Ashford University Duty of Care for Information Systems Professionals Discussion

User Generated

oevgwbpne803

Writing

ashford university

Description

Prior to beginning work on this interactive assignment read the Extending Learned Hand’s Negligence Formula to Information Security Breaches article and Chapters 1and 2 from the course text.

It is very important for an aspiring CIO to understand the full implications of their “Duty of Care.” For your initial post, review and select a real-life case study from the examples mentioned in the introduction to the “Extending Learned Hand’s Negligence Formula to Information Security Breaches” article above, regarding the breach of duty of a CIO, or other IS professional.

In the body of your post,

  • Identify the various aspects related to your case study and define, in your own words, the Duty of Care owed by the IS professional to the organization.
  • Analyze your case study and provide a specific explanation of how the IS professional breached this defined duty. Describe who was harmed by this breach and how this harm manifested.

Evaluate the case study, including your own analysis, and, in a separate document, create a protocol you would enact to prevent or discourage this type of breach in the future. Attach your document to your initial post with the required information. Include a full APA citation, as outlined in the Ashford Writing Center (Links to an external site.), for your case study at the end of your attached protocol document.

Your initial post should be a minimum 300 words.

Unformatted Attachment Preview

CHAPTER 1 A N O V E R V I EW OF ET HIC S QUOTE Integrity is doing the right thing, even when nobody is watching. —Anonymous VIGNETTE Cisco Chairman and CEO Advocates Ethical Behavior Cisco is a U.S.-based multinational corporation that designs, sells, and manufactures networking equipment. The company’s operations generated $46 billion in sales and $8 billion in net income for fiscal year 2012.1 Cisco has been named a “World’s Most Ethical Company” honoree by the Ethisphere Institute for five consecutive years (2008–2012).2 Its Chairman and CEO John Chambers states: “A strong commitment to ethics is critical to our long-term success as a company. The message for each employee is clear: Any success that is not achieved ethically is no success at all. At Cisco, we hold ourselves to the highest ethical standards, and we will not tolerate anything less.”3 Cisco conducts numerous programs aimed at fulfilling what it sees as its corporate social responsibilities. For instance, the company provides ethics training to its over 70,000 employees, and it prides itself on providing employee benefits that foster a good work-life balance. Cisco employees are also encouraged to donate money and volunteer hours to nonprofit organizations around the world. Cisco manages energy and greenhouse emission generated by its operations. The company Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology demands the same high standards from its more than 600 supply chain partners in regard to ethics, 2 labor practices, health and safety, and the environment; it communicates its Code of Conduct to suppliers, monitors their compliance, and helps them improve performance. Cisco collaborates with industry groups to raise standards and build sustainability capabilities throughout its supply chain. The company uses its core expertise in networking technology to improve both the delivery and quality of education as well as to improve health care. It also intervenes to help meet critical human needs in times of disaster by providing access to food, potable water, shelter, and other forms of relief. For example, in 2012, Cisco employees pledged $1.25 million and 12,500 volunteer hours to the Global Hunger Relief Program. Both the Cisco Foundation and Cisco Chairman Emeritus John Morgridge match employee donations, thus tripling the potential donation.4 Questions to Consider 1. What does it mean for an individual to act in an ethical manner? What does it mean for an organization to act ethically? 2. How should an organization balance its resources between pursuing its primary mission for existence and striving to meet social responsibility goals? Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology LEARNING 3 OBJECTIVES As you read this chapter, consider the following questions: 1. What is ethics, and why is it important to act according to a code of ethics? 2. Why is business ethics becoming increasingly important? 3. What are organizations doing to improve their business ethics? 4. What is corporate social responsibility? 5. Why are organizations interested in fostering corporate social responsibility and good business ethics? 6. What approach can you take to ensure ethical decision making? 7. What trends have increased the risk of using information technology in an unethical manner? WHAT IS ETHICS? Every society forms a set of rules that establishes the boundaries of generally accepted behavior. These rules are often expressed in statements about how people should behave, and the individual rules fit together to form the moral code by which a society lives. Unfortunately, the different rules often have contradictions, and people are sometimes uncertain about which rule to follow. For instance, if you witness a friend copy someone else’s answers while taking an exam, you might be caught in a conflict between loyalty to your friend and the value of telling the truth. Sometimes the rules do not seem to cover new situations, and an individual must determine how to apply existing rules or develop new ones. You may strongly support personal privacy, but do you think an organization should be prohibited from monitoring employees’ use of its email and Internet services? The term morality refers to social conventions about right and wrong that are so widely shared that they become the basis for an established consensus. However, individual views of what behavior is moral may vary by age, cultural group, ethnic background, religion, life experiences, education, and gender. There is widespread agreement on the immorality of murder, theft, and arson, but other behaviors that are accepted in one culture might be unacceptable in another. Even within the same society, people can have strong disagreements over important moral issues. In the United States, for example, issues such as abortion, stem cell research, the death penalty, and gun control are continuously debated, and people on both sides of these debates feel that their arguments are on solid moral ground. Definition of Ethics Ethics is a set of beliefs about right and wrong behavior within a society. Ethical behavior conforms to generally accepted norms—many of which are almost universal. However, although nearly everyone would agree that certain behaviors—such as lying and cheating—are unethical, opinions about what constitutes ethical behavior can vary An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology dramatically. For example, attitudes toward software piracy—a form of copyright infringement that involves making copies of software or enabling others to access software to which they are not entitled—range from strong opposition to acceptance of the practice as a standard approach to conducting business. In 2011, an estimated 43 percent of all personal computer software in circulation worldwide was pirated—at a commercial value of $63 billion (USD).5 Zimbabwe (92%), Georgia (91%), Bangladesh (90%), Libya (90%), and Moldova (90%) are consistently among the countries with the highest rate of piracy. The United States (19%), Luxembourg (20%), Japan (21%), and New Zealand (22%) are consistently among the countries with the lowest piracy rates.6 As children grow, they learn complicated tasks—such as walking, talking, swimming, riding a bike, and writing the alphabet—that they perform out of habit for the rest of their lives. People also develop habits that make it easier for them to choose between what society considers good or bad. A virtue is a habit that inclines people to do what is acceptable, and a vice is a habit of unacceptable behavior. Fairness, generosity, and loyalty are examples of virtues, while vanity, greed, envy, and anger are considered vices. People’s virtues and vices help define their personal value system—the complex scheme of moral values by which they live. 4 The Importance of Integrity Your moral principles are statements of what you believe to be rules of right conduct. As a child, you may have been taught not to lie, cheat, or steal. As an adult facing more complex decisions, you often reflect on your principles when you consider what to do in different situations: Is it okay to lie to protect someone’s feelings? Should you intervene with a coworker who seems to have a chemical dependency problem? Is it acceptable to exaggerate your work experience on a résumé? Can you cut corners on a project to meet a tight deadline? A person who acts with integrity acts in accordance with a personal code of principles. One approach to acting with integrity—one of the cornerstones of ethical behavior—is to extend to all people the same respect and consideration that you expect to receive from others. Unfortunately, consistency can be difficult to achieve, particularly when you are in a situation that conflicts with your moral standards. For example, you might believe it is important to do as your employer requests while also believing that you should be fairly compensated for your work. Thus, if your employer insists that, due to budget constraints, you not report the overtime hours that you have worked, a moral conflict arises. You can do as your employer requests or you can insist on being fairly compensated, but you cannot do both. In this situation, you may be forced to compromise one of your principles and act with an apparent lack of integrity. Another form of inconsistency emerges if you apply moral standards differently according to the situation or people involved. If you are consistent and act with integrity, you apply the same moral standards in all situations. For example, you might consider it morally acceptable to tell a little white lie to spare a friend some pain or embarrassment, but would you lie to a work colleague or customer about a business issue to avoid unpleasantness? Clearly, many ethical dilemmas are not as simple as right versus wrong but involve choices between right versus right. As an example, for some people it is “right” to protect the Alaskan wildlife from being spoiled and also “right” to find new sources of oil to maintain U.S. oil reserves, but how do they balance these two concerns? Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology The Difference Between Morals, Ethics, and Laws 5 Morals are one’s personal beliefs about right and wrong, while the term ethics describes standards or codes of behavior expected of an individual by a group (nation, organization, profession) to which an individual belongs. For example, the ethics of the law profession demand that defense attorneys defend an accused client to the best of their ability, even if they know that the client is guilty of the most heinous and morally objectionable crime one could imagine. Law is a system of rules that tells us what we can and cannot do. Laws are enforced by a set of institutions (the police, courts, law-making bodies). Legal acts are acts that conform to the law. Moral acts conform to what an individual believes to be the right thing to do. Laws can proclaim an act as legal, although many people may consider the act immoral—for example, abortion. The remainder of this chapter provides an introduction to ethics in the business world. It discusses the importance of ethics in business, outlines what businesses can do to improve their ethics, provides advice on creating an ethical work environment, and suggests a model for ethical decision making. The chapter concludes with a discussion of ethics as it relates to information technology (IT). ETHICS IN THE BUSINESS WORLD Ethics has risen to the top of the business agenda because the risks associated with inappropriate behavior have increased, both in their likelihood and in their potential negative impact. In the past decade, we have watched the collapse and/or bailout of financial institutions such as Bank of America, CitiGroup, Countrywide Financial, Fannie Mae, Freddie Mac, Lehman Brothers, and American International Group (AIG) due to unwise and/or unethical decision making regarding the approval of mortgages, loans, and lines of credit to unqualified individuals and organizations. We have also witnessed numerous corporate officers and senior managers sentenced to prison terms for their unethical behavior, including former investment broker Bernard Madoff, who bilked his clients out of an estimated $65 billion.7 Clearly, unethical behavior has led to serious negative consequences that have had a major global impact. Several trends have increased the likelihood of unethical behavior. First, for many organizations, greater globalization has created a much more complex work environment that spans diverse cultures and societies, making it more difficult to apply principles and codes of ethics consistently. For example, numerous U.S. companies have moved operations to developing countries, where employees work in conditions that would not be acceptable in most developed parts of the world. Second, in today’s difficult and uncertain economic climate, organizations are extremely challenged to maintain revenue and profits. Some organizations are sorely tempted to resort to unethical behavior to maintain profits. For example, the chairman of the India-based outsourcing firm Satyam Computer Services admitted he had overstated the company’s assets by more than $1 billion. The revelation represented India’s largestever corporate scandal and caused the government to step in to protect the jobs of the company’s 53,000 employees.8 Employees, shareholders, and regulatory agencies are increasingly sensitive to violations of accounting standards, failures to disclose substantial changes in business An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology conditions, nonconformance with required health and safety practices, and production of unsafe or substandard products. Such heightened vigilance raises the risk of financial loss for businesses that do not foster ethical practices or that run afoul of required standards. There is also a risk of criminal and civil lawsuits resulting in fines and/or incarceration for individuals. A classic example of the many risks of unethical decision making can be found in the Enron accounting scandal. In 2000, Enron employed over 22,000 people and had annual revenue of $101 billion. During 2001, it was revealed that much of Enron’s revenue was the result of deals with limited partnerships, which it controlled. In addition, as a result of faulty accounting, many of Enron’s debts and losses were not reported in its financial statements. As the accounting scandal unfolded, Enron shares dropped from $90 per share to less than $1 per share, and the company was forced to file for bankruptcy.9 The Enron case was notorious, but many other corporate scandals have occurred in spite of safeguards enacted as a result of the Enron debacle. Here are just a few examples of lapses in business ethics by employees in IT organizations: 6 • • • In 2011, IBM agreed to pay $10 million to settle civil charges arising from a lawsuit filed by the Securities and Exchange Commission (SEC) alleging the firm had violated the Foreign Corrupt Practices Act for bribing government officials in China and South Korea to secure the sale of IBM products. (The act makes it illegal for corporations listed on U.S. stock exchanges to bribe foreign officials.) The bribes allegedly occurred over a decade and included hundreds of thousands of dollars of cash, electronics, and entertainment and travel expenses in exchange for millions of dollars in government contracts.10 The founders of the three largest Internet poker companies were indicted for using fraudulent methods to circumvent U.S. antigambling laws and to obtain billions of dollars from U.S. residents who gambled on their sites.11 The Office of the Comptroller of the Currency (OCC), which oversees large U.S. banks, accused Citibank in 2012 of failing to comply with rules intended to enforce the Bank Secrecy Act. This act is designed to deter and detect money laundering, terrorist financing, and other criminal acts. Citibank neither admitted nor denied the allegations, but the company did agree to provide the OCC with a plan outlining how it would bring its program into compliance.12 It is not unusual for powerful, highly successful individuals to fail to act in morally appropriate ways, as these examples illustrate. Such people are aggressive in striving for what they want and are used to having privileged access to information, people, and other resources. Furthermore, their success often inflates their belief that they have the ability and the right to manipulate the outcome of any situation. The moral corruption of people in power, which is often facilitated by a tendency for people to look the other way when their leaders act inappropriately has been given the name Bathsheba syndrome—a reference to the biblical story of King David, who became corrupted by his power and success.13 According to the story, David became obsessed with Bathsheba, the wife of one of his generals, and eventually ordered her husband on a mission of certain death so that he could marry Bathsheba. Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology Even lower-level employees can find themselves in the middle of ethical dilemmas, as these examples illustrate: • • • 7 A low-level employee of the Technical Services Department of Monroe County, Florida, was entrusted with responsibility for both acquisition and distribution of the county’s cell phones. A few months after her retirement, the employee was indicted on charges of stealing 52 county-purchased iPhones and iPads and then selling them to friends and coworkers.14 Army Private First Class Bradley Manning is believed to be responsible for the release of thousands of classified U.S. embassy cables, which caused an incident that became known as Cablegate. The incident caused many to seriously question security at the Department of Defense and led to many changes in the handling of intelligence and other classified information at various U.S. intelligence agencies and departments.15 According to CyberSource Corporation (a subsidiary of Visa Inc. that offers e-commerce payment management services), online revenue lost to fraud increased 26 percent from 2010 to 2011 to the amount of $3.4 billion. This represents 1 percent of the $340 billion retail e-commerce sales for the United States and Canada.16 This is just a small sample of the incidents that have led to an increased focus on business ethics within many IT organizations. Table 1-1 identifies the most commonly observed types of misconduct in the workplace. TABLE 1-1 Most common forms of employee misconduct Type of employee misconduct Percent of surveyed employees observing this behavior Misuse of company time 33% Abusive behavior 21% Lying to employees 20% Company resource abuse 20% Violating company Internet-use policies 16% Discrimination 15% Conflicts of interest 15% Inappropriate social networking 14% Health or safety violations 13% Lying to outside stakeholders 12% Stealing 12% Falsifying time reports or hours worked 12% Source Line: Ethics Resource Center, “2011 National Business Ethics Survey: Workplace Ethics in Transition,” © 2011, www.ethics.org/nbes/files/FinalNBES-web.pdf. An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology Corporate Social Responsibility 8 Corporate social responsibility (CSR) is the concept that an organization should act ethically by taking responsibility for the impact of its actions on the environment, the community, and the welfare of its employees. Setting CSR goals encourages an organization to achieve higher moral and ethical standards. As highlighted in the opening vignette, Cisco is an example of an organization that has set and achieved a number of CSR goals for itself, and as a result is recognized as a highly ethical company. Supply chain sustainability is a component of CSR that focuses on developing and maintaining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs. Supply chain sustainability takes into account such issues as fair labor practices, energy and resource conservation, human rights, and community responsibility. Many IT equipment manufacturers have made supply chain sustainability a priority, in part, because they must adhere to various European Union directives and regulations (including the Restriction of Hazardous Substances Directive, the Waste Electrical and Electronic Equipment Directive, and the Registration, Evaluation, Authorization, and Restriction of Chemicals (REACH) Regulation) to be permitted to sell their products in European Union countries. In many cases, meeting supply chain sustainability goals can also lead to lower costs. For example, since 2001, Intel has invested over $45 million in efforts to reduce its energy costs. As a result of those initiatives, the company has saved on average $23 million per year.17 Each organization must decide if CSR is a priority and, if so, what its specific CSR goals are. The pursuit of some CSR goals can lead to increased profits, making it easy for senior company management and stakeholders to support the organization’s goals in this arena. For example, many fast-food hamburger outlets (including McDonald’s, Wendy’s, and Burger King) have expanded their menus to include low-fat offerings in an attempt to meet a CSR goal of providing more healthy choices to their customers, while also trying to capture more market share.18 However, if striving to meet a specific CSR goal leads to a decrease in profits, senior management may be challenged to modify or drop that CSR goal entirely. For example, some U.S. auto manufacturers have introduced automobiles that run on clean, renewable electric power as part of a corporate responsibility goal of helping to end U.S. dependence on oil. However, Americans have been slow to embrace electric cars, and manufacturers have had to offer low-interest financing, cash discounts, sales bonuses, and subsidized leases to get the autos off the sales floor. Manufacturers and dealers are struggling to generate an increase in profits from the sale of these electric cars, and senior management at the automakers must consider how long they can continue with this strategy. Why Fostering Corporate Social Responsibility and Good Business Ethics Is Important Organizations have at least five good reasons for pursuing CSR goals and for promoting a work environment in which employees are encouraged to act ethically when making business decisions: • • Gaining the goodwill of the community Creating an organization that operates consistently Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology • • • Fostering good business practices Protecting the organization and its employees from legal action Avoiding unfavorable publicity 9 Gaining the Goodwill of the Community Although organizations exist primarily to earn profits or provide services to customers, they also have some fundamental responsibilities to society. As discussed in the previous section, companies often declare these responsibilities in specific CSR goals. Companies may also issue a formal statement of their company’s values, principles, or beliefs. See Figure 1-1 for an example of a statement of values. Our Values As a company, and as individuals, we value integrity, honesty, openness, personal excellence, constructive self-criticism, continual self-improvement, and mutual respect. We are committed to our customers and partners and have a passion for technology. We take on big challenges, and pride ourselves on seeing them through. We hold ourselves accountable to our customers, shareholders, partners, and employees by honoring our commitments, providing results, and striving for the highest quality. FIGURE 1-1 Microsoft’s statement of values Credit: Microsoft Statement of Values, “Our Values,” from www.microsoft.com. Reprinted by permission. All successful organizations, including technology firms, recognize that they must attract and maintain loyal customers. Philanthropy is one way in which an organization can demonstrate its values in action and make a positive connection with its stakeholders. (A stakeholder is someone who stands to gain or lose, depending on how a situation is resolved.) As a result, many organizations initiate or support socially responsible activities, which may include making contributions to charitable organizations and nonprofit institutions, providing benefits for employees in excess of any legal requirements, and devoting organizational resources to initiatives that are more socially desirable than profitable. Table 1-2 provides a few examples of some of the CSR activities supported by major IT organizations. The goodwill that CSR activities generate can make it easier for corporations to conduct their business. For example, a company known for treating its employees well will find it easier to compete for the best job candidates. On the other hand, companies viewed as harmful to their community may suffer a disadvantage. For example, a corporation that pollutes the environment may find that adverse publicity reduces sales, impedes relationships with some business partners, and attracts unwanted government attention. Creating an Organization That Operates Consistently Organizations develop and abide by values to create an organizational culture and to define a consistent approach for dealing with the needs of their stakeholders— shareholders, employees, customers, suppliers, and the community. Such consistency ensures that employees know what is expected of them and can employ the organization’s An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 10 TABLE 1-2 Examples of IT organizations’ socially responsible activities Organization Examples of socially responsible activities Dell Inc. Dell partners with nonprofit organizations to develop ways of using technology to help solve pressing problems. Its “Powering the Positive” program initiatives include Children’s Cancer Care, Youth Learning, Disaster Relief, and Social Entrepreneurship.19 Google Google recently invested over $250 million in solar and wind power projects.20 IBM IBM employees donated 3.2 million hours of community service in 120 countries in 2011.21 Oracle Oracle supports K-12 and higher education institutions with technology education grants and programs that reach 1.5 million students each year.22 SAP, North America SAP supports several major corporate responsibility initiatives aimed at improving education, matches employee gifts to nonprofit agencies and schools, and encourages and supports employee volunteerism.23 Microsoft Microsoft conducts an annual giving campaign, and its employees have contributed over $1 billion to some 31,000 nonprofit organizations around the world since 1983.24 Source Line: Copyright © Cengage Learning. Adapted from multiple sources. See End Notes 19, 20, 21, 22, 23, 24. values to help them in their decision making. Consistency also means that shareholders, customers, suppliers, and the community know what they can expect of the organization— that it will behave in the future much as it has in the past. It is especially important for multinational or global organizations to present a consistent face to their shareholders, customers, and suppliers no matter where those stakeholders live or operate their business. Although each company’s value system is different, many share the following values: • • • • • • Operate with honesty and integrity, staying true to organizational principles. Operate according to standards of ethical conduct, in words and action. Treat colleagues, customers, and consumers with respect. Strive to be the best at what matters most to the organization. Value diversity. Make decisions based on facts and principles. Fostering Good Business Practices In many cases, good ethics can mean good business and improved profits. Companies that produce safe and effective products avoid costly recalls and lawsuits. (The recall of the weight loss drug Fen-Phen cost its maker, Wyeth-Ayerst Laboratories, almost $14 billion in awards to victims, many of whom developed serious health problems as a result of taking the drug.)25 Companies that provide excellent service retain their customers instead of losing them to competitors. Companies that develop and maintain strong employee relations enjoy lower turnover rates and better employee morale. Suppliers and other business partners often place a priority on working with companies that operate in a fair and ethical manner. All these factors tend to increase revenue and profits while decreasing Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology expenses. As a result, ethical companies tend to be more profitable over the long term than unethical companies. On the other hand, bad ethics can lead to bad business results. Bad ethics can have a negative impact on employees, many of whom may develop negative attitudes if they perceive a difference between their own values and those stated or implied by an organization’s actions. In such an environment, employees may suppress their tendency to act in a manner that seems ethical to them and instead act in a manner that will protect them against anticipated punishment. When such a discrepancy between employee and organizational ethics occurs, it destroys employee commitment to organizational goals and objectives, creates low morale, fosters poor performance, erodes employee involvement in organizational improvement initiatives, and builds indifference to the organization’s needs. 11 Protecting the Organization and Its Employees from Legal Action In a 1909 ruling (United States v. New York Central & Hudson River Railroad Co.), the U.S. Supreme Court established that an employer can be held responsible for the acts of its employees even if the employees act in a manner contrary to corporate policy and their employer’s directions.26 The principle established is called respondeat superior, or “let the master answer.” The CEO and the general counsel of IT solutions and services provider GTSI Corporation were forced by the Small Business Administration (SBA) to resign, while three other top GTSI executives were suspended, due to allegations that GTSI employees were involved in a scheme with its contracting partners that resulted in the firm receiving money set aside for small businesses. GTSI, which had over 500 employees and revenue over $760 million, was providing services to the Department of Homeland Security in partnership with contractors who qualified as small businesses, but GTSI—as a subcontractor—was actually performing most of the services and being paid most of the fees.27 In this case, top executives were punished for the acts of several unidentified employees. The company was also suspended by the SBA from receiving new government contracts, and was ultimately acquired by another company after a steep drop in revenue.28 A coalition of several legal organizations, including the Association of Corporate Counsel, the U.S. Chamber of Commerce, the National Association of Manufacturers, the National Association of Criminal Defense Lawyers, and the New York State Association of Criminal Defense Lawyers, argues that organizations should “be able to escape criminal liability if they have acted as responsible corporate citizens, making strong efforts to prevent and detect misconduct in the workplace.”29 One way to do this is to establish effective ethics and compliance programs. However, some people argue that officers of companies should not be given light sentences if their ethics programs fail to deter criminal activity within their firms. Avoiding Unfavorable Publicity The public reputation of a company strongly influences the value of its stock, how consumers regard its products and services, the degree of oversight it receives from government agencies, and the amount of support and cooperation it receives from its business partners. Thus, many organizations are motivated to build a strong ethics program to avoid negative publicity. If an organization is perceived as operating ethically, customers, business partners, shareholders, consumer advocates, financial institutions, and regulatory bodies will usually regard it more favorably. An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 12 In 2012, Google agreed to pay a fine of $22.5 million to end an FTC investigation into allegations that the firm utilized cookies and bypassed privacy settings to track the online habits of people using Apple’s Safari browser. The amount of the fine, while the largest in FTC history, represented less than one day’s worth of Google’s profits. However, some IT industry analysts believe that the bad publicity associated with the incident is much more impactful than the fine in bringing about change at Google and in keeping it from violating FTC rules in the future.30 Improving Corporate Ethics Research by the Ethics Resource Center (ERC) found that 86 percent of the employees in companies with a well-implemented ethics and compliance program are likely to perceive a strong ethical culture within the company, while less than 25 percent of employees in companies with little to no program are likely to perceive a culture that promotes integrity in the workplace. A well-implemented ethics and compliance program and a strong ethical culture can, in turn, lead to less pressure on employees to misbehave and a decrease in observed misconduct. It also creates an environment in which employees are more comfortable reporting instances of misconduct, partly because there is less fear of potential retaliation by management against reporters (for example, reduced hours, transfer to less desirable jobs, and delays in promotions). See Figure 1-2.31 Driver 1 Well-implemented program Driver 2 Strong ethical culture Outcomes Reduced pressure for misconduct Decrease in observed misconduct Increased reporting of misconduct Goal Reduced ethics risk FIGURE 1-2 Reduced retaliation for reporting Causal Correlational Reducing ethics risk Credit: Courtesy Ethics Resource Center, “2011 National Business Ethics Survey: Workplace Ethics in Transition” Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology The ERC has defined the following characteristics of a successful ethics program: • • • • • 13 Employees are willing to seek advice about ethics issues. Employees feel prepared to handle situations that could lead to misconduct. Employees are rewarded for ethical behavior. The organization does not reward success obtained through questionable means. Employees feel positively about their company. In its 2011 National Business Ethics Survey, based on responses from over 3,000 individuals, the ERC found evidence of some improvement in ethics in the workplace as summarized in Table 1-3.32 These figures show that fewer employees witnessed misconduct on the job, but when they did, they were more willing to report it. The findings also show that there are more employees who feel pressure to commit an unethical act, as well as more employees who feel their organization has a weak ethics culture. TABLE 1-3 Conclusions from the National Business Ethics Survey 2007 survey results 2009 survey results 2011 survey results Employees who said they witnessed misconduct on the job 56% 49% 45% Employees who said they reported misconduct when they saw it 58% 63% 65% Employees who felt pressure to commit an ethics violation 10% 8% 13% Percentage of employees who say their business has a weak ethics culture 39% 35% 42% Finding Source Line: Ethics Resource Center, “2011 National Business Ethics Survey, Workplace Ethics in Transition,” www.ethics.org/news/new-research-2011-national-business-ethics-survey. The risk of unethical behavior is increasing, so improving business ethics is becoming more important for all companies. The following sections explain some of the actions corporations can take to improve business ethics. Appointing a Corporate Ethics Officer A corporate ethics officer (also called a corporate compliance officer) provides an organization with vision and leadership in the area of business conduct. This individual “aligns the practices of a workplace with the stated ethics and beliefs of that workplace, holding people accountable to ethical standards.”33 Organizations send a clear message to employees about the importance of ethics and compliance in their decision about who will be in charge of the effort and to whom that individual will report. Ideally, the corporate ethics officer should be a well-respected, senior-level manager who reports directly to the CEO. Ethics officers come from diverse backgrounds, such as legal staff, human resources, finance, auditing, security, or line operations. An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 14 Not surprisingly, a rapid increase in the appointment of corporate ethics officers typically follows the revelation of a major business scandal. The first flurry of appointments began following a series of defense-contracting scandals during the administration of Ronald Reagan in the late 1980s—when firms used bribes to gain inside information that they could use to improve their contract bids. A second spike in appointments came in the early 1990s, following the new federal sentencing guidelines that stated that “companies with effective compliance and ethics programs could receive preferential treatment during prosecutions for white-collar crimes.”34 A third surge followed the myriad accounting scandals of the early 2000s. Another increase in appointments followed in the aftermath of the mortgage loan scandals uncovered beginning in 2008. The ethics officer position has its critics. Many are concerned that if one person is appointed head of ethics, others in the organization may think they have no responsibility in this area. On the other hand, Odell Guyton—who has been the director of compliance at Microsoft for over a decade—feels a point person for ethics is necessary, otherwise “how are you going to make sure it’s being done, when people have other core responsibilities? That doesn’t mean it’s on the shoulders of the compliance person alone.”35 Typically the ethics officer tries to establish an environment that encourages ethical decision making through the actions described in this chapter. Specific responsibilities include the following: • • • Responsibility for compliance—that is, ensuring that ethical procedures are put into place and consistently adhered to throughout the organization Responsibility for creating and maintaining the ethics culture that the highest level of corporate authority wishes to have Responsibility for being a key knowledge and contact person on issues relating to corporate ethics and principles36 Of course, simply naming a corporate ethics officer does not automatically improve an organization’s ethics; hard work and effort are required to establish and provide ongoing support for an organizational ethics program. Ethical Standards Set by Board of Directors The board of directors is responsible for the careful and responsible management of an organization. In a for-profit organization, the board’s primary objective is to oversee the organization’s business activities and management for the benefit of all stakeholders, including shareholders, employees, customers, suppliers, and the community. In a nonprofit organization, the board reports to a different set of stakeholders—in particular, the local community that the nonprofit serves. A board of directors fulfills some of its responsibilities directly and assigns others to various committees. The board is not normally responsible for day-to-day management and operations; these responsibilities are delegated to the organization’s management team. However, the board is responsible for supervising the management team. Board members are expected to conduct themselves according to the highest standards for personal and professional integrity, while setting the standard for company-wide ethical conduct and ensuring compliance with laws and regulations. Employees will “get the message” if board members set an example of high-level ethical behavior. If they don’t set a good example, employees will get that message as well. Importantly, board members Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology must create an environment in which employees feel they can seek advice about appropriate business conduct, raise issues, and report misconduct through appropriate channels. Failure of the board to set an example of high-level ethical behavior or to intervene to stop unethical behavior can result in serious consequences as illustrated by the News Corporation scandal. News Corporation is a media conglomerate founded by Rupert Murdoch—with recent annual revenue over $30 billion generated by its cable networks (including Fox News Channel), film and television production subsidiaries, and publishing units. In 2009, it came to light that News Corporation’s British subsidiary, News International Ltd., publisher of the highly popular Sunday tabloid paper, News of the World, used telephone hacking and bribes to police to obtain stories about celebrities, sports figures, politicians, and ordinary citizens.37 It was alleged that the practice was well known to senior executives within the company. Based on strong negative public reaction, News Corporation stopped publication of the News of the World tabloid, and the British government blocked a major deal in which News Corporation was to fully acquire the highly successful British broadcasting company BSkyB. These actions resulted in a $3 billion drop in the stock value of News Corporation. In addition, the scandal led to the arrest of over 60 former and current journalists, and many high-level executives resigned from the firm. In a lawsuit filed in March 2011, shareholders claimed lack of board oversight for failing to react to warning signals that should have alerted them to the telephone hacking.38 15 Establishing a Corporate Code of Ethics A code of ethics is a statement that highlights an organization’s key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making. Codes of ethics frequently include a set of formal, written statements about the purpose of an organization, its values, and the principles that should guide its employees’ actions. An organization’s code of ethics applies to its directors, officers, and employees, and it should focus employees on areas of ethical risk relating to their role in the organization, offer guidance to help them recognize and deal with ethical issues, and provide mechanisms for reporting unethical conduct and fostering a culture of honesty and accountability within the organization. An effective code of ethics helps ensure that employees abide by the law, follow necessary regulations, and behave in an ethical manner. The Sarbanes–Oxley Act of 2002 was passed in response to public outrage over several major accounting scandals, including those at Enron, WorldCom, Tyco, Adelphia, Global Crossing, and Qwest—plus numerous restatements of financial reports by other companies, which clearly demonstrated a lack of oversight within corporate America. The goal of the bill was to renew investors’ trust in corporate executives and their firms’ financial reports. The act led to significant reforms in the content and preparation of disclosure documents by public companies. However, the Lehman Brothers accounting fiasco and resulting collapse as well as other similar examples raise questions about the effectiveness of Sarbanes–Oxley in preventing accounting scandals.39 Section 404 of the act states that annual reports must contain a statement signed by the CEO and CFO attesting that the information contained in all of the firm’s SEC filings is accurate. The company must also submit to an audit to prove that it has controls in place to ensure accurate information. The penalties for false attestation can include up to 20 years in prison and significant monetary fines for senior executives. Section 406 of An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 16 the act also requires public companies to disclose whether they have a code of ethics and to disclose any waiver of the code for certain members of senior management. The SEC also approved significant reforms by the NYSE and NASDAQ that, among other things, require companies listed with those exchanges to have codes of ethics that apply to all employees, senior management, and directors. A code of ethics cannot gain company-wide acceptance unless it is developed with employee participation and fully endorsed by the organization’s leadership. It must also be easily accessible by employees, shareholders, business partners, and the public. The code of ethics must continually be applied to a company’s decision making and emphasized as an important part of its culture. Breaches in the code of ethics must be identified and dealt with appropriately so the code’s relevance is not undermined. Each year, Corporate Responsibility magazine rates U.S. publicly held companies, using a statistical analysis of corporate ethical performance in several categories. (For 2012, the categories were environment, climate change, human rights, employee relations, governance, philanthropy, and financial.) Intel Corporation, the world’s largest chip maker, has been ranked in the top 25 every year since the list began in 2000, and was ranked third in 2012.40 As such, Intel is recognized as one of the most ethical companies in the IT industry. A summary of Intel’s code of ethics is shown in Figure 1-3. A more detailed version is spelled out in a 22-page document (Intel Code of Conduct, January 2012, found at www.intel.com/content/www/us/en/policy/policy-code-conduct-corporateinformation.html), which offers employees guidelines designed to deter wrongdoing, INTEL CODE OF CONDUCT JANUARY 2012 Code of Conduct Since the company began, uncompromising integrity and professionalism have been the cornerstones of Intel’s business. In all that we do, Intel supports and upholds a set of core values and principles. Our future growth depends on each of us understanding these values and principles and continuously demonstrating the uncompromising integrity that is the foundation of our company. The Code of Conduct sets the standard for how we work together to develop and deliver product, how we protect the value of Intel and its subsidiaries (collectively known as ‘Intel’), and how we work with customers, suppliers and others. All of us at Intel must abide by the Code when conducting Intel-related business. The Code affirms our five principles of conduct: • • • • • FIGURE 1-3 Conduct Business with Honesty and Integrity Follow the Letter and Spirit of the Law Treat Each Other Fairly Act in the Best Interests of Intel and Avoid Conflicts of Interest Protect the Company’s Assets and Reputation Intel’s Code of Conduct Credit: Intel’s Code of Conduct. © Intel Corporation. Reprinted by permission. Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology promote honest and ethical conduct, and comply with applicable laws and regulations. Intel’s Code of Conduct also expresses its policies regarding the environment, health and safety, intellectual property, diversity, nondiscrimination, supplier expectations, privacy, and business continuity. 17 Conducting Social Audits An increasing number of organizations conduct regular social audits of their policies and practices. In a social audit, an organization reviews how well it is meeting its ethical and social responsibility goals, and communicates its new goals for the upcoming year. This information is shared with employees, shareholders, investors, market analysts, customers, suppliers, government agencies, and the communities in which the organization operates. For example, each year Intel prepares its “Corporate Responsibility Report,” which summarizes the firm’s progress toward meeting its ethical and CSR goals. In 2011, Intel focused on goals in three primary areas: (1) the environment—with targets set for global-warming emissions, energy consumption, water use, chemical and solid waste reduction, and product energy efficiency; (2) corporate governance—with goals to improve transparency and strengthen ethics and compliance reporting; and (3) social—with goals to improve the organizational health of the company as measured by its own Organizational Health Survey, to expand the number of supplier audits, and to increase the number of community education programs.41 Requiring Employees to Take Ethics Training The ancient Greek philosophers believed that personal convictions about right and wrong behavior could be improved through education. Today, most psychologists agree with them. Lawrence Kohlberg, the late Harvard psychologist, found that many factors stimulate a person’s moral development, but one of the most crucial is education. Other researchers have repeatedly supported the idea that people can continue their moral development through further education, such as working through case studies and examining contemporary issues. Thus, an organization’s code of ethics must be promoted and continually communicated within the organization, from top to bottom. Organizations can do this by showing employees examples of how to apply the code of ethics in real life. One approach is through a comprehensive ethics education program that encourages employees to act responsibly and ethically. Such programs are often presented in small workshop formats in which employees apply the organization’s code of ethics to hypothetical but realistic case studies. Employees may also be given examples of recent company decisions based on principles from the code of ethics. A critical goal of such training is to increase the percentage of employees who report incidents of misconduct; thus, employees must be shown effective ways of reporting such incidents. In addition, they must be reassured that such feedback will be acted on and that they will not be subjected to retaliation. In its 2011 National Business Ethics Survey, the Ethics Resource Center reported that 56 percent of all complaints are reported to an employee’s direct supervisor.42 Because these supervisors are essentially the eyes and ears of the company, they “need adequate resources, support, and training to address the stress created by and An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 18 the additional misconduct related to the implementation of company tactics” according to the ERC.43 Motorola, designer of wireless network equipment, cell phones, and smartphones, is committed to a strong corporate ethics training program to ensure that its employees conduct its business with integrity. The focus of the training is to clarify corporate values and policies and to encourage employees to report ethical concerns via numerous reporting channels. Motorola investigates all allegations of ethical misconduct, and it will take appropriate disciplinary actions if a claim is proven—up to and including dismissal of all involved employees. All salaried employees must complete an online introduction to the ethics program every three years. All managers in newly acquired businesses or high-risk locations must take further classroom ethics training. Motorola operates a 24-hour toll-free service for reporting any suspected ethical concerns. In 2011, the firm introduced a Code of Business Conduct in 10 languages and updated its suite of ethics training courses to include new anticorruption and antibribery training.44 Formal ethics training not only makes employees more aware of a company’s code of ethics and how to apply it, but also demonstrates that the company intends to operate in an ethical manner. The existence of formal training programs can also reduce a company’s liability in the event of legal action. Including Ethical Criteria in Employee Appraisals Managers can help employees to meet performance expectations by monitoring employee behavior and providing feedback; increasingly, managers are including ethical conduct as part of an employee’s performance appraisal. Those that do so base a portion of their employees’ performance evaluations on treating others fairly and with respect; operating effectively in a multicultural environment; accepting personal accountability for meeting business needs; continually developing others and themselves; and operating openly and honestly with suppliers, customers, and other employees. These factors are considered along with the more traditional criteria used in performance appraisals, such as an employee’s overall contribution to moving the business ahead, successful completion of projects and tasks, and maintenance of good customer relations. Creating an Ethical Work Environment Most employees want to perform their jobs successfully and ethically, but good employees sometimes make bad ethical choices. Employees in highly competitive workplaces often feel pressure from aggressive competitors, cutthroat suppliers, unrealistic budgets, unforgiving quotas, tight deadlines, and bonus incentives. Employees may also be encouraged to do “whatever it takes” to get the job done. In such environments, some employees may feel pressure to engage in unethical conduct to meet management’s expectations, especially if the organization has no corporate code of ethics and no strong examples of senior management practicing ethical behavior. Here are a few examples of how managerial behavior can encourage unethical employee behavior: • A manager sets and holds people accountable to meet “stretch” goals, quotas, and budgets, causing employees to think, “My boss wants results, not excuses, so I have to cut corners to meet the goals my boss has set.” Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology • • • • A manager fails to provide a corporate code of ethics and operating principles to make decisions, so employees think, “Because the company has not established any guidelines, I don’t think my conduct is really wrong or illegal.” A manager fails to act in an ethical manner and instead sets a poor example for others to follow, so employees think, “I have seen other successful people take unethical actions and not suffer negative repercussions.” Managers fail to hold people accountable for unethical actions, so employees think, “No one will ever know the difference, and if they do, so what?” Managers put a three-inch-thick binder entitled “Corporate Business Ethics, Policies, and Procedures” on the desks of new employees and tell them to “read it when you have time and sign the attached form that says you read and understand the corporate policy.” Employees think, “This is overwhelming. Can’t they just give me the essentials? I can never absorb all this.” 19 Employees must have a knowledgeable resource with whom they can discuss perceived unethical practices. For example, Intel expects employees to report suspected violations of its code of conduct to a manager, the Legal or Internal Audit Departments, or a business unit’s legal counsel. Employees can also report violations anonymously through an internal Web site dedicated to ethics. Senior management at Intel has made it clear that any employee can report suspected violations of corporate business principles without fear of reprisal or retaliation. Table 1-4 provides a manager’s checklist for establishing an ethical workplace. The preferred answer to each question is yes. TABLE 1-4 Manager’s checklist for establishing an ethical work environment Question Yes No Does your organization have a code of ethics? Do employees know how and to whom to report any infractions of the code of ethics? Do employees feel that they can report violations of the code of ethics safely and without fear of retaliation? Do employees feel that action will be taken against those who violate the code of ethics? Do senior managers set an example by communicating the code of ethics and using it in their own decision making? Do managers evaluate and provide feedback to employees on how they operate with respect to the values and principles in the code of ethics? Are employees aware of sanctions for breaching the code of ethics? Do employees use the code of ethics in their decision making? Source Line: Course Technology/Cengage Learning. An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 20 INCLUDING ETHICAL CONSIDERATIONS IN DECISION MAKING We are all faced with difficult decisions in our work and in our personal life. Most of us have developed a decision-making process that we execute automatically, without thinking about the steps we go through. For many of us, the process generally follows the steps outlined in Figure 1-4. Develop problem statement Identify alternatives Gather and analyze facts. Make no assumptions. Identify stakeholders affected by the decision. Involve others, including stakeholders, in brainstorming. Evaluate and choose alternative What laws, guidelines, policies, and principles apply? What is the impact on you, your organization, and other stakeholders? Evaluate alternatives based on multiple criteria. Implement decision Develop and execute an implementation plan. Provide leadership to overcome resistance to change. Evaluate results Evaluate results against selected success criteria. Were there any unintended consequences? No Success? Yes Finished FIGURE 1-4 Decision-making process Source Line: Course Technology/Cengage Learning. The following sections discuss this decision-making process further and point out where and how ethical considerations need to be brought into the process. Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology Develop a Problem Statement 21 A problem statement is a clear, concise description of the issue that needs to be addressed. A good problem statement answers the following questions: What do people observe that causes them to think there is a problem? Who is directly affected by the problem? Is anyone else affected? How often does the problem occur? What is the impact of the problem? How serious is the problem? Development of a problem statement is the most critical step in the decision-making process. Without a clear statement of the problem or the decision to be made, it is useless to proceed. Obviously, if the problem is stated incorrectly, the decision will not solve the problem. You must gather and analyze facts to develop a good problem statement. Seek information and opinions from a variety of people to broaden your frame of reference. During this process, you must be extremely careful not to make assumptions about the situation. Simple situations can sometimes turn into complex controversies because no one takes the time to gather the facts. For example, you might see your boss receive what appears to be an employment application from a job applicant and then throw the application into the trash after the applicant leaves. This would violate your organization’s policy to treat each applicant with respect and to maintain a record of all applications for one year. You could report your boss for failure to follow the policy, or you could take a moment to speak directly to your boss. You might be pleasantly surprised to find out that the situation was not as it appeared. Perhaps the “applicant” was actually a salesperson promoting a product for which your company had no use, and the “application” was marketing literature. Part of developing a good problem statement involves identifying the stakeholders and their positions on the issue. Stakeholders often include others beyond those directly involved in an issue. Identifying the stakeholders helps you understand the impact of your decision and could help you make a better decision. Unfortunately, it may also cause you to lose sleep from wondering how you might affect the lives of others. However, by involving stakeholders in the decision, you can work to gain their support for the recommended course of action. What is at stake for each stakeholder? What does each stakeholder value, and what outcome does each stakeholder want? Do some stakeholders have a greater stake because they have special needs or because the organization has special obligations to them? To what degree should they be involved in the decision? The following list includes one example of a good problem statement as well as two examples of poor problem statements: • • • Good problem statement: Our product supply organization is continually running out of stock of finished products, creating an out-of-stock situation on over 15 percent of our customer orders, resulting in over $300,000 in lost sales per month. Poor problem statement: We need to implement a new inventory control system. (This is a possible solution, not a problem statement.) Poor problem statement: We have a problem with finished product inventory. (This is not specific enough.) Identify Alternatives During this stage of decision making, it is ideal to enlist the help of others, including stakeholders, to identify several alternative solutions to the problem. Brainstorming An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 22 with others will increase your chances of identifying a broad range of alternatives and determining the best solution. On the other hand, there may be times when it is inappropriate to involve others in solving a problem that you are not at liberty to discuss. In providing participants information about the problem to be solved, offer just the facts, without your opinion, so you don’t influence others to accept your solution. During any brainstorming process, try not to be critical of ideas, as any negative criticism will tend to shut down the discussion, and the flow of ideas will dry up. Simply write down the ideas as they are suggested. Evaluate and Choose an Alternative Once a set of alternatives has been identified, the group must evaluate them based on numerous criteria, such as effectiveness at addressing the issue, the extent of risk associated with each alternative, cost, and time to implement. An alternative that sounds attractive but that is not feasible will not help solve the problem. As part of the evaluation process, weigh various laws, guidelines, and principles that may apply. You certainly do not want to violate a law that can lead to a fine or imprisonment for yourself or others. Do any corporate policies or guidelines apply? Does the organizational code of ethics offer guidance? Do any of your own personal principles apply? Also consider the likely consequences of each alternative from several perspectives: What is the impact on you, your organization, other stakeholders (including your suppliers and customers), and the environment? The alternative selected should be ethically and legally defensible; be consistent with the organization’s policies and code of ethics; take into account the impact on others; and, of course, provide a good solution to the problem. Philosophers have developed many approaches to aid in ethical decision making. Four of the most common approaches, which are summarized in Table 1-5 and discussed in the following sections, provide a framework for decision makers to reflect on the acceptability of their actions and evaluate their moral judgments. People must find the appropriate balance among all applicable laws, corporate principles, and moral guidelines to help them make decisions. (See Appendix A for a more in-depth discussion of ethics and moral codes.) TABLE 1-5 Summary of four common approaches to ethical decision making Approach to dealing with ethical issues Principle Virtue ethics approach The ethical choice best reflects moral virtues in yourself and your community. Utilitarian approach The ethical choice produces the greatest excess of benefits over harm. Fairness approach The ethical choice treats everyone the same and shows no favoritism or discrimination. Common good approach The ethical choice advances the common good. Source Line: Course Technology/Cengage Learning. Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology Virtue Ethics Approach The virtue ethics approach to decision making focuses on how you should behave and think about relationships if you are concerned with your daily life in a community. It does not define a formula for ethical decision making, but suggests that when faced with a complex ethical dilemma, people do either what they are most comfortable doing or what they think a person they admire would do. The assumption is that people are guided by their virtues to reach the “right” decision. A proponent of virtue ethics believes that a disposition to do the right thing is more effective than following a set of principles and rules, and that people should perform moral acts out of habit, not introspection. Virtue ethics can be applied to the business world by equating the virtues of a good businessperson with those of a good person. However, businesspeople face situations that are peculiar to a business setting, so they may need to tailor their ethics accordingly. For example, honesty and openness when dealing with others are generally considered virtues; however, a corporate purchasing manager who is negotiating a multimillion dollar deal might need to be vague in discussions with potential suppliers. A problem with the virtue ethics approach is that it doesn’t provide much of a guide for action. The definition of virtue cannot be worked out objectively; it depends on the circumstances—you work it out as you go. For example, bravery is a great virtue in many circumstances, but in others it may be foolish. The right thing to do in a situation also depends on which culture you’re in and what the cultural norm dictates. 23 Utilitarian Approach The utilitarian approach to ethical decision making states that you should choose the action or policy that has the best overall consequences for all people who are directly or indirectly affected. The goal is to find the single greatest good by balancing the interests of all affected parties. Utilitarianism fits easily with the concept of value in economics and the use of cost-benefit analysis in business. Business managers, legislators, and scientists weigh the benefits and harm of policies when deciding whether to invest resources in building a new plant in a foreign country, to enact a new law, or to approve a new prescription drug. A complication of this approach is that measuring and comparing the values of certain benefits and costs is often difficult, if not impossible. How do you assign a value to human life or to a pristine wildlife environment? It can also be difficult to predict the full benefits and harm that result from a decision. Fairness Approach The fairness approach focuses on how fairly actions and policies distribute benefits and burdens among people affected by the decision. The guiding principle of this approach is to treat all people the same. However, decisions made with this approach can be influenced by personal bias, without the decision makers even being aware of their bias. If the intended goal of an action or a policy is to provide benefits to a target group, other affected groups may consider the decision unfair. An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 24 Common Good Approach The common good approach to decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals. Decisions and policies that use this approach attempt to implement social systems, institutions, and environments that everyone depends on and that benefit all people. Examples include an effective education system, a safe and efficient transportation system, and accessible and affordable health care. As with the other approaches to ethical decision making, the common good approach has potential complications. People clearly have different ideas about what constitutes the common good, which makes consensus difficult. In addition, maintaining the common good often requires some groups to bear greater costs than others—for instance, homeowners pay property taxes to support public schools, but apartment dwellers do not. Implement the Decision Once an alternative is selected, it should be implemented in an efficient, effective, and timely manner. This is often much easier said than done, because people tend to resist change. In fact, the bigger the change, the greater the resistance to it. Communication is the key to helping people accept a change. It is imperative that someone whom the stakeholders trust and respect answer the following questions: • • • Why are we doing this? What is wrong with the current way we do things? What are the benefits of the new way for you? A transition plan must be defined to explain to people how they will move from the old way of doing things to the new way. It is essential that the transition be seen as relatively easy and pain free. Evaluate the Results After the solution to the problem has been implemented, monitor the results to see if the desired effect was achieved, and observe its impact on the organization and the various stakeholders. Were the success criteria fully met? Were there any unintended consequences? This evaluation may indicate that further refinements are needed. If so, return to the develop a problem statement step, refine the problem statement as necessary, and work through the process again. ETHICS IN INFORMATION TECHNOLOGY The growth of the Internet, the ability to capture and store vast amounts of personal data, and greater reliance on information systems in all aspects of life have increased the risk that information technology will be used unethically. In the midst of the many IT breakthroughs in recent years, the importance of ethics and human values has been underemphasized—with a range of consequences. Here are some examples that raise public concern about the ethical use of information technology: • Many employees have their email and Internet access monitored while at work, as employers struggle to balance their need to manage important Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology • • • • • company assets and work time with employees’ desire for privacy and selfdirection. Millions of people have downloaded music and movies at no charge and in apparent violation of copyright laws at tremendous expense to the owners of those copyrights. Organizations contact millions of people worldwide through unsolicited email (spam) as an extremely low-cost marketing approach. Hackers break into databases of financial and retail institutions to steal customer information, then use it to commit identity theft—opening new accounts and charging purchases to unsuspecting victims. Students around the world have been caught downloading material from the Web and plagiarizing content for their term papers. Web sites plant cookies or spyware on visitors’ hard drives to track their online purchases and activities. 25 This book is based on two fundamental tenets. First, the general public needs to develop a better understanding of the critical importance of ethics as it applies to IT; currently, too much emphasis is placed on technical issues. Unlike most conventional tools, IT has a profound effect on society. IT professionals and end users need to recognize this fact when they formulate policies that will have legal ramifications and affect the wellbeing of millions of consumers. The second tenet on which this book is based is that in the business world, important decisions are too often left to the technical experts. General business managers must assume greater responsibility for these decisions, but to do so they must be able to make broad-minded, objective decisions based on technical savvy, business know-how, and a sense of ethics. They must also try to create a working environment in which ethical dilemmas can be discussed openly, objectively, and constructively. Thus, the goals of this text are to educate people about the tremendous impact of ethical issues in the successful and secure use of information technology; to motivate people to recognize these issues when making business decisions; and to provide tools, approaches, and useful insights for making ethical decisions. An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 26 Summary • Even within the same society, people can have strong disagreements over important moral issues. • Ethics has risen to the top of the business agenda because the risks associated with inappropriate behavior have increased, both in their likelihood and in their potential negative impact. • Each organization must decide if corporate social responsibility (CSR) is a priority for it and, if so, what its specific CSR goals are. • The pursuit of some CSR goals can lead to increased profits, making it easy for senior company management and stakeholders to support the organization’s goals in this arena. However, if striving to meet a specific CSR goal leads to a decrease in profits, senior management may be challenged to modify or drop that CSR goal entirely. • Organizations have five good reasons for promoting a work environment in which they encourage employees to act ethically: (1) to gain the goodwill of the community, (2) to create an organization that operates consistently, (3) to foster good business practices, (4) to protect the organization and its employees from legal action, and (5) to avoid unfavorable publicity. • An organization with a successful ethics program is one in which employees are willing to seek advice about ethical issues that arise, employees feel prepared to handle situations that could lead to misconduct, employees are rewarded for ethical behavior, employees are not rewarded for success gained through questionable means, and employees feel positively about their company. • The corporate ethics officer (or corporate compliance officer) ensures that ethical procedures are put into place and are consistently adhered to throughout the organization, creates and maintains the ethics culture, and serves as a key resource on issues relating to corporate principles and ethics. • Managers’ behavior and expectations can strongly influence employees’ ethical behavior. • Most of us have developed a simple decision-making model that includes these steps: (1) Develop a problem statement, (2) identify alternatives, (3) evaluate and choose an alternative, (4) implement the decision, and (5) evaluate the results. • You can incorporate ethical considerations into decision making by identifying and involving the stakeholders; weighing various laws, guidelines, and principles—including the organization’s code of ethics—that may apply; and considering the impact of the decision on you, your organization, your stakeholders, your customers and suppliers, and the environment. • Philosophers have developed many approaches to ethical decision making. Four common philosophies are the virtue ethics approach, the utilitarian approach, the fairness approach, and the common good approach. Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology Key Terms 27 Bathsheba syndrome morals code of ethics problem statement common good approach Sarbanes–Oxley Act of 2002 corporate compliance officer social audit corporate ethics officer software piracy corporate social responsibility (CSR) supply chain sustainability ethics stakeholder fairness approach utilitarian approach integrity vice law virtue moral code virtue ethics approach morality Self-Assessment Questions The answers to the Self-Assessment Questions can be found in Appendix B. Choose the word(s) that best complete the following sentences. 1. The term refers to social conventions about right and wrong that are so widely shared that they become the basis for an established consensus. 2. is a set of beliefs about right and wrong behavior within a society. 3. are habits of acceptable behavior. 4. A person who acts with integrity acts in accordance with a personal 5. . are one’s personal beliefs about right and wrong. 6. is the concept that an organization should act ethically by taking responsibility for the impact of its actions on the environment, the community, and the welfare of its employees. 7. focuses on developing and maintaining a supply chain that meets the needs of the present without compromising the ability of future generations to meet their needs. 8. The public of an organization strongly influences the value of its stock, how consumers regard its products and services, the degree of oversight it receives from government agencies, and the amount of support and cooperation it receives from its business partners. 9. The corporate ethics officer provides the organization with and in the area of business conduct. 10. 11. is a system of rules that tells us what we can and cannot do. requires public companies to disclose whether they have codes of ethics and disclose any waiver to their code of ethics for certain members of senior management. 12. The goal of the Sarbanes–Oxley Act was to . An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 28 13. highlights an organization’s key ethical issues and identifies the overarching values and principles that are important to the organization and its decision-making process. 14. A(n) enables an organization to review how well it is meeting its ethical and social responsibility goals, and communicate new goals for the upcoming year. 15. makes employees more aware of a company’s code of ethics and how to apply it, as well as demonstrates that the company intends to operate in an ethical manner. 16. The most important part of the decision-making process is . 17. The approach to ethical decision making is based on a vision of society as a community whose members work together to achieve a common set of values and goals. 18. is a clear, concise description of the issue that needs to be addressed. Discussion Questions 1. There are many ethical issues about which people hold very strong opinions—abortion, gun control, and the death penalty, to name a few. If you were a team member on a project with someone whom you knew held an opinion different from yours on one of these issues, how would it affect your ability to work effectively with this person? 2. Identify two important life experiences that helped you define your own personal code of ethics. 3. Create a list of 5 to 10 guidelines for ensuring a successful brainstorming session to identify potential solutions to a problem. 4. Do you believe an organization should be able to escape criminal liability for the acts of its employees if it has acted as a responsible corporate citizen, making strong efforts to prevent and detect misconduct in the workplace? Why or why not? 5. The Ethics Resource Center identified five characteristics of a successful ethics program. Suggest a sixth characteristic, and defend your choice. 6. Identify three CSR goals that would be appropriate for a large, multinational IT consulting firm. Create three such goals for a small, local IT consulting firm. 7. It is a common practice for managers to hold people accountable to meet “stretch” goals, quotas, and budgets. How can this be done in a way that does not encourage unethical behavior on the part of employees? 8. Describe a hypothetical situation in which the action you would take is not legal, but it is ethical. Describe a hypothetical situation where the action you would take is legal, but not ethical. 9. Hypothesis: It is easier to establish an ethical work environment in a nonprofit organization than in a for-profit organization. Provide three facts or opinions that support this hypothesis. Provide three facts or opinions that refute the hypothesis. 10. This chapter discusses four approaches to dealing with moral issues. Which approach is closest to your way of analyzing moral issues? Now that you are aware of different approaches, do you think you might modify your approach to include other perspectives? Explain why or why not. Chapter 1 Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology 11. It can be difficult for a large organization to act ethically consistently across all facets of its business. Identify a recent example of a usually ethical company acting in an unethical manner. 29 12. Should software piracy within the boundaries of third-world countries be tolerated to allow these countries an opportunity to move more quickly into the information age? Why or why not? 13. Without revealing the name of your employer, comment on the efforts of your employer to promote a work environment in which employees are encouraged to act ethically. 14. Do you think that ethics training can really be effective in changing the behavior of employees? Why or why not? What Would You Do? Use the five-step decision-making process discussed in the chapter to analyze the following situations and recommend a course of action. 1. You are a recent new hire at your company and have been given the responsibility for soliciting the employees in your 10-person department for the company’s annual drive to support United Way (a national nonprofit organization that works with a coalition of volunteers, contributors, and local charities to help people in their own communities). Your company sets “giving goals” based on each employee’s annual salary. You have completed your initial solicitation of your coworkers, and several of them declined to contribute, while others have pledged amounts well under their “giving goal.” As a result, your department is a few thousand dollars short of its goal. You have a meeting this afternoon with the senior vice president responsible for the company’s United Way program. You are concerned that you may be pressured to resolicit and encourage under contributors to pledge more. Do you think that this is a fair request? How would you respond if such pressure is applied to you? 2. You are currently being considered for a major promotion within your company to vice president of marketing. In your current position as manager of advertising, you supervise 15 managers and 10 hourly workers. As part of the annual salary review process, you have been given the flexibility to grant your employees an average 3 percent annual salary increase; however, you are strongly considering a lower amount. This would ensure that your department’s expenses stay under budget and would send the message that you are able to control costs. How would you proceed? 3. You are the customer support manager for a small software manufacturer. The newest addition to your 10-person team is Sofia, a recent college graduate. She is a little overwhelmed by the volume of calls, but is learning quickly and doing her best to keep up. Today, as you performed your monthly review of employee email, you were surprised to see that Sofia has received several messages from employment agencies. One message says, “Sofia, I’m sorry you don’t like your new job. We have lots of opportunities that I think would much better match your interests. Please call me, and let’s talk further.” You’re shocked and alarmed. You had no idea she was unhappy, and your team desperately needs her help to handle the onslaught of calls generated by the newest release of software. If you’re going to lose her, you’ll need An Overview of Ethics Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 04/23/2020 - RS0000000000000000000001891793 (Jordan Carter) - Ethics in Information Technology to find a replacement quickly. You know that Sofia did not intend for you to see the email, but you can’t ignore what you saw. Should you confront Sofia and demand to know her intentions? Should you avoid any confrontation and simply begin seeking her replacement? Could you be misinterpreting the email? What should you do? 30 4. As part of your company’s annual performance review process, each employee must identify three coworkers to be interviewed by his manager to get a perspective on the employee’s overall work performance. Your friend has offered to give you a glowing performance review if you agree to do the same for him. Truth be told, your friend is not a very dependable worker, and his work is often below minimum standards. However, he is a good friend, and you would hate to upset him. What would you do? 5. While mingling with neighbors at a party, you mention that you are responsible for evaluating bids for a large computer software contract. A few days later, you receive a lunch invitation from one of your neighbors who also attended the party. Over appetizers, the conversation turns to the contract you are managing. Your neighbor seems remarkably well informed about the bidding process and likely bidders. You volunteer information about the potential value of the contract and briefly outline the criteria your firm will use to select the winner. At the end of the lunch, your neighbor surprises you by revealing that he is a consultant for severa...
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running Head: DUTY OF CARE FOR INFORMATION SYSTEMS PROFESSIONALS

Duty of Care for Information Systems Professionals
Name of Student
Name of Instructor
Name of Course
Name of Institution
Date

1

DUTY OF CARE FOR INFORMATION SYSTEMS PROFESSIONALS

2

Protocol
Breaching of the duty of care through exposing information systems to cyberattacks is
not recommendable. Data disclosed to a third party can affect the relationship between the
company storing the data and its clients because of the unethical acts which the business
performed. There are several ways in which the company in charge of the information system
can ensure that the information does not fall into the wrong hands. Developing an information
security program is one of the protocols to use when preventing the breach of duty of care to
clients. An organization should develop and implement a robust information system program that
can provide security to all the data for the company. The application should have available parts
and understandable by the relevant team in the company for easy administration.
Information security can also take place through lost laptops where people can use them
to get the information that is i...

Similar Content

Related Tags