Vasant Raval, CISA, DBA
Whenever I am asked to talk about ethics and professionalism, I pick up the most recent newspaper on the day of my presentation. I often find in just about every section of the paper a story that relates to an ethical issue. While humanity has learned about morality forever, it seems that people falter easily in their consideration of ethical behavior. We explore the question: Why is it so?
C. S. Lewis, an intellectual giant of the 20th century, asserted that moral rules are directions for running the human machine. These directions have three purposes: to keep our own internal engines running smoothly, to keep our communities in harmony, and to help us follow the general purpose of human life as a whole. Using Lewis’s analogy, in a cluster of ships moving toward their destination (the purpose of human life), every ship in the flock must have its engine in the right gear (morality at an individual level), and all ships should move in harmony without colliding with each other (morality at a community level).1 As individuals, we live in four moral spheres that encompass the duty of private life, the commitments of economic agents (as professionals and employees), the commitments of leaders of organizations and the moral obligations as members of our communities.2
My focus in this column is on our commitments as technology professionals within various work roles.
A vast majority of professions use technology and must consider technology’s impact on moral dimension. When ultrasound sonogram technology became accessible to countries in Southeast Asia, where boys are prized more than girls, the parents’ knowledge of gender well before childbirth resulted in 160 million fewer females in the region.3 Regulations eventually followed to stem the tide; meanwhile, the technology that could serve humanity well for certain purposes became the medium of indiscretion. The quandary is not in the technology or new technology as such; rather, it is in the use of technology that we find the human side inherent to the judgment of right vs. wrong, or even right vs. right.
Closer to our profession of information systems (IS) governance, we find that the emergence of the Internet made scalable and remote indiscretions a normal day’s news. Hacking, compromises in privacy, cyberattacks and social engineering gained a vigorous life. Not that potential root causes were not present in the pre-Internet era, but rather because of the evolving matrix that could mask possibilities and thus make it probable for us to falter. The probability is compounded by the pace of globalization and variations in practical ethics across cultures. Issues concerning piracy of intellectual property, compromise of privacy, democratization of information, and monitoring and surveillance—all became challenges of the times we live in. It is believed that Osama Bin Laden used steganography to launch massive attacks on humanity.4
Our context, IT, has remained a moving target in recent decades. While dramatic values are created by weaving new technologies and innovating richer applications of all technologies, greater room for unethical behavior has emerged concomitantly. Certainly, the change by itself must not be offered as an excuse or rendered as a mere explanation of unethical behavior. However, the quandary remains: Does the constant and rapid change catch the IT professionals off guard?
Hardly anyone in the IT profession would agree that things are the same as they were even a few weeks ago. Moral behavior is guided by moral principles, and yet the application of ethical conduct could feel like a blurred picture when a new situation or context emerges in which ethical constructs should play a role. How do we reconcile the permanence of ethics with challenges of changing times? What can help us see the light? Until recent years, some trivialized the discussion of ethics in IT as “old wine in a new bottle.” But the realities today are quite different. As IT professionals, we need to recognize how to apply ethical precepts to new realities. In this column, we will discuss issues like this one as part of a continuing dialog.
To reiterate, principles that guide ethical conduct likely remain nonchanging, but the delta (Δ) of fast-paced IT and its applications is rich and growing. The speed at which new contexts develop is unprecedented. With it, scenarios involving ethical dilemmas crop up begging guidance for the right conduct. For example, business processes that leverage legally feasible exploitation of confidential data could outpace externally imposed privacy protection measures. Of course, entirely new business models have emerged that encourage free sharing of private lives.
The trouble is, these developments may influence not the lack of will to do the right thing, but rather the lack of awareness that an ethical issue is involved in a situation at hand. Or, if one is aware of a dilemma, the comprehension of how to deal with it is lacking. Subtleties of context can get swept away, for example, under looming deadlines to launch a new business initiative to benefit from first-to-market advantage, or the persuasion to work on the product’s security features at a later date, or the pressure to keep project costs within budget.
You might ask: Don’t we have a code of conduct? Yes, indeed, most businesses and professions have adopted codes of conduct. The questions are: Is the code dynamically interpreted and applied to new situations? Does the code reveal nuances of a new context to the affected professional? A code of conduct, while acting as a compass attempting to always point at the true north, is a passive document.5
Ask yourself: During this calendar year, how often have I referred to ISACA’s code of conduct?6 Only the culture and leadership of constant ethical vigilance can make it alive, and even in the most desirable scenario, professionals will still have to be equipped to recognize potential dilemmas and how to address them.
In what ways do the nature and pace of change result in blind spots of ethical considerations? A variety of factors could play a role: time pressures, management’s aggressive agenda to leverage new technology, vulnerabilities of purchased software, lack of protection measures by an outsourcing entity your firm uses, and shortcuts taken in developing and deploying new applications. These are just examples of numerous possibilities of how change can create new ethical contexts. How could we avoid such blind spots? By helping shape a culture of ethical conduct, educating colleagues and professionals in new insights on imminent changes, and keeping an uncompromising attitude in which one’s professional expertise offers a conviction that others possibly miss. Especially because change is the only constant, our profession logically leads to superior opportunities, and correspondingly heavier responsibilities, for making the world better.
Warren Buffett once said, “Predicting rain doesn’t count; building arks does.”7 Indeed, we belong to the profession that builds arks. Consistent with the pace of change and newer contexts, we need to keep the arks as strong as ever, ready and capable of weathering the next storm—however different that may be in nature and ferocity.
1 Lewis, C. S.; Mere Christianity, The Three Parts of Morality, Harper Collins, 2001, p. 69–752 Badaracco, J. L. Jr.; A. P. Webb; “Business Ethics: The View from the Trenches,” California Management Review, 37(2), 19953 Douthat, Ross; 160 Million and Counting, The New York Times, 27 June 2011, p. A214 McCullagh, Declan; “Bin Laden: Steganography Master?,” Wired, www.wired.com/politics/law/news/2001/02/41658?currentPage=all5 Citing a 2004 study from the Journal of Ethics, Jennings in her book, Seven Signs of Ethical Collapse (St. Martin’s Press, 2006, p. 11), indicates the employees’ admission that the code of ethics for the company had very little influence on whether ethically correct choices were made.6 ISACA, Code of Professional Ethics, www.isaca.org/ethics7 Buffett, Warren; Letter to Berkshire Hathaway shareholders, 2001
Vasant Raval, CISA, DBA, is a professor of accountancy at Creighton University (Omaha, Nebraska, USA). The coauthor of two books on information systems and security, his areas of teaching and research interests include information security and corporate governance. Opinions expressed in this column are his own, and are not those of Creighton University. He can be reached at firstname.lastname@example.org.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2012 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.