than this example) or that the
critical path can change. For example, let's say that activities d and f take their pessimistic (b)
times to complete instead of their expected (T E) times. The critical path is now a d f and the
critical time is 22 work days. On the other hand, if activity c can be reduced to one work day, the
path time for a c e g is reduced to 15.34 work days, which is slightly less than the time of the
new critical path, b e g (15.67 work days).

128
Assuming these scenarios do not happen, the slack for each activity can now be determined.
1. Start and finish are milestones and by definition have no duration, therefore they can
have no slack (0 work days).
2. The activities on the critical path by definition have a slack of zero; however, it is always
a good idea to check the math anyway when drawing by hand.
 LFa – EFa = 4 − 4 = 0
 LFc – EFc = 9.17 − 9.17 = 0
 LFe – EFe = 14.34 − 14.34 = 0
 LFg – EFg = 19.51 − 19.51 = 0
3. Activity b has an LF of 9.17 and an EF of 5.33, so the slack is 3.84 work days.
4. Activity d has an LF of 15.01 and an EF of 10.33, so the slack is 4.68 work days.
5. Activity f has an LF of 19.51 and an EF of 14.83, so the slack is 4.68 work days.

Therefore, activity b can be delayed almost 4 work days without delaying the project. Likewise,
activity d or activity f can be delayed 4.68 work days without delaying the project
(alternatively, d and f can be delayed 2.34 work days each).

A completed network diagram created using Microsoft Visio. Note the critical path is in red.

17.8 PERT’s Advantages

1. PERT chart explicitly defines and makes visible dependencies (precedence relationships)
between the work breakdown structure (commonly WBS) elements.
2. PERT facilitates identification of the critical path and makes this visible.
3. PERT facilitates identification of early start, late start, and slack for each activity.

129
 4. PERT provides for potentially reduced project duration due to better understanding of
dependencies leading to improved overlapping of activities and tasks where feasible.
5. The large amount of project data can be organized & presented in diagram for use in
decision making.
6. PERT can provide a probability of completing before a given time.

17.9 PERT’s Disadvantages

1. There can be potentially hundreds or thousands of activities and individual dependency

relationships.
2. PERT is not easily scalable for smaller projects.
3. The network charts tend to be large and unwieldy requiring several pages to print and
requiring specially sized paper.
4. The lack of a timeframe on most PERT/CPM charts makes it harder to show status
although colours can help (e.g., specific colour for completed nodes).

17.10 Uncertainty in project scheduling

During project execution, however, a real-life project will never execute exactly as it was
planned due to uncertainty. This can be due to ambiguity resulting from subjective estimates that
are prone to human errors or can be the result of variability arising from unexpected events or
risks. The main reason that PERT may provide inaccurate information about the project
completion time is due to this schedule uncertainty. This inaccuracy may be large enough to
render such estimates as not helpful.

One possible method to maximize solution robustness is to include safety in the baseline
schedule in order to absorb the anticipated disruptions. This is called proactive scheduling. A
pure proactive scheduling is a utopia; incorporating safety in a baseline schedule which allows
for every possible disruption would lead to a baseline schedule with a very large make-span. A
second approach, termed reactive scheduling, consists of defining a procedure to react to
disruptions that cannot be absorbed by the baseline schedule.
Summary
In this module, you have been introduced to some project management tools that can be used in
managing a software development project. These are Gantt charts, Histograms and PERT.
Now answer the following question.
Self-Assessment Question
Consider the next PERT chart which depicts a system development contract in a Computer
Centre, draw a task table and compute the critical path.

130
131
Study Session 18: Projects’ Risks, Success and Failure
Expected Duration: 1 week or 2 contact hours
Introduction
There are some risks that are to be guarded against in software development projects. So also
there are some factors that may warrant success or failure of a software project. All these issues
are discussed in this Session.

Learning Outcomes
When you have studied this session, you should be able to understand and explain the following:

18.1 Risks Involved in Project Management

18.2 Factors Determining the Success or Failure of a Project
18.2.1 Interdependent Factors in Project Success
18.2.2 Data Migration and Implementation
18.3 Software Project Failures
18.3.1 Instances of Software Project Failure
18.3.2 Impact of Software Project Failures

18.1 Risks Involved in Project Management

Complex projects are always fraught (filled) with a variety of risks ranging from scope risk to
cost overruns. One of the main duties of a project manager is to manage these risks and prevent
them from ruining the project. The major risks involved in a typical project are:

1. Scope Risk

This risk includes changes in scope caused by the following factors:

1. Scope creep – the project grows in complexity as clients add to the requirements and
developers start gold plating.
2. Integration issues
3. Hardware & Software defects
4. Change in dependencies

2. Scheduling Risk

There are a number of reasons why the project might not proceed in the way it is scheduled.
These include unexpected delays at an external vendor, natural factors, errors in estimation and
delays in acquisition of parts. For instance, the test team cannot begin the work until the
developers finish their milestone deliverables and a delay in those can cause cascading delays.

To reduce scheduling risks, tools such as a Work Breakdown Structure (WBS) and RACI
matrix (Responsibilities, Accountabilities, Consulting and Information) and Gantt charts to help
in scheduling are used.

132
3. Resource Risk

This risk mainly arises from outsourcing and personnel related issues. A big project might
involve dozens or even hundreds of employees and it is essential to manage the attrition issues
and leaving of key personnel. Bringing in a new worker at a later stage in the project can
significantly slow down the project.

Apart from attrition, there is a skill related risk too. For instance, if the project requires a lot of
website front end work and the team does not have a designer skilled in HTML/CSS, the project
could face unexpected delays there.

Another source of the risk includes lack of availability of funds. This could happen if
developers are relying on an external source of funding (such as a client who pays per milestone)
and the client suddenly faces a cash crunch.

4. Technology Risk

This risk includes delays arising out of software and hardware defects or the failure of an
underlying service or a platform. For instance, halfway through the project we might realize the
cloud service provider we are using doesn’t satisfy our performance benchmarks. Apart from
this, there could be issues in the platform used to build a software or a software update of a
critical tool that no longer supports some of our functions.

18.2 Factors Determining the Success or Failure of a Project

There do seem to be three factors that all successful projects have in common. Each of these
factors is key to any project’s success. Each project can be viewed as a tripod. All three legs
must be in place for the tripod to stand sturdily. In a systems project, these “legs” or critical
success factors consist of the following:

• Top management support

• A sound methodology
• Solid technical leadership by someone who has successfully completed a similar project

Without each of these solidly in place, the tripod will topple and the project will fail.

1. Top Management Support

Every study ever done about system success or failure has identified top management support as
a critical success factor. Without full commitment from top management, when problems arise
on a project (as they inevitably do), the project will collapse. The management personnel in any
organization that undertakes a systems project should be aware up-front that the project will
encounter serious setbacks. They will need to be prepared to remain visibly and vocally behind
the project, despite these setbacks or else the project is doomed to failure.

133
Consider a system where the implementation was going poorly and rank and file users were
about to revolt. However if the top management stay behind the project then it will eventually
succeed. If management had not been as committed, the project would surely have failed.
Consider another scenario with another system, where the project is going fine, but a new
manager came in. The project could just disappear overnight.

This leads to an important point that a project will not be successful if management doesn’t think
it is successful. Management needs to be educated about the process being used and their
expectations must be managed.

There is a real difference between systems projects and office buildings. When a building is half
done, there is something to see. When a software project is half done, there is very little (if
anything) to see. Managers need to know what they can expect to see and when. If they assume
that the project will have 50% of the systems running when the budget is 50% spent, they will
probably start thinking about pulling the plug on a project that is progressing exactly on
schedule. Beware of the skilled developer who thinks he/she is a project lead. An experienced
developer with several years’ experience may not understand the design of the system. However,
they can singlehandedly kill a project with a well-placed opinion. Managers often do not
understand the design of a system. They rely on the opinions of skilled advisors.

The key to managing the managers is to bring in high-level objective auditors. In a consulting
environment, this is particularly important. How can management know that they are not being
cheated or that the project is not being mismanaged? They don’t have the skills to assess the
situation. A project can be ended by management simply because they misunderstand the actions
of the development team. In such cases, having a technical audit can validate the actions of the
development team and provide management with the information required to continue
supporting the project.

2. Development Methodology

Many systems are built with little thought to process. The team gets together and starts
performing activities. As soon as enough information is gathered, coding begins. This lack of
attention to process can kill a system. It is easy to see the result of a lack of attention to process
after a system fails. Usually major portions of the user requirements are ignored. Large amounts
of code need to be rewritten, since it does not meet user requirements the first time around. If
completed, the system is put into place with inadequate testing. Without a well thought out
process, there is little chance that a systems project will be completed.

If the project does succeed, it only does so with substantial rewrites and cost overruns. It may be
surprising to think that the methodology selected doesn’t matter, but in fact this is basically true.
What does matter is that there is some methodology. There is no explicit research to indicate that
any one particular methodology is better than any other. What is important is keeping the project
organized in some consistent and focused way and thinking through the process carefully at the
outset.

134
Different methodologies all gather the same information but organize it differently. One may
have additional, unnecessary steps. Another may miss some steps requiring developers to
backtrack to earlier phases. The important point is to use some methodology successfully. If a
process is flawed, usually it is not seriously flawed. One methodology may be more efficient
than another, but any process is better than no process.

There are many ways to approach systems development – object-oriented, rapid prototyping,
waterfall, etc. They each use different tools to accomplish the same tasks. An object-oriented
approach would employ use cases in analysis, whereas a traditional Oracle professional will use
a function hierarchy. If a particular organization has talent in one specific area, there is no reason
not to exploit that expertise. For example, if you have a number of object-oriented developers, an
object oriented approach would be a clear choice. Similarly, a shop with Oracle Designer
expertise might use the CADM methodology. As stated elsewhere, it can be useful if the
methodology selected is tightly integrated with the development tools selected since there will be
less wasted effort. However, this still will not guarantee project success. A project may be more
or less expensive but won’t succeed or fail based upon the methodology or tools used.

3. Technical Leadership

Just as a building needs an architect, so a software system needs a technical lead. To be

successful, the architect or technical lead must be the one in control of the “architecture” of the
project, namely the data model and application design. This level of control must be recognized
and acknowledged by everyone involved with the project. Otherwise, each portion of the system
may be constructed independently by a portion of the team and the pieces won’t fit together at
the end. The technical lead must have built similar systems down to the level of the specific
business area for which the system is being built. For example, any system that includes financial
functions must usually interface with existing accounting functionality. This means that the
technical lead must understand basic accounting practices.

18.2.1 Interdependent Factors in Project Success

In any systems project, there are four interdependent factors:

1. Cost
2. Quality
3. Speed
4. Risk

It is not possible to have the best of all four factors. Specifically, we cannot have a system built
inexpensively, of high quality, built quickly and with little or no risk of failure. Most discussions
of these factors only include the first three. It is possible to build a high-quality system quickly,
at a relatively low cost by cutting corners, and doing little or no testing.

However, the risk of such a system failing increases dramatically. Of these four factors, in any
project, two are always possible to achieve successfully, leaving the other two to be managed. Of
these four factors, the two most important are risk and quality. The system must work and
successfully meet user requirements. This leaves speed (time) and cost (money) to be adjusted

135
accordingly. If you insist on fast development time or low cost, then quality and risk will shift
accordingly.

Many arguments with managers over this principle may emerge. They could argue that “If we
use Product X and Methodology Y, we can have the system built quickly at minimal cost.” This
is not a realistic or tenable position. We can insist on low risk and high quality, recognizing that
time and money must be adjusted to achieve these goals.

18.2.2 Data Migration and Implementation

Two additional factors in determining the success or failure of a project that are often forgotten
are data migration and the system implementation itself. Data Migration should be planned for
early on in any project. Data Migration should almost be considered as a separate project in his
own right. Similarly, even a well-crafted, well-documented and carefully designed system can
still fail 10-20% of the time because the implementation is not handled correctly. This can be due
to inadequate training of users, poor transitioning from the old to the new system and lack of user
support for the new system.

18.3 Software Project Failures

Information systems projects frequently fail. In particular, business process reengineering (BPR)
projects have an even higher failure rate because of their expanded scope. Hiring a large,
established consulting company is no guarantee of success; neither is buying packaged software
and implementing it. Projects are frequently built using a strategy that almost guarantees failure.
Software engineering is a kind of engineering. Building a large information system is like
constructing a 20-story office building. If a bunch of electricians, plumbers, carpenters and
contractors meet in a field, talk for a few hours and then start building, the building will be
unstable if it even gets built at all.

18.3.1 Instances of Software Project Failure

This is only one of the latest in a long, dismal history of IT projects gone awry. Most IT experts
agree that such failures occur far more often than they should. What's more, the failures are
universally unprejudiced: they happen in every country; to large companies and small; in
commercial, nonprofit, and governmental organizations; and without regard to status or
reputation. The business and societal costs of these failures - in terms of wasted taxpayer and
shareholder Nairas as well as investments that can't be made - are now well into the billions of
Nairas a year. The problem only gets worse as IT grows ubiquitous.
Of the IT projects that are initiated, from 5 to 15 percent will be abandoned before or shortly
after delivery as hopelessly inadequate. Many others will arrive late and over budget or require
massive reworking. Few IT projects, in other words, truly succeed.
The biggest tragedy is that software failure is for the most part predictable and avoidable.
Unfortunately, most organizations don't see preventing failure as an urgent matter, even though
that view risks harming the organization and maybe even destroying it. Understanding why this

136
attitude persists is not just an academic exercise; it has tremendous implications for business and
society.
The CHAOS report lists the major causes of IT project failure, and over the years the top causes
have been lack of end-use involvement; lack of executive support; poor project management
and/or planning; unclear business justification; and problems with requirements, scope,
methodology, and estimation (Standish Group, 2004).

Sources: Business Week, CEO Magazine, Computerworld, InfoWeek, Fortune, The New York Times, Time,
and The Wall Street Journal.

137
There are so many factors for Software Project failures. Among the most common factors for
software project failures are summarized below:

 Unrealistic or unarticulated project goals

 Inaccurate estimates of needed resources
 Badly defined system requirements
 Poor reporting of the project's status
 Unmanaged risks
 Poor communication among customers, developers, and users
 Use of immature technology
 Inability to handle the project's complexity
 Sloppy development practices
 Poor project management
 Stakeholder politics
 Commercial pressures

All these factors culminate into the following reasons why projects fail:

[1] Poor planning and/or inadequate process – planning is central to the success of a
project. It is important to define what constitutes project success or failure at the earliest
stage of the process. It is also essential to drill down the big picture to smaller tasks.

[2] Inefficient way to document and track progress – this is an oversight on the part of the
project manager. Tracking milestones is a crucial way to see if expectations are being
met. Documentation and tracking also lets the manager identify which areas require more
resources to be completed on time.

[3] Poor leadership at any level – the “leader” is usually identified as the project manager.
However, the management-level executive also has a responsibility of ensuring the
project’s success. He/she should work together with the manager to ensure that the
company’s exact requirements are understood.

[4] Failure to set expectations and manage them – in working in a team setting, it is
critical that you’re able to manage people. If and when expectations are not met, there
should be clearly-defined consequences. The task should then be prioritized and possibly
reassigned to a more competent individual.

[5] Inadequately-trained project managers – the project manager is taking on a heavy

responsibility. It is important to assign management roles only to individuals who have
the capabilities to meet requirements. In some cases, poorly-trained managers are
assigned to complex projects; this is a recipe for failure.

[6] Inaccurate cost estimation – there are instances when the cost of an undertaking is
grossly underestimated. When it runs out of resources, the project cannot be completed.
This can be mitigated when the lack of resources is identified early by the project
manager.

138
 [7] Lack of communication at any level – communication between the management
executive and the project manager, and between the latter and the team members are
always important. Everyone should feel free to come forward to state their concern or
give suggestions.

[8] Culture or ethical misalignment – the culture of the company must prize competence,
pro-activeness, and professionalism. If it doesn’t, the team members may not have the
motivation to do their best. In essence, everyone involved must be concerned about the
success of their undertaking.

[9] Competing priorities – when a company’s resources are stretched, there will be
competing priorities in terms of manpower and financing. Having good cost estimation at
the start will eliminate this problem.

[10] Disregard of project warning signs – when a project is on the verge of failing, there
will always be warning signs. Taking action immediately can save the project. Otherwise,
the whole endeavour can just go down the drain.

18.3.2 Impact of Software Project Failures

(i) Project Failure jeopardizes an organization's prospects. If the failure is large enough, it
can steal the company's entire future.
(ii) IT failure in government can imperil national security.
(iii) IT failures can also stunt economic growth and quality of life.
Worldwide, it's hard to say how many software projects fail or how much money is wasted as a
result. If we define failure as the total abandonment of a project before or shortly after it is
delivered, and if we accept a conservative failure rate of 5 percent, then billions of Naira/Dollars
are wasted each year on bad software.

Summary

In this Session, you have been taken through risks, success and failure factors associated with
Software Development projects.

Now answer the following questions.

Self-Assessment Questions?
1. Explain any three reasons why software projects fail.
2. What are the effects of project failure on economy, government and image of software
development organizations?
3. Explain any three types of risks in software projects and how to get round them.
4. Discuss about five factors for success of software development projects

139
Further Readings

Alexander, M. (2004). Software development should include security plan. Retrieved from
www.adtmag.com, July 2018.
Aspac (2015). Requirements for Setting Up a CBT Centre,
https://www.nairaland.com/2331249/requirements-setting-up-cbt-centre, Retrieved July
2019
Brighthub (2008). Best Ways to Clean a Keyboard - Top Keyboard Cleaning Tips
https://www.brighthub.com/computing/hardware/articles/12836/ Retrieved July 2019
CMPNOTE (2020). Computer Ethics, https://cmpnote.blogspot.com/p/computer-ethics.html,
Retrieved July 2019
Colorado.edu (2017). Computer Lab Design Considerations,
https://oit.colorado.edu/software-hardware/recommended-software-and-hardware-
list/computer-lab-design, Accessed in December 2020.
Davis, A., Hickey, A., & Zweig, A. (2004). Requirements management in a project management
context. In P. Morris & J. Pinto (Eds.), The Wiley guide to managing projects. New York:
Wiley.
Educational technology, Managing the Computer Lab.
http://edtech.canyonsdistrict.org/managing-the-computer-lab.html

Fayou Wang (2016). The Design of Public Computer Lab Management System Based on
Network Environment. International Conference on Education, Management and
Computer Science (ICEMC 2016)

Freebrowsinglink (2020). Business Plan: JAMB CBT Centre Requirements – Costs, and How to
Become One, https://www.freebrowsinglink.com/jamb-cbt-centre-requirements/,
Retrieved July 2019
Hairulliza Mohamad Judi and Hazura Mohamed (2016). Optimising Computer Laboratory
Layout Based on Multiple Performance Measures, International Journal of Information
and Education Technology, Vol. 6, No. 9, September 2016
Ikuomola A. J. (2009). CSC 317, Computer Centre Management, University of Agriculture,
Abeokuta http://unaab.edu.ng/wp-
content/uploads/2009/12/473_Computer%20Centre%20Management_CSC317.pdf
JAMB (2020). Computer Based Test (CBT) Centre Requirements,
https://www.jamb.gov.ng/PDFs/cbt_requirements.pdf, Retrieved Dec., 2020.
Jennifer Krahn (2006). “Effective Project Leadership: A Combination of Project Manager Skills
and Competencies in Context,” PMI Research Conference Proceedings (July 2006).
Jim Cowles (2020). Computer Laboratory Management - Making Effective Use of Your
Computers, https://www.learntechlib.org/p/138660/ Retrieved Dec., 2020.

140
John Garger (2011). The Four Best Computer Laboratory Layouts for Schools.
https://www.oerafrica.org/FTPFolder/guyana/Guyana/Guyana/resources/KD/KD%20M0
4U01%20Docs/Computer%20Laboratory%20Layouts%20for%20Schools.htm, Retrieved
Dec., 2020.
Kathy Schwalbe (2012). Information Technology Project Management, Seventh Edition,
Cengage Learning, USA
Leffingwell, D., & Widrig, D. (2000). Managing software requirements. Boston: Addison-
Wesley.
National Centre for Educational Statistics. Protecting Your System: Physical Security,
https://nces.ed.gov/pubs98/safetech/chapter5.asp Accessed in December 2020.
PMI. (2000). The project management body of knowledge (PMBOK). Newton Square, PA. ISBN
1-880410-22-2.
Project Management Institute (2013). A Guide to the Project Management Body of
Knowledge (5th ed.). Project Management Institute. ISBN 978-1-935589-67-9.
Robert D. Gumm (1977). Computer Center Management, Comput. & Indus. Enxng, Vol. 1, pp.
73-77. Pergamon Press, 1977. Printed in Great Britain
Robertson, S., & Robertson, J. (1999). Mastering the requirements process. Boston: Addison-
Wesley.
Standish Group. (2004). Chaos chronicles. Retrieved from www.standisgroup.com July 2018
Telcordia GR-2930 (2012). NEBS: Raised Floor Generic Requirements for Network and Data
Centers (2012). https://telecom-info.njdepot.ericsson.net/site-
cgi/ido/docs.cgi?ID=SEARCH&DOCUMENT=GR-2930&
Thayer, R., & Dorfman, M. (1999). Software engineering requirements. New York: Wiley.
Wikipedia. Computer Data Centre, https://en.wikipedia.org/wiki/Data_center

141