This report helps to develop a clear picture of the importance of managing information systems and the impact of IT technology system. In this context, therefore, most of the organizations are in the process of adopting these changes in their IT systems to maximize on quality production, meet customer expectations, to ease the workload of using the filing system and most importantly to have a competitive edge over its competitors. ANZ Bank is one of the leading banking organizations in Australia and New Zealand. It is one of the organizations that has adopted IT and IS support system that ensures smooth bank operations. Components of an Information system, strategically organized concepts of effective management of information systems provide a robust framework for understanding the roles, critiques, risks imposed by information systems and the dangers of using information systems according to Xu & Quaddus (2013).

Despite the many positive outcomes of adopting the IT technology information systems, there is a significant concern in cybersecurity that can quickly tarnish the image and reputation of an organization or even a loss of critical data. Therefore, as organizations are busy making considerations to use these information systems, they should ensure that there are efficient IT experts who can put up a reliable firewall to secure the interests of ANZ bank from individuals with evil intentions hence ensuring that the acceptable code of ethics is adopted and respected (Béranger, 2015).


In recent years, there is a divine purpose of keeping the bank’s information systems updated and at par with the competing companies. Not only do companies need to adopt this information system, but also it must keep it updated at all times because technological changes occur daily. Information system (IS) is defined as an integrated, coordinated network of components put together to convert data into information (Schirrmeister, 2013). Through IS, organizations can improve efficiency in data management, boosting productivity. In this context, ANZ (Australia and New Zealand) bank has made a substantial technological change in securing its information systems by using some of the best banking software. Being one among the largest banks in the continent, this is of considerable significance because control of data will be more natural hence having a competitive advantage in the market. The report focuses on the role of IS and IT systems and ways it assists in mitigating the risk in organizations basing the discussion on ANZ. It further reflects on the way companies benefit from the wide variety of IS and IT systems. 

Components of an Information System

A sound information system is primarily composed of five parts that include the hardware, software, database, network, and people, that come together to perform input, process output, feedback and control of data (Wang, 2014).

The hardware consists of the physical output or input devices, processor, the operating system, and the media devices. The software is a set of programs and procedures installed in the hardware. The database consists of organized data in the required design, and the network refers to the hubs, communication media, and other network devices. The people are the operators and network administrators of the information system.

In every organization, IS can be classified based on how the information is used and can be therefore divided into operations support systems or management support system.

Operations support system

The end user does input of data in an organization. It is processed to produce information like reports that can be utilized by internal or external users. At ANZ bank, this is critical because it is easier to perform audits determining what is working and what is not. The principal purpose of this operations support system is to facilitate and control business transactions, management of internal and external communication hence update the organization’s central database.

Transaction processing systems (TPS) – this is a component of the operations support system used by ANZ and other banks, where transactions involve different departments like accounts, sales, or finance. Its primary purpose is to categorize such transactions into batch transactions processing and real-time transaction processing.

Process control system – some errors may be made by computers without involving any human. Therefore, the relevant information is fed to this system on a real-time basis hence enabling more natural process control (Zeng, Qiu & Cui, 2015).

Enterprise collaboration system – this type of operations support system enables collaboration efforts through improving the sharing of data and communication. For instance, use of Navision software by ANZ bank provides end-to-end encryption of the bank’s operations. Besides, using the Enterprise Knowledge Portal (EKP), the bank workers and other users can share information more reliably.

Management support systems

 This strategy facilitates a more straightforward decision-making scheme for managers. They are classified into a management information system, decision support, expert support system, and accounting information systems.

Strategic information systems (SIS)

SIS systems are information systems that are developed to manage the corporate business initiative to give the organization a competitive advantage. They are used to deliver a product or service, which is at a significantly lower cost, differentiated, or one that targets a specific market segment. They majorly provide sufficient and dependable information that will keep the company’s operations smooth. SIS systems are, therefore, crucial in the profitability of the company hence opening new markets and businesses.

The role of SIS systems

 The purpose of SIS is to give an organization a competitive advantage in the market. 

It can be done by delivering a product or service at a lower cost at a fee that is related to the quality of the service or product that will yield high market returns on investment thus attractive in the market. ANZ bank can systematically store its data hence being influential in adhering to the customer needs and expectations in the best way possible. Moreover, the integrated information and IT system of ANZ is helpful in time management, especially minimizing the time spent to serve customers. It considers the overall cost of all corporate activities involved in the delivery of that particular product or service. The lower price will also result in the product or service penetration in the market (Daim et al., 2014).

Differentiated products – differentiation means the unique features added to a commodity or service that are competitive and at the same time attractive to the market. Addition of these unique features on the product or service may incur some additional expenses to the organization but will be very eye-catching in the market. It gives the customer the perception that they are getting extras/rewards, and they will be willing to pay.

Focusing on a specific market segment – IT products and services has helped ANZ bank to define, expand, and fill a particular section in the market that has not been adequately occupied by other banking institutions. For instance, the bank provides integrated banking options to its customers’ hence more convenient service. An organization may come up with a product or service that is specifically designed for a specific target market 

Innovation – SIS systems are of great significance in the development of a product or service through the use of computers. The bank’s cloud backup system enables its users who are logged on to the same, to have access to any information necessary from any corner of the world. These developments are unique; hence, a compliment of what existed before it, for example, ATMs and credit card handling when shopping. This provides convenience and less time wastage to the customer (Sousa & Oz, 2014).

Another significant role of these systems is actively supporting the senior management of an organization in decision-making. Through the IS system, managers can get a clear view of activities going on in the company, check reviews and ratings on what the customers think of the company’s product or service hence easy to determine sectors that need change.

Security concerns on information systems At ANZ Bank

As the IT sector is rapidly changing, the more security threats on IS are changing, and therefore, the compliance of organizations is becoming more complex. Information security (infosec) is the steps taken to prevent unauthorized access, use, disclosure, and inspection of information. To ensure that the system’s security is secure, the organization should ensure that the IS security should be to end encrypted. ANZ communication through the integrated systems is highly encrypted, thus safety in sharing and receiving information all over its network in Australia. This information security policy should allow revision and updates of the set down security procedures to ensure the system is fully protected at all times, hence a good back up plan. It is also supposed to consider the risk assessment of the organization to analyze possible future risks likely to be faced by the organizations IS like fraudsters and hackers.

Information security’s policy objectives aim at maintaining confidentiality, integrity, and ensuring the availability of resources to the authorized personnel. It is supposed to elaborate the terms used in the policy, explaining the meaning of licensed personnel in the organization’s context, still focusing on efficient policy implementation. This is mainly achieved through the process of multi-risk management that is responsible for identifying assets, threats, and their sources, vulnerabilities, possible effects, and measures; thus, assessment of the risk management plan. To handle these issues, professionals and academics have collaborated hence seek to set specific guidelines and policy standards on passkeys, antivirus software and firewall, encryption software, the legal user and liability, and the administrator.

Issues like theft, natural disasters, or malfunction of the server or computer are some of the crucial aspects that come up when setting up an information security system (Moore, 2017). Identity theft, on the other hand, refers to the attempt of acting like another person to obtain that person’s private data or information. Nowadays, theft of equipment like cell phones, tablets, and computers has increased at a high rate hence the risk of losing personal data stored in these devices. Institutions like the government, hospitals, and security facilities are some of the institutions with highly sensitive information that requires to be handled in a very confidential manner. From a business point of view, information security is critical and therefore, must be well balanced against the cost. 

Measures that can reduce information security risk at ANZ

Some of the steps necessary to handle the risks posed by information systems include reducing and implementing countermeasures that will eliminate vulnerabilities, thus block potential threats. This should be achieved through ensuring the information security systems updated regularly and setting up of well-coded firewalls that are not easy to breach. For example, in 2017, Facebook suffered a significant hack because an unknown party with malicious intentions breached its system firewall.

The organizations should contract or transfer the cost of information threats to a third party, for instance, outsourcing or buying insurance. An insurance company will assess the risk or threat posed on the information system hence evaluate that risk and compensate the organization accordingly. This helps the organization to avoid unnecessary losses that may be incurred as a result of a security breach on its information security system.

The organizations should evaluate whether the cost of the countermeasures required is higher than the probability cost of loss as a result of a breach in its information security system. It is a necessary measure because the organization can decide whether to do away with the whole system that has a risk of breach and set up a new one or set countermeasures to help in the management of possible threats.

Business continuity planning

Despite the many threats that are imposed by information systems, business operations must go on whatsoever. Therefore, the management of an organization should formulate a business continuity plan that creates a guideline for commencing the healthy business practices despite the foreseen risks. Business continuity planning (BCP) is a plan that identifies an organization’s risk of exposure to potential threats thus brings together fixed and current assets to provide adequate prevention methods and recovery for the organization, still maintaining value system integrity and its competitive advantage according to Lemberger & Morel (2012). Precisely, risk management and disaster management is vital during business continuity planning. 

Business continuity planning phases

In earlier years, a BCP would only protect the data, but that has changed lately because the process includes recovering from the threat, continuation of operations, and preservation of the whole business operations. Therefore, it is supposed to cover the contingency plans that aim at securing every resource of the ANZ bank. In recent years, the bank has taken substantial investment risks to innovate new products and improve on the existing ones. BCP has five continuity faces that include project management and initiation, business impact analysis (BIA), recovery strategies, plan design and development, testing, maintenance, awareness, and training. 

Project management and initiation phase

This phase includes risk analysis where it is easy to determine a possible risk, how it will happen, impacts of the risk, and measures that can be used to avoid the from affecting ANZ bank operations. It also advocates for getting the management support, the establishment of a fully functional BCP team, and creation of a work plan with an initial report to the management hence obtain the management’s approval to commence. This phase describes the identification of risk and the measures that should be followed to ensure the continuity of the bank’s business operations (Felker, Jomo & Rasiah, 2013).

Business impact analysis 

In this phase, the formal agreement with the top management is carried out for each time crucial business report. Business impact analysis is necessary when deciding the maximum town outage. It explains the quantity loss incurred because of the incurred cost of recovery without having an estimate of possible kinds of threats since it only considers the consequences.

In this face, the business experts in the organization should identify information-gathering methods necessary, for instance, interviews, questionnaires, or software tools. Selection of interviewees, customization of inquiries, information analysis, and identification of business functions that are time critical, is done in this phase of business continuity planning.

Recovery phase

In this phase, the development of recovery strategies is based on predefined MTDs and management approval. Therefore, this phased strategy addresses the recovery of business operations. This is the necessary steps that should be followed to resume the regular business operations and the facilities and supplies required for the same. It also puts into consideration the customers as well as the workers who critically oversee the entire process, network, and technical recovery of information, including backups.

Business continuity process development phase

In this phase, the ANZ bank should formulate a detailed business and service plan for data recovery. This helps in the maintenance plan whereby the management has to develop an idea on how to keep the BCP development updated. This can be done by the creation of awareness strategies and training of members of staff on how to effectively implement the plan. The sample of the project is classified into the initial disaster response, resuming dangerous and non-serious business operations after the disaster, restoration of the system to the leading site and interaction with external forces that have a direct or indirect influence to the organization. 

The final phase

The final phase is a dynamic process that involves the testing, maintenance, and training of the business continuity planning strategy. Support, in this case, means fixing the issues discovered during testing. Therefore, it should involve the implementation of change management, auditing and addressing the findings of audit hence a critical annual review of the plan to check how consistent and effective it is. Since training is an ongoing process that never ends, it is, therefore, necessary to make it part of the corporate culture and standards.

The ethical and legal implications of information systems 

Information systems have brought an enormous impact on the daily operations of the ANZ bank through the development of new technology with unique features and designs. Ethics refers to the acceptable principles necessary in governing an individual or a group of people. Introduction of these new technological changes can have a considerable influence on the human character by giving humans the privileges and capabilities that were not initially there. For example, digital technology has given humans the power to compile data from different sources to create a person’s profile that was very hard in the past years (Iannone, 2017).

Every member of the Association for Computing (ACM) is expected to portray ethical professional behavior. This code identifies 24 formulated imperatives such as commitment, and most of the issues likely to be faced by professionals. 

According to ACM’s code of organizational ethics, every member of staff is required to use their computer software and system. This means that every employee must have an appropriate login credential before making use of system resources like file space, communication ports, among others.

Implementation of systems that intentionally demean and distress individuals or groups is unethical and unacceptable. Organizations should adopt a familiar and easy to use IS that does not adherently demean other people.

The top management of an organization in charge of computer systems should take responsibility for ensuring that the system does not degrade, but enhance the work of an employee or user of the system for that matter. Personal and professional development, physical safety, and dignity of employees should be put into consideration during the implementation of a computer system. Therefore, appropriate and acceptable human-computer relations should be highly considered during system designing as well as in the work area. 

Advantages of the ethical and legal implications of information systems 

A major significance of creating a code of ethics that is acceptable is the clarification it brings out about the acceptable behavior and standards for a particular group of professionals. The variety of experiences and diversified backgrounds of the members of a group brings about diversified ideologies in regards to ethical standards. At the workplace, the acceptable code of ethics should be written down and shared/ communicated to the employees in a clear and precise manner (Dicks, 2017).

 These systems provide a fair and just system that functions efficiently to help motivate the worker instead of degrading them. This is a compliment of the effort, time and resources employees and the management invest in the organization.

However, a few disadvantages related to the adherence of professionals to the code of ethics. Concerning ACM, a code of ethics is a voluntary thing because and some members of staff may choose not to observe that code. If this happens at the workplace, the specific worker/ workers may face termination of their responsibilities in the organization.

Another setback is the fact that the code of ethics is not legally binding. This means that no legal authority says people who do not adhere to the law of ethics will be prosecuted since it is not a criminal offense. Therefore, violation of this code may cause harm to some people who violate the code in the case where they interact with ‘unforgiving’ persons.

Another demerit of a code of ethics is always a room that allows important matters to arise, and these matters may not necessarily be addressed in the acceptable code of ethics. For instance, technology develops very fast; hence, changes occur rapidly. Therefore, a system of ethics may not make changes as frequent as technology does; thus, it is hard to keep up with speed. 


In conclusion, managing information systems in the banking sector today is not an optional thing. IS and IT systems are an essential fragment of the daily business transactions of an ANZ bank to ensure product development, customer satisfaction hence a positive perception by every stakeholder (Blyler, 2013). The top management is obliged to ensure adequate safety on information and IT systems to safeguard the interests of the organization. Moreover, ANZ bank’s management should ensure effective communication of the code of ethics that should be observed in the workplace and in managing information systems. Therefore, every stakeholder has to ensure that acceptable business practices are adhered to for efficiency at the workplace.


Blyler, J., (2013). Software-Hardware Integration in Automotive Product Development. doi:10.4271/pt-161

Béranger, J., (2015). Ethical Modeling: From the Design to the Use of an Information System. Medical Information Systems Ethics, 45-117. doi:10.1002/9781119178224.ch2

Daim, T. U., Neshati, R., Watt, R., & Eastham, J. (2014). Technology Development: Multidimensional Review for Engineering and Technology Managers. Basingstoke, England: Springer. 

Dicks, H., (2017). Environmental Ethics and Biomimetic Ethics: Nature as Object of Ethics and Nature as Source of Ethics. Journal of Agricultural and Environmental Ethics, 30(2), 255-274. doi:10.1007/s10806-017-9667-6

Felker, G., Jomo, K. S., & Rasiah, R. (2013). Industrial Technology Development in Malaysia: Industry and Firm Studies. London, England: Routledge. 

Iannone, A. P. (2017). Ethics, the Environment, Environmental Ethics. Practical Environmental Ethics, 1-40. doi:10.4324/9781315127200-1

Lemberger, P., & Morel, M., (2012). Managing Complexity of Information Systems. doi:10.1002/9781118562017

Moore, G., (2017). Virtue Ethics and Organizational Ethics. Oxford Scholarship Online. doi:10.1093/oso/9780198793441.003.0003

Schirrmeister, F., (2013). Embedded Systems Hardware/Software Co-Development. Software Engineering for Embedded Systems, 33-57. doi:10.1016/b978-0-12-415917-4.00002-5

Sousa, K. J., & Oz, E. (2014). Management Information Systems. Boston, MA: Cengage Learning. 

Wang, H., (2014). Programming Languages for MIS. doi:10.1201/b16391

Xu, J., & Quaddus, M., (2013). Managing Infrastructure for Information Systems. Managing Information Systems, 85-107. doi:10.2991/978-94-91216-89-3_6

Zeng, H., Qiu, C., & Cui, Q. (2015). Drug-Path: a database for drug-induced pathways. Database, 2015, bav061. doi:10.1093/database/bav061