Lecture 10

Structure of organization

components of organizational structure:

1. Division of Labor
Division of organizational tasks among different individuals or teams based on skills, experience,
and job roles.

2. Departmentalization
grouping of activities, tasks, and roles into departments according to function

3. Hierarchy and Levels of Authority

define the levels of authority within an organization, organizing employees by rank and
responsibilities.

4. Span of Control
refers to the number of employees a manager directly oversees.

5. Centralization vs. Decentralization

Centralization concentrates decision-making power at the top levels of the organization, leading
to consistent policies and strategies. In contrast, decentralization distributes authority across lower
levels, promoting flexibility and quicker responses to local needs.

6. Formalization
degree to which rules, policies, and procedures are standardized.

7. Communication Channels
the paths through which information flows within an organization.

8. Coordination Mechanisms
help align tasks across departments, ensuring that teams work together to achieve common goals.

Types of organizational structures:

1. Business Structure
Defines the legal ownership and operational framework of a business.

Page | 1
 2. Organizational Structure
Determines how roles, responsibilities, and communication are arranged within the
enterprise.

Business structures:

1. Sole Proprietorship
A business owned and operated by a single individual.

2. Partnership
A business owned by two or more individuals.

3. Corporation
A business that is legally separate from its owners. It protects owners from personal liability and can
raise money by selling shares.

4. Limited Liability Company (LLC)

A hybrid business structure that combines the liability protection of a corporation with the tax benefits
of a partnership.

5. Nonprofit Organization
An organization formed for charitable, educational, or social purposes

6. Cooperative
A business owned and operated by a group of individuals for their mutual benefit.

7. Franchise
A business model where a franchisee pays for the rights to operate a business under the franchisor's
brand and system.

Organizational structures:

1. Hierarchical (Tall) Structure

Traditional multi-layered management model with centralized authority.

2. Flat Structure
Minimal levels of management to enhance agility and employee autonomy

Page | 2
3. Matrix Structure
Dual-reporting setup, combining project and functional management.

4. Divisional Structure
Organized by product lines, markets, or geographic regions—each operating semi-
independently.

5. Line and Staff Structure

Blends direct (line) authority with supportive (staff) advisory roles.

6. Functional Structure
Groups employees by specialization (e.g., marketing, finance) to maximize departmental
efficiency.

7. Project-Based Structure
Temporary teams formed around specific projects, disbanded upon completion.

8. Virtual and Boundary-less Structure

Relies on digital collaboration tools to operate across locations with minimal physical or
hierarchical constraints.

Lecture 11
Software house organization

Anatomy of software house:

1. Core Teams and Roles
developers, quality assurance, project managers, UX/UI designers, business analysts, and support
staff.

Page | 3
 2. Tools and Technologies
Tools like code repositories, project management software (e.g., Jira), testing environments, and
communication tools (e.g., Slack).

3. Workflows and Methodologies

Processes that guide how the teams collaborate and work on projects.

Core team and roles:

1. Executive Leadership
2. Development and Technical Teams
3. Design team
4. Project Management Team
5. Sales and Marketing Team
6. Client Services
7. Finance and Administration
8. Research and Development (R&D) Team

Types of organizational structures (software house specific):

1. Product-Based Structure
Focus on long-term product development

2. Project-Based Structure
Temporary team setups for specific client projects

3. Matrix Structure
Combination of functional and project-based team

4. Flat Structure (relevant for smaller startups)

Fewer hierarchical levels, emphasizing flexibility and speed

Page | 4
Lecture 12
Organizational behavior

Organizational Behavior (OB) explores how individuals act within organizations and how this
behavior influences workplace dynamics. OB is vital for project success, emphasizing people
management and behavioral understanding.

Importance of OB

• Enhances team collaboration, conflict resolution, and motivation.

• Supports career development through leadership and communication skills.
• Fundamental for effective project management and fostering a productive environment.

Staff Selection:

• Differentiates between eligibility (qualifications) and suitability (practical effectiveness).

• Emphasizes skill assessment and structured recruitment processes: job specification,
applicant screening, interviews, and verification procedures.

Staff Development:

• Induction processes for new hires are critical.

• Ongoing training, both internal and external, is encouraged to support professional
growth.

Staff Motivation:

• Maslow’s Hierarchy of Needs

Motivational needs progress from basic (food, safety) to higher levels (recognition, self-
actualization).

• Expectancy Theory (Vroom)

Motivation is a product of expectancy, instrumentality, and the perceived value of rewards.

Page | 5
Stress and Stress Management:

• Moderate stress can enhance engagement; excessive stress reduces productivity and
health.
• Causes role ambiguity and role conflict. Effects emotional (e.g., anxiety), and physical
(e.g., fatigue) strains.
• Management Techniques: Imagery, Relaxation, and Meditation, Cognitive Behavioral
Approaches (e.g., time management, journaling), Systemic Approaches (e.g., job
redesign, environment changes).

Lecture 13
Health and safety at work

Importance of health and safety:

• Both employers and employees share responsibility.

• Ensures protection, morale, productivity, and legal compliance.
• Accidents (e.g., slips, machinery injuries) highlight the need for preventive measures,
training, and accountability.

Employer responsibility:

• Must conduct risk assessments, provide training, and follow safety legislation.
• Must install safety mechanisms (e.g., guards) and respond promptly to incidents.

Health and safety under the act:

• Protects worker and public health.

• Requires safe work systems, safe equipment, and proper material handling.
• Violations (e.g., storing flammables unsafely) can result in inspections and legal
action.

Page | 6
General duties:

• Employers: Safe premises and systems.

• Employees: Follow protocols and report hazards.
• Manufacturers: Provide safe products.

• Inspectors can issue:

o Improvement Notices
o Prohibition Notices
o Fines or prosecutions
• Persistent violations lead to stricter penalties.

Lecture 14
HRM and Software Engineering

HRM in Software:
Managing people through training, development, and a supportive workplace, balancing
business goals with employee well-being. Aligns employee goals with company strategy.
Encourages commitment, independence, and teamwork. Promotes flexible job roles and shared
management responsibility. Optimizes use of employee skills.

HRM model for software engineering:

1. Strategic and Forward-Thinking

Aligns employee goals with company objectives for future success.

2. Employee Commitment and Independence

Encourages dedication and gives employees some independence.

3. Teamwork Approach
Everyone works together towards shared goals, with individual efforts rewarded.

4. Flexible job Roles

Allows employees more control and adaptability in their responsibilities.
5. Shared Responsibility

Page | 7
HR tasks are part of every manager’s role, not limited to the HR department.

6. Efficient Use of Employees

Focuses on optimizing employee skills and contributions.

Strategic HRM in Software:

• Long-Term HR Planning: Predicts future staffing needs and prepares resources to meet
current and future goals.
• Strategic Alignment: Ensures HR activities like hiring, training, and promotions support
the company's overall strategy.
• Useful Tools: Uses software systems to manage recruitment, staffing, and skill
development efficiently.

Challenges:
• Development Environments: Ensuring access to efficient and user-friendly tools for
coding, testing, and debugging.
• HR Alignment: Integrating HR practices with the goals of software development and data
management.
• Flexibility with Advanced Technology: Balancing the need for adaptable software with
the rapid pace of technological advancements.

Software Development vs Production:

• Development: Custom-built software for specific needs.

• Production: Mass creation of software, often outsourced.
• Includes freelancers, body-shopping, and teleworking.
• Outsourcing cuts costs but creates challenges in management and inclusion.

Page | 8
Training and Skills Development:
• Problems: Skills gaps, poor communication/business knowledge in grads, IT job
stereotypes.
• Solutions: Blend CS with business education, industry training, and practical skills focus.
• Promote flexible, realistic career paths.

Self-Management and Team Commitment:

• Control vs. Commitment:
HRM focuses on motivating employees to care about the quality of their work, rather than
just following rules and instructions.
• New Skill Definition:
Skills are not just about technical knowledge, but also qualities like responsibility, flexibility,
and work ethic.
• Team-Based Self-Management:
Employees in small teams are given responsibility for quality, with the freedom to make
some decisions on their own.
• Team Collaboration:
Success is built on teamwork, with open and regular communication between managers and
employees to foster trust and motivation.
• Performance Appraisal in Teams:
Team-based performance reviews encourage greater participation, commitment, and
productivity compared to individual evaluations.

Lecture 15
Finance and accounting

Finance and Accounting involve managing an organization’s funds to ensure financial stability
and success. For newly graduated software engineers, understanding these basics is essential,
especially when launching a startup.

Page | 9
The need for capital:

Starting a software company requires initial capital, as expenses occur before income is
generated (e.g., delayed client payments).

• Salaries – Wages for staff and contractors.

• Rent and Bills – Office space, utilities, internet.
• Equipment – Computers, servers, tools, software licenses.
• Advertising – Marketing to attract clients.
• Miscellaneous Costs – Supplies, travel, etc.
• Loan Interest – Payments on borrowed funds.

Source of funds:
1. Grant
Free funding (no repayment) with restricted use. Example: Gov’t grant for AI tool development.
2. Loan
Borrowed money to repay with interest. Example: Bank loan for office setup.
3. equity

Selling shares to investors for capital. Investors get ownership and profit share. Example:
Investor receives 20% equity for funding.

Budgeting and monitoring:

A financial plan showing expected income and expenses (typically yearly). Helps manage money
and predict financial health.

• Track actual vs. planned performance (monthly/weekly).

• Adjust forecasts based on real data (iterative).

Page | 10
Sales and order intake:

Sales:

Revenue from selling services/products. Crucial for covering costs and sustaining business.

Order intake:

Measures customer requests; reflects workload and future income.

Costing:
Costing determines all expenses for delivering a product/service.

Types:

• Raw Materials – Tools, components used in production.

• Brought-in Items – Pre-made components used as-is.
• Equipment Costs – Hardware, software purchases.
• Labor Costs – Wages and employee benefits.

Overheads:

• Indirect costs (e.g., admin, marketing, HR).

• Departmental Overheads – Costs linked to a department (e.g., HR helps improve
recruitment).
• Corporate Overheads – General company costs (e.g., management salaries).

Pricing:

Pricing determines how much to charge for products/services. It must cover all costs (production,
operations), Ensure profitability, Stay competitive.

Factors affecting pricing:

1. Production Costs – Total cost of service delivery.

2. Market Conditions – Demand, customer behavior, economy.
3. Competition – Market rivals and alternatives.
4. Elasticity of Demand – Price sensitivity of customers.

Page | 11
Annual statements:

Balance sheet:

• Snapshot of assets, liabilities, and equity at year-end.

• Must balance: Assets = Liabilities + Equity
• Reflects financial health and accuracy.

Profit and loss statement:

• Tracks money received vs. spent.

• Called income/expenditure account for nonprofits.

Capital and its maintenance:

Capital is a financial guarantee of a company’s stability.

• Gives confident to investors and lenders.

• Required to secure loans and maintain trust.

Legal rules:

• Shares cannot be sold below original value.

• Companies can’t return initial investor funds.

Lecture 16
Accountability and auditing

Accountability:
It means being answerable for actions, decisions, and results. Critical in professional settings,
especially in software engineering.
Example: A software engineer introduces a bug. Accountability means explaining the error,
fixing it, and preventing recurrence.

Page | 12
Pillars of Accountability:
1. Responsibility – Duty to complete tasks ethically and correctly.
Example: Finishing coding tasks on time.
2. Answerability – Justifying decisions or actions when questioned.
Example: Explaining undetected bugs.
3. Trustworthiness – Being dependable and worthy of confidence.
Example: Securely managing sensitive data.
4. Liability – Legal/financial responsibility for consequences.
Example: Company paying for damages from a faulty product.

Real-Life Applications of Accountability:

• Common Purpose: Ensure team members understand the "why" behind tasks to promote
responsibility.
Example: Explaining importance of a security patch.
• Clear Expectations: Define roles and responsibilities.
Example: Assign developer, tester, project manager clearly.
• Communication & Alignment: Keep everyone informed through meetings and tools.
Example: Regular progress updates via Jira or Slack.
• Collaboration: Work together, adjust plans when needed.
Example: Team reacts quickly to fix late-discovered bugs.
• Consequences: Review outcomes and learn from both successes and failures.
Example: Post-mortem review after project delivery.

Auditing and Errors:

Auditing is the process of reviewing financial records to ensure accuracy, compliance, and
transparency.
Common Types of Errors in Auditing:
1. Error of Principle – Violation of accounting standards.
Example: Recording income when received instead of earned.

Page | 13
 2. Error of Clerical – Simple recording mistakes.
Example: Typing $1,500 instead of $15,000.
3. Error of Omission – Missing entries.
Example: Forgetting to record a client’s payment.
4. Error of Commission – Entering wrong figures or into the wrong account.
Example: Payment logged under the wrong customer.
5. Error of Duplication – Recording the same transaction twice.
Example: Double-entering a sales invoice.

Types of Auditing:

Internal Auditing:

• Conducted by in-house staff or internal audit teams.

• Focuses on internal controls, risk management, and compliance with internal policies.
• Helps improve efficiency and prevent fraud.
• Example: A software company’s internal audit team reviews project expenses for
irregularities.

External Auditing:

• Performed by independent, external firms.

• Ensures financial statements are accurate and comply with legal standards.
• Increases transparency for investors, regulators, and stakeholders.
• Example: An external auditor verifies the company’s annual financial report for
shareholders.

Lecture 16

Information Security

Introduction to Information Security (InfoSec):

InfoSec refers to the tools, policies, and procedures used to protect all forms of information (digital
and physical) from unauthorized access, theft, or damage. It includes areas like network security,
auditing, and testing.

Page | 14
Information Security vs Cybersecurity:

Information Security: Broad scope; protects all types of data (digital & physical).

Cybersecurity: Focused on defending digital data from cyber threats (e.g., hacking, malware).

Core Principles of information security:

1. Confidentiality: Only authorized access to information.

2. Integrity: Accuracy and consistency of data.
3. Availability: Reliable access to information when needed.

Expanded Principles:

1. Authentication: Verifying user identity.

2. Authorization: Defining user access rights.
3. Non-repudiation: Ensures users can’t deny their actions (e.g., digital signatures).

Types of Information Security:

1. Network Security: Protects data during transmission (e.g., firewalls).
2. Application Security: Secures software from vulnerabilities.
3. Endpoint Security: Protects individual devices (e.g., antivirus).
4. Data Security: Safeguards stored or processed data (e.g., encryption).
5. Physical Security: Protects physical infrastructure (e.g., CCTV, access control).
6. Cloud Security: Secures cloud-based systems and services.

Chief Information Security Officer (CISO):

Responsible for managing an organization’s InfoSec program.

Key responsibilities:

• Security Operations
• Cyber Risk and Intelligence
• Data Loss and Fraud Prevention

Page | 15
 • Security Architecture
• Identity and Access Management
• Program Management
• Investigations and Forensics
• Governance

Security Operations Center (SOC):

Centralized team and tools that monitor and respond to security threats.

Types:

• Internal SOC: in-house team (high control, high cost).

• Virtual SOC: Outsourced service (cost-effective, less control).
• Hybrid SOC: Mix of both (balanced but complex).

Information Security & Compliance:

Ensures organizational practices follow legal and regulatory standards.

International Regulations:

• GDPR (EU): Personal data protection.

• HIPAA (US): Medical data privacy.
• SOX (US): Financial data integrity.
• PCI-DSS: Credit card data security.

Local Regulations (Pakistan):

• PPDPB: Proposed personal data protection law.

• PECA 2016: Cybercrime law.
• SBP Framework: Cybersecurity for financial institutions.
• PTA Guidelines: Telecom and digital service protection.

Common security risks and threats:

1. Social Engineering Attacks

Tricking individuals into revealing confidential information (e.g., phishing emails).

Page | 16
 2. Advanced Persistent Threats (APT)
Long-term, targeted attacks by skilled hackers aiming to steal or damage data.
3. Insider Threats
Employees or trusted users who misuse access to harm the organization.
4. Crypto jacking
Unauthorized use of company systems to mine cryptocurrency, reducing performance.
5. Distributed Denial of Service (DDoS)
Overloading systems with traffic to crash websites or services.
6. Ransomware
Malicious software that encrypts files and demands payment for decryption.
7. Man-in-the-Middle (MitM) Attacks
Intercepting communication between two parties to steal or alter data.
8. Unsecure or Poorly Secured Systems
Systems lacking strong protections, making them easy targets for attackers.
9. Malware on Endpoints
Malicious software on devices (e.g., computers, phones) that can spread across networks.
10. Lack of Encryption
Data sent or stored without encryption, making it vulnerable to interception or theft.
11. Security Misconfiguration
Improperly set up security controls, exposing systems to attacks.
12. Active Attacks
Direct actions to steal, damage, or manipulate data (e.g., hacking into a server).
13. Passive Attacks
Eavesdropping or monitoring data without altering it, often to gather sensitive
information.

Key information Security Technologies:

1. Firewalls: Filter and control incoming and outgoing network traffic based on predefined
security rules.
2. SIEM (Security Information and Event Management): Monitors and analyzes real-time
security alerts from various systems to detect and respond to threats.
3. DLP (Data Loss Prevention): Prevents unauthorized access, transfer, or leakage of
sensitive data.
4. IDS (Intrusion Detection System) / IPS (Intrusion Prevention System): IDS detects
suspicious activity and alerts admins; IPS takes immediate action to block threats.
5. EDR (Endpoint Detection and Response): Detects, investigates, and responds to threats
on endpoint devices like laptops or smartphones.
6. CSPM (Cloud Security Posture Management): Continuously monitors cloud
infrastructure to ensure it complies with security best practices.
7. VPN (Virtual Private Network): Encrypts internet connections to allow secure and
private access to a network from remote locations.

Page | 17