THE BCS PROFESSIONAL EXAMINATION BCS Level 5 Diploma in IT April 2009 EXAMINERS' REPORT Professional Issues in Information Systems

Practice
General comments on candidates' performance After improving steadily over the last few sittings, the pass rate this sitting showed a marked decline. The two largest centres had particularly low pass rates, but all other centres with enough candidates to be statistically significant had pass rates that were little changed. As usual, some candidates performed extremely well and showed a real and profound understanding of the material; as a result, they gained very high marks. Such candidates were to be found at all centres. Nevertheless, many candidates were clearly inadequately prepared for the examination and lacked the necessary basic knowledge. The percentage of candidates gaining marks of less than 30% rose to 52%, while 28% of candidates gained less than 20%. Candidates scoring less than 20% can have little knowledge or understanding of the material and therefore little hope of passing. Question 1 Explain briefly how the relevant aspects of the BCS Code of Conduct, Code of Practice, and any appropriate laws, would influence your actions as a computing professional in each of the following situations. a) The need as a software project manager, to be aware of, and able to apply, current good practice and to ensure your staff are fully competent in their relevant disciplines. (8 marks) You have recently changed jobs and your new company asks you to lead the team developing a software product similar to the one you worked on at your previous company. It is made clear to you that you are being asked to do this because of your experience with this type of product. (8 marks) You work for a company that produces and markets a software product. You become aware of a defect in the product that could result in the unintentional release of confidential information. The revenue from the product is not, however, large enough to cover the cost of fixing the problem and the company is therefore resisting making the change. (9 marks)

b)

c)

Answer Pointers a) The Code of Conduct clauses that are most relevant are clauses 14 and 15: You shall seek to upgrade your professional knowledge and skill, and shall maintain awareness of technological developments, procedures and standards which are relevant to your field, and encourage your subordinates to do likewise. You shall not claim any level of competence that you do not possess. You shall only offer to do work or provide a service that is within your professional competence

The Code of Practice describes the current good practice that underpins the professional competencies required. b) This situation raises issues of confidentiality and intellectual property ownership. Copyright applies to every type of software and unauthorised copying of software is therefore a breach of copyright. Where software is created in the course of employment, the copyright belongs to the employer. This applies in the situation here. However, copyright does not protect the ideas behind the system. These may, however, constitute confidential information and reusing them could therefore amount to a breach of confidence. The Code of Conduct highlights: You shall avoid any situation that may give rise to a conflict of interest between you and your relevant authority. You shall make full and immediate disclosure to them if any conflict is likely to occur or be seen by a third party as likely to occur. You shall not disclose or authorise to be disclosed, or use for personal gain or to benefit a third party, confidential information except with the permission of your relevant authority, or at the direction of a court of law. c) The crucial clause in the Code of Conduct is clause 9: You shall not misrepresent or withhold information on the performance of products, systems or services, or take advantage of the lack of relevant knowledge or inexperience of others. This may be legally supported through contractual obligations, especially potential warranty /service level clauses. Other clauses in the code may also be relevant, especially clause 6: You shall carry out work or study with due care and diligence in accordance with the relevant authority's requirements, and the interests of system users. If your professional judgment is overruled, you shall indicate the likely risks and consequences. The crux of the issue here, familiar to all professionals in whatever field, is the potential conflict between full and committed compliance with the relevant authority's wishes, and the independent and considered exercise of your judgment. If your judgment is overruled, you are encouraged to seek advice and guidance from a peer or colleague on how best to respond. Should your judgment still be overruled then you may have to decide whether the damage that could result from the fault is serious enough to justify whistle-blowing. Also you may need to take into account ethical issues related to potential jobs at risk and the greater good of the customers. [Syllabus section 1h] Examiners Comments This question was attempted by just over 70% of candidates. The overall standard was comparatively good and some candidates produced excellent answers. Weaker answers failed to include the detail or subtlety expected or, in many cases, simply showed lack of knowledge.

Question 2 a) Explain what is meant by the terms working capital and cash flow. (5 marks) b) Two BCS members have established a software company. The company sells an accounting package to other small businesses. It also provides consultancy services to these companies, as required, to help them implement or adapt the package. It expects these sales to grow over the coming year. i) Making reasonable assumptions, which should be stated, about the costs and revenues involved, produce a cash flow forecast for the first six months of operation. (15 marks) Explain how you would use this forecast to estimate the amount of working capital required. (5 marks)

ii)

Answer Pointers a) Working capital: this is often thought of as the cash available to finance the day-to-day operations of a company, but more formally is calculated as the difference between the current assets and the current liabilities. Cash flow is commonly used to refer to a period and it means the difference between cash (or cash equivalents) received during the period and cash expended during the period. b) January Cash outflow Rent Energy Salaries Insurance Transport Subsistence IT costs Monthly cash outflow Cash inflow Income from consultancy Income from licences Monthly cash inflow Net cash flow Cumulative cash flow 5000 100 10000 300 700 500 16600 February March April 5000 100 10000 5000 300 700 500 21600 May June

100 10000 300 700 500 11600

100 10000 300 700 1000 12100

100 15000 400 800 500 16800

100 15000 400 800 500 16800

5000 5000 10000 (6600) (6600)

5000 5000 10000 (1600) (8200)

10000 5000 15000 2900 (5300)

10000 5000 15000 (6600) (11900)

20000 7000 27000 10200 (1700)

20000 7000 27000 10200 8500

The specific numbers used are not critical but candidates were expected to state briefly their assumptions. ii) The overall cash in / out over the period is approximately even. At the highest point the companys outflow is 11900 more than its inflow. So prudently the company should allow for a working capital (available cash) of at least 15000 [Syllabus section 1d]

Examiners Comments Very few candidates were able to produce a reasonable cash flow such as the one above. Some were confused by the calculation of working capital and were looking for assets. Others simply wrote ideas about the expenditure and income without proposing any numbers, thereby making the working capital estimate impossible.

Question 3 a) Outline how the Electronic Commerce (EC Directive) Regulations 2002 affect the liability of Internet Service Providers for defamatory material passing over their networks or stored on web pages that they host. (15 marks) The UK Computer Misuse Act 1990 was amended by the Police and Justice Act 2006, which created two new offences: making, supplying or obtaining software tools for use in computer misuse offences, and carrying out unauthorised acts with the intention of impairing the operation of a computer. Explain why this new legislation was necessary. (10 marks) Answer Pointers a) These regulations follow the EC Directive in distinguishing three roles that an ISP may play: mere conduit, caching, and hosting. The role of mere conduit is that in which the ISP does no more than transmit data; in particular, the ISP does not initiate transmissions, does not select the receivers of the transmissions, and does not select or modify the data transmitted. It is compatible with the role of mere conduit for an ISP to store information temporarily, provided this is only done as part of the transmission process. Provided it is acting as a mere conduit, the regulations provide that an ISP is not liable for damages or for any criminal sanction as a result of a transmission. The caching role arises when the information is the subject of automatic, intermediate and temporary storage, for the sole purpose of increasing the efficiency of the transmission of the information to other recipients of the service upon their request. An ISP acting in the caching role is not liable for damages or for any criminal sanction as a result of a transmission, provided that it does not modify the information and acts expeditiously to remove or to disable access if it has reason to believe that the information is defamatory or its removal has been ordered by a court. Where an ISP stores information provided by its customers, it is acting in a hosting role. In this case, it is not liable for damage or criminal sanctions provided that: it did not know that anything unlawful was going on; where a claim for damages is made, it did not know anything that should have led it to think that something unlawful might be going on; or when it found out that that something unlawful was going on, it acted expeditiously to remove the information or to prevent access to it, and the customer responsible for the information was not acting under the authority or the control of the service provider. [Syllabus sections 1e and 1g] b) None of the three offences created by the Computer Misuse Act 1990 (unauthorised access, unauthorised access with intent, and unauthorised modification) was necessarily applicable to situations in which the new offences might apply. Hacking software might be developed, supplied from, and used on computers belonging to the individuals concerned, so that there was no question of unauthorised access. And denial of service attacks by flooding a machine with e-mails or server requests again did not necessarily involve unauthorised access, since the server requests would be of the type that the server was constructed to service.

b)

[Syllabus section 1e] Examiners Comments This question was attempted by 38% of candidates. The candidates who showed some knowledge of the topic generally answered part (a) well but part (b) was answered badly. Most candidates simply described the offences created by the CMA and made no attempt to explain why they were too narrow to cover such activities as denial of service attacks or selling hacking tools.

Question 4 a) Explain what a patent is, and how a company would apply for a patent for a novel computer hardware device for potentially international sale. What documentation must be included in the application? (10 marks) Discuss the protection of software by: i) ii) ii) copyright; (5 marks) patents; (5 marks) trade marks. (5 marks)

b)

Answer Pointers a) A patent is a right, granted to an inventor by the state, to prevent others from making, using, importing or selling a specific invention without permission, for a fixed period. A patent is only effective in the country in which it is granted. For this reason, the company wanting a patent for a computer hardware device for potentially international sale will want to apply for patents in many countries, such as the EU, the USA, India, etc. It is possible to make a single application for multiple patents through the European Patent Office or the World Intellectual Property Organisation. A patent application should include a full description of the invention (including any drawings), a definition of the invention, and an abstract summarising the technical features of the invention. b) Copyright prevents people from directly copying software or design documents and from directly translating the software into a different programming language. It does not prevent people writing similar code using their own ideas. This means that successful action for breach of copyright depends on proving that copying actually took place. This may be difficult. In theory, a piece of software can only be patented if it is part of physical device. In this case, the protection is very strong because other people are prevented from using similar software, even if they have developed it completely independently. In practice, many software patents would probably prove to be unenforceable because the necessary conditions for the award of a patent will prove not to have been satisfied. Trade marks prevent people from passing off their software as that of a well-known supplier by putting it in similar packaging or displaying a similar logo. It is effective only in countries that enforce the relevant legislation vigorously. [Syllabus section 1f]

Examiners Comments Almost all candidates attempted this question but, despite a few excellent answers, the general standard was poor. The main weakness was candidates failure to address the question as set. Thus, in part (a) many candidates wrote at great length about the criteria that must be satisfied in order for a patent to be granted but failed to explain that a patent is a legal right, etc., and failed to explain that patents are granted by individual states and only apply in the jurisdiction in which they are issued. Again in part (b) many candidates explained in detail the concepts of copyright and trade marks in general but failed to explain how they were used to protect software.

Question 5 a) Explain the difference between an organic organisational structure and a bureaucratic organisational structure. (7 marks) Explain what is meant by a matrix structure and give disadvantages of such a structure.
TWO

b)

advantages and

TWO

(8 marks) c) Flat organisational structures reduce the levels of hierarchy and widen the span of control. Give TWO advantages and TWO disadvantages that this approach might have when the organisation relies on its employees to make judgements on customers requests, illustrating your answer with suitable examples. (10 marks)

Answer Pointers a) Bureaucratic organisation exhibits the following characteristics 1. All tasks are split up into specialised jobs, in which jobholders become expert; management can thereby hold them responsible for the effective performance of their duties. 2. The performance of each task is governed by precise rules. This means that there should be no variation in the way tasks are carried out and therefore no problems with the co-ordination of different tasks. 3. Each individual (and hence each unit) in the organisation is accountable to only one and only one manager. In contrast, an organic structure emphasises horizontal specialisation (typically by type of client), extensive use of individual discretion and flexible rules, policies and procedures. b) Advantages: A matrix structure combines the strengths of both functional and divisional departmentalisation. It provides managers able to converse with and manage, both technical and business (function specific) personnel. It is very helpful in project based situations, where a blend of technical and business (function specific) knowledge is required. Disadvantages: It is expensive to maintain. Authority and responsibilities of managers may overlap, therefore giving rise to possible conflict. Unity of command is lost because individuals now have more than one supervisor.

c) Advantages Faster decision making. As the employees are close to the customer, there is a better chance that the customers needs will be met. Empowerment of employees. Disadvantages Over time, some employees might begin to pay less attention to rules, guidelines, policies and procedures. Resentment may build up with employees who are not given the same freedom to make judgements. Pressure to enhance productivity without tight controls, could result in improper judgements (e.g. recent banking decisions such as sub-prime lending). [Syllabus sections 1b and 1h] Examiners Comments This was the least popular question, answered by only a third of the candidates.

Question 6 a) Explain the terms sole trader and partnership. (8 marks) b) What is the primary role of the Company Secretary in a limited company? (5 marks) c) Many limited companies have both executive and non-executive directors. Describe the role of the non-executive directors. (6 marks) What responsibilities do the directors of a limited company have in respect of the companys debts? (6 marks)

d)

Answer Pointers a) A sole trader is a single individual running a business that he or she owns completely. There are no formalities involved in becoming a sole trader: a person becomes a sole trader simply by starting to run such a business. The sole trader is personally responsible for the debts of his business. A partnership is a business operated and owned by two or more people. A partnership comes into existence automatically as soon as two or more people start a business together. The partners are jointly and severally responsible for the debts of the partnership. b) The company secretary is legally responsible for keeping the various records that the company has to maintain and for submitting various statutory returns to Companies House in Cardiff. He or she will normally also take responsibility for a variety of related matters. c) Non-executive directors are directors who act in advisory capacity only. Typically, they attend monthly board meetings to offer the benefit of their advice and serve on committees concerned with sensitive issues such as the pay of the executive directors and other senior managers. They are paid a fee for their services. Legally, however, the duties and responsibilities of non-executive directors are precisely the same as those of the executive directors.

d) Directors are required to keep themselves aware of the companys financial position and not allow it to continue to incur debts when they know or should have known that the company will be unable to repay them. Provided they do this, they have no liability for the companys debts. If, however, they fail to do this, a court can make them personally liable for the company's debts. [Syllabus section 1b] Examiners Comments This question was attempted by over 90% of candidates and was comparatively well answered. However, few candidates had any idea of the roles of company secretary or nonexecutive directors and many candidates wrote at length on the general duties of directors but failed to answer the specific question regarding liability for the companys debt.