Objectives: Using Information Ethically

1
Objectives Using Information Ethically

• Describe challenges of insuring the ethical use
  of IT
• Identify four areas of information control. What
  are they and why are they important?
• Describe normative theories of ethics
• Discuss why most managers ill-equipped to handle
  ethical issues in organizations
• Discuss strategies managers can employ to insure
  that IT is handled ethically
• Discuss the Sarbanes-Oxley Act and its
  implications for managers

2
CONTROL OF INFORMATION
3
Figure 8.1 Masons areas of managerial concern.
4
Privacy

• Those who possess the best information and know
  how to use it, win.
• However, keeping this information safe and secure
  is a high priority
• Privacy the right to be left alone.
• Managers must be aware of regulations that are in
  place regarding the authorized collection,
  disclosure and use of personal information.
• US- sectoral approach EU comprehensive
  approach
• Safe harbor framework of 2000.

5
Accuracy

• Managers must establish controls to insure that
  information is accurate.
• Data entry errors must be controlled and managed
  carefully.
• Data must also be kept up-to-date.
• Keeping data as long as it is necessary or
  legally mandated (or not keeping it too long) is
  a challenge.

6
Property

• Mass quantities of data are now stored on
  clients.
• Who owns this data and has rights to it is are
  questions that a manager must answer.
• Who owns the images that are posted in
  cyberspace?
• Managers must understand the legal rights and
  duties accorded to proper ownership.

7
Accessibility

• Access to information systems and the data that
  they hold is paramount.
• Users must be able to access this data from any
  location (if it can be properly secured and does
  not violate any laws or regulations).
• Major issue facing managers is how to create and
  maintain access to information for society at
  large.
• This access needs to be controlled to those who
  have a right to see and use it (identity theft).
• Also, adequate security measures must be in place
  on their partners end.

8
NORMATIVE THEORIES OF BUSINESS ETHICS
9
Framework for Managers

• Managers must assess initiatives from an ethical
  view.
• Most managers are not trained in ethics,
  philosophy, and moral reasoning.
• Difficult to determine or discuss social norms.
• Three theories of business ethics are examined to
  develop and apply to particular challenges that
  they face (see Figure 8.2)
• Stockholder theory
• Stakeholder theory
• Social contract theory

10
Stockholder Theory

• Stockholders advance capital to corporate
  managers who act as agents in advancing their
  ends.
• Managers are bound to the interests of the
  shareholders (maximize shareholder value).
• Managers duties
• Bound to employ legal, non-fraudulent means.
• Must take long view of shareholder interest.

11
Stakeholder Theory

• Managers are entrusted with a fiduciary
  responsibility to all those who hold a stake in
  or a claim on the firm.
• Stakeholders are
• Any group that vitally affects the corp. survival
  and success.
• Any group whose interests the corp. vitally
  affects.
• Management must enact and follow policies that
  balance the rights of all stakeholders without
  impinging upon the rights of any one particular
  stakeholder.

12
Social Contract Theory

• Consider the needs of a society with no
  corporations or other complex business
  arrangements.
• What conditions would have to be met for the
  members of a society to agree to allow a
  corporation to be formed?
• Corporations are expected to create more value to
  society that it consumes.
• Social contract
• 1. Social welfare corporations must produce
  greater benefits than their associated costs.
• 2. Justice corporations must pursue profits
  legally, without fraud or deception, and avoid
  actions that harm society.

13
Figure 8.2 Three normative theories of business
ethics.
14
EMERGING ISSUES IN THE ETHICAL GOVERNANCE OF
INFORMATION SYSTEMS
15
Emerging Issues

• Two distinct spheres in which managers operate
  when dealing with ethical issues
• Outward transactions of the business with a focus
  on the customer.
• Issues related to managing employees and
  information inside the corporation.
• Email, instant messaging, and the Internet have
  replaced traditional communications but pose
  their own set of issues.
• Many companies are turning to programs that
  monitor employees online activities (web sites
  visited, etc.).

16
Electronic Monitoring

• Many programs are available to accomplish this
  monitoring.
• In 2001 sales of 140 million was reported for
  this type of software.
• Employers can exert a higher level of control
  over their employees.
• Managers must be careful to create an atmosphere
  that is amenable to IS use.
• Ethically, managers are obliged to consider the
  welfare of their workers.

17
SECURITY ANDCONTROLS
18
Security and Controls

• Ernst and Young survey suggests that most
  companies rely on luck rather than proven IS
  controls.
• Companies turn to technical responses to deal
  with security threats (worms, viruses, etc.).
• Managers go to great lengths to make sure that
  their systems are secure.
• Firewalls, IDS systems, password systems, and
  more.
• Future solutions will include hardware and
  software.
• Managers must be involved in the decisions about
  security and control Governance!

19
Sarbanes-Oxley Act

• The Sarbanes-Oxley Act of 2002 was enacted to
  increase regulatory visibility and accountability
  of public companies and their financial health.
• All companies subject to the SEC are subject to
  the requirements of the act.
• CEOs and CFOs must personally certify and be
  accountable for their firms financial records
  and accounting.
• Firms must provide real-time disclosures of any
  events that may affect a firms stock price or
  financial performance.
• IT departments realized that they played a major
  role in ensuring the accuracy of financial data.

20
IT Control and Sarbanes-Oxley

• In 2004 and 2005 IT departments began to identify
  controls, determined design effectiveness, and
  validated operation of controls through testing.
• Five IT control weaknesses were uncovered by
  auditors
• Failure to segregate duties within applications,
  and failure to set up new accounts and terminate
  old ones in a timely manner.
• Lack of proper oversight for making application
  changes, including appointing a person to make a
  change and another to perform quality assurance
  on it.
• Inadequate review of audit logs to not only
  ensure that systems were running smoothly but
  that there also was an audit log of the audit
  log.
• Failure to identify abnormal transactions in a
  timely manner.
• Lack of understanding of key system
  configurations.

21
FOOD FOR THOUGHT ETHICS AND THE INTERNET
22
Ethics and the Internet

• The Internet crosses international boundaries
  posing challenges that are not readily resolved.
• Different cultures, laws, customs, and habits
  insure that different countries police the
  Internet in very different ways.
• Managers face challenges in navigating their
  organizations through the murky waters of ethical
  use of the Internet.
• Example Free speech and censorship.
• The U.S. provides for free speech protection, but
  other countries do not.
• An Internet code of ethics by the IFIP is being
  debated.

23
SUMMARY
24
Summary

• 1. Ethics is important to the IS field
  particularly since new technologies and
  innovations are arriving at an untold pace.
• 2. IS professionals must seek to uphold the
  ethical handling and dissemination of information
  adhering to international, federal, state, and
  local laws concerning the ethical handling of
  data under their supervision.
• 3. Improper handling and use of IS can lead not
  only to internal organization problems but to
  legal problems as well.
• 4. Dont jeopardize your future by the
  mishandling of IS