Managing and Using Information Systems - Chapter 8

Copyright 2006 John Wiley & Sons, Inc.

Chapter 8Using Information

Ethically

Managing and Using Information Systems: A Strategic Approach

by Keri Pearlson & Carol Saunders


Introduction• What are some of the challenges of insuring the

ethical use of IT?• Mason identified four areas of information

control. What are they and why are they important?

• What are normative theories of ethics concerned with?

• Why are most managers ill-equipped to handle ethical issues in organizations?

• What can managers do to insure that IT is handled ethically?


Real World Examples

• Blockbuster was chastised by the Wall Street Journal for its plan to sell customer movie preference information for targeted marketing campaigns.

• Information collected for one purpose shouldn’t be used for another purpose without an individual’s consent.

• This example is not illegal but raises issues of privacy and ethical handling of information.


CONTROL OF INFORMATION


Privacy

• Those who possess the “best” information and know how to use it, win.

• However, keeping this information safe and secure is a high priority (see Figure 8.1).

• Privacy – “the right to be left alone”.• Managers must be aware of regulations that are

in place regarding the authorized collection, disclosure and use of personal information.– Safe harbor framework of 2000.


Area Critical Questions

Privacy What information must a person reveal about one’s self to others?

What information should others be able to access about you – with or without your permission? What safeguards exist for your protection?

Accuracy Who is responsible for the reliability and accuracy of information? Who will be accountable for errors?

Property Who owns information? Who owns the channels of distribution, and how should they be regulated?

Accessibility What information does a person or an organization have a right to obtain, under what conditions, and with what safeguards?

Figure 8.1 Mason’s areas of managerial concern.


Accuracy

• Managers must establish controls to insure that information is accurate.

• Data entry errors must be controlled and managed carefully.

• Data must also be kept up to date.

• Keeping data as long as it is necessary or legally mandated is a challenge.


Property

• Mass quantities of data are now stored on clients.

• Who owns this data and has rights to it is are questions that a manager must answer.

• Who owns the images that are posted in cyberspace?

• Managers must understand the legal rights and duties accorded to proper ownership.


Accessibility

• Access to information systems and the data that they hold is paramount.

• Users must be able to access this data from any location (if it can be properly secured and does not violate any laws or regulations).

• Major issue facing managers is how to create and maintain access to information for society at large.– This access needs to be controlled to those who have

a right to see and use it (identity theft).– Also, adequate security measures must be in place

on their partners end.


NORMATIVE THEORIES OF BUSINESS ETHICS


Introduction• Managers must assess initiatives from an ethical

view.• Most managers are not trained in ethics,

philosophy, and moral reasoning.– Difficult to determine or discuss social norms.

• Three theories of business ethics are examined to develop and apply to particular challenges that they face (see Figure 8.2):– Stockholder theory– Stakeholder theory– Social contract theory


Stockholder Theory• Stockholders advance capital to corporate

managers who act as agents in advancing their ends.

• Managers are bound to the interests of the shareholders (maximize shareholder value).

• Manager’s duties:– Bound to employ legal, non-fraudulent means.– Must take long view of shareholder interest.


Stakeholder Theory• Managers are entrusted with a fiduciary

responsibility to all those who hold a stake in or a claim on the firm.

• Stakeholders are –– Any group that vitally affects the corp. survival and

success.– Any group whose interests the corp. vitally affects.

• Management must enact and follow policies that balance the rights of all stakeholders without impinging upon the rights of any one particular stakeholder.


Social Contract Theory• Consider the needs of a society with no

corporations or other complex business arrangements.

• What conditions would have to be met for the members of a society to agree to allow a corporation to be formed?

• Corporations are expected to create more value to society that it consumes.

• Social contract:– 1. Social welfare – corporations must produce greater

benefits than their associated costs.– 2. Justice – corporations must pursue profits legally,

without fraud or deception, and avoid actions that harm society.


Figure 8.2 Three normative theories of business ethics.

Theory Definition MetricsStockholder Maximize stockholder

wealth, in legal and non-fraudulent manners.

Will this action maximize stockholder value? Can goals be accomplished without compromising company standards and without breaking laws?

Stakeholder Maximize benefits to all stakeholders while weighing costs to competing interests.

Does the proposed action maximize collective benefits to the company? Does this action treat one of the corporate stakeholders unfairly?

Social contract

Create value for society in a manner that is just and nondiscriminatory.

Does this action create a “net” benefit for society? Does the proposed action discriminate against any group in particular, and is its implementation socially just?


EMERGING ISSUES IN THE ETHICAL GOVERNANCE OF

INFORMATION SYSTEMS


Emerging Issues

• Two distinct spheres in which managers operate when dealing with ethical issues:– Outward transactions of the business with a focus on

the customer.– Issues related to managing employees and

information inside the corporation.

• Email, instant messaging, and the Internet have replaced traditional communications but pose their own set of issues.– Many companies are turning to programs that monitor

employees’ online activities (web sites visited, etc.).


• Many programs are available to accomplish this monitoring.– In 2001 sales of $140 million was reported for

this type of software.

• Employers can exert a higher level of control over their employees.

• Managers must be careful to create an atmosphere that is amenable to IS use.

• Ethically, managers are obliged to consider the welfare of their workers.


Figure 8.3 Some causal connections between identified areas of ethical concern.


1.Thou shalt not use a computer to harm other people.

2.Thou shalt not interfere with other people’s computer work.

3.Thou shalt not snoop around in other people’s computer files.

4.Thou shalt not use a computer to steal.

5.Thou shalt not use a computer to bear false witness.

6.Thou shalt not use or copy software for which you have not paid.

7.Thou shalt not use other people’s computer resources without authorization.

8.Thou shalt not appropriate other people’s intellectual output.

9.Thou shalt think about the social consequences of the program you write.

10.Thou shalt use a computer in ways that show consideration and respect.

Figure 8.4 Ten Commandments of Computer Ethics


SECURITYAND

CONTROLS


Security and Controls• Ernst and Young survey suggests that most

companies rely on luck rather than proven IS controls.

• Companies turn to technical responses to deal with security threats (worms, viruses, etc.).

• Managers go to great lengths to make sure that their systems are secure.– Firewalls, IDS systems, password systems, and more.

• Future solutions will include hardware and software.

• Managers must be involved in the decisions about security and control.


Sarbanes-Oxley Act• The Sarbanes-Oxley Act of 2002 was enacted to

increase regulatory visibility and accountability of public companies and their financial health.– All companies subject to the SEC are subject to the

requirements of the act.– CEO’s and CFO’s must personally certify and be

accountable for their firm’s financial records and accounting.

– Firms must provide real-time disclosures of any events that may affect a firm’s stock price or financial performance.

– IT departments realized that they played a major role in ensuring the accuracy of financial data.


IT Control and Sarbanes-Oxley• In 2004 and 2005 IT departments began to identify

controls, determined design effectiveness, and validated operation of controls through testing.

• Five IT control weaknesses were uncovered by auditors:1. Failure to segregate duties within applications, and failure to set

up new accounts and terminate old ones in a timely manner.2. Lack of proper oversight for making application changes,

including appointing a person to make a change and another to perform quality assurance on it.

3. Inadequate review of audit logs to not only ensure that systems were running smoothly but that there also was an audit log of the audit log.

4. Failure to identify abnormal transactions in a timely manner.5. Lack of understanding of key system configurations.


FOOD FOR THOUGHT: ETHICS AND THE INTERNET


Ethics and the Internet• The Internet crosses international boundaries

posing challenges that are not readily resolved.• Different cultures, laws, customs, and habits

insure that different countries police the Internet in very different ways.

• Managers face challenges in navigating their organizations through the murky waters of ethical use of the Internet.

• Example: Free speech and censorship.– The U.S. provides for free speech protection, but

other countries do not.– An Internet code of ethics by the IFIP is being

debated.


SUMMARY


Summary• 1. Ethics is important to the IS field particularly since new

technologies and innovations are arriving at an untold pace.

• 2. IS professionals must seek to uphold the ethical handling and dissemination of information adhering to international, federal, state, and local laws concerning the ethical handling of data under their supervision.

• 3. Improper handling and use of IS can lead not only to internal organization problems but to legal problems as well.

• 4. Don’t jeopardize your future by the mishandling of IS


• Copyright 2006 John Wiley & Sons, Inc.

• All rights reserved. Reproduction or translation of this work beyond that named in Section 117 of the 1976 United States Copyright Act without the express written consent of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein

Education

Managing and Using Information Systems - Chapter 8