1 / 32

Ethics – Week 1

Ethics – Week 1. Lewis University Legal Issues in Information Security Ethics Gary A Bannister FCMA, AICPA, CGEIT Associate Professor. “ What I hear I forget, what I see I learn, what I do I understand.” by Confucius. Why We’re Here Today.

clark-estes
Download Presentation

Ethics – Week 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ethics – Week 1 Lewis UniversityLegal Issues in Information Security Ethics Gary A Bannister FCMA, AICPA, CGEIT Associate Professor

  2. “ What I hear I forget, what I see I learn, what I do I understand.” by Confucius.

  3. Why We’re Here Today “The business and professional world is at a critical juncture – brought about by heightened fear and publicity about computer crime, e fraud, privacy invasion, identity theft, and liability exposure”. Principles and Practice of Information Security,

  4. Difference Between the Law and Ethics • An ethic is an objectively defined standard of right and wrong. • Ethics is the intent to observe the spirit of the law—in other words, it is the expressed intent to do what is right. • Law - A rule of conduct established and enforced by the authority, legislation, or custom of a given community, State, or nation

  5. What is a Code of Ethics? A code of ethics is a set of guidelines that describes the norms and principles of the right conduct that a group agrees to work by: • Establishes a baseline for addressing complex issues • Enhances the professionalism and image of the staff by promoting ethical behavior • May act as a reference for developing acceptable use policies

  6. Code of Ethics • Do not use a computer to harm other people • Do not interfere with other people’s computer work • Do not snoop around in other people’s computer files • Do not use a computer to steal • Do not use a computer to bear false witness • Do not copy or use proprietary software for which you have not paid • Do not use other people’s computer resources without authorization or proper compensation • Do not appropriate other people’s intellectual output • Think about the social consequences of the program you are writing or the system you are designing • Always use a computer in ways that ensure consideration and respect for your fellow humans

  7. Simple ethical tests for a business decision • Transparency • Do I mind others knowing what I have decided? • Effect • Who does my decision affect or hurt? • Fairness • Would my decision be considered fair by those affected?

  8. The Ethical Control Environment  • Do board members and senior executives set an example? • Is there a written code of conduct for employees? • Are performance and incentive compensation targets reasonable and realistic? • Is it clear that fraudulent financial reporting will not be tolerated? • Are ethics woven into criteria that are used to evaluate individual and business unit performance? • Does management react appropriately when receiving bad news? • Does a process exist to resolve close ethical calls? • Are business risks identified and candidly discussed with the board of directors?

  9. The Cultural Assessment–A Critical First Step • Do rank-and-file employees understand the tone set by senior management? • Do employees know, without a doubt, that the organization’s culture encourages ethical behavior at all levels? • Can employees throughout the organization describe the company’s code of ethics? • Do employees in all areas of the organization ask questions and express concerns? • Do your employees believe that the mechanisms are in place to allow them to voice opinions without fear of retribution?

  10. Five-Phase Approach Phase One – Risk and Cultural Assessment Employee surveys, interviews, and document reviews, will help validate the culture of ethics and compliance at all levels of the organization or establish a baseline for change.

  11. Five-Phase Approach Phase Two - Program design and update Phase Two involves the creation of guideline documents that outline the reporting structure, communications methods, and other key components of the code of ethics and compliance program.

  12. Five-Phase Approach Phase Three - Policies and procedures Phase Three is the development or enhancement of the detailed policies of the program, including issues of financial reporting, antitrust and conflicts of interest.

  13. Five-Phase Approach Phase Four - Communication, Training, and Implementation Program specifics and the philosophy behind it must be articulated, communicated, and reinforced.

  14. Five-Phase Approach Phase Five - Ongoing Self-assessment, Monitoring, and Reporting The true test of your ethics and compliance program comes over time. The cultural assessment, mechanisms, and processes put in place today, including employee surveys, internal controls, and monitoring and auditing programs, can help achieve sustained success.

  15. Special Topics- Web Ethics- Multicultural / International Ethics • How are conflicting values handled? • How are legal problems resolved between nations? • How can users evaluate claims made on the Web? • Are the individual’s rights maintained? • What, when, how and who should archive Web material?

  16. Suggestions for developing a Code of Ethics • Keep language simple and concise • Don't write in a "thou shalt not" format • Apply the code evenly to all employees, board members and geographies. • Convene a cross functional team. • Revise and update the code as needed • Make sure people actually understand it, comply with it, and are not afraid to use it.

  17. Information Security: Ethical Issues Is rewarding people for trying to break into systems--even if they're doing it benignly on their own as a hobby, ethically wrong? Should vendors offer cash bounties to bring malware writers to justice? Should there be digital underground for buying and selling computer vulnerability information?

  18. The Positive Impact of Strong Corporate Ethics • Companies that embed positive ethics deep within their culture often enjoy healthy returns through employee and customer loyalty and public respect for their brand. • Companies that go the extra mile with their ethics and compliance programs also lay the foundation for the control environment. • Company officials who observe the law are more likely to avoid stiff personal penalties, both monetary and potential jail time. • Companies that create, communicate, enforce, and promote effective compliance programs, as defined by the U.S. Federal Sentencing Guidelines for Organizations, have been given favorable treatment by the Department of Justice

  19. Code of Ethics/Conduct Resource Centers • Ethics Resource Center http: //www.ethics.org/ • Ten Writing Tips for Creatingan Effective Code of Conduct http: //www.ethics.org/code_writing.html • Center for Applied Ethics http: //www.ethics.ubc.ca/resources/business/eth-inst.html • Ethics Officers Association http://www.eoa.org/ • Creating a Code of Ethics for Your Organization http://www.ethicsweb.ca/codes/ • Institute for Global Ethics http: / / www. globalethics. org/ • Markkula Center for Applied Ethics http: // www. scu. edu/ ethics • Business for Social Responsibility http://www.bsr.org/ • Ethics Codes/Values http://www.bsr.org/B SRResources/IssueBriefDetail. cfm?DocumentID=395 • Institute of Business Ethics http: / /www.ibe. org.uk/ • Center for the Study of Ethics in the • Professions - Illinois Institute for Technology http://www.iit.edu/departments/csep/PublicWWW/codes/ • Ethical Corporation Magazine online http: //www.ethicalcorp.com/

  20. APPENDIX HOW ONE COMPANY DID IT

  21. Our Commitment to Integrity Code of Conduct - Example

  22. What does the Code mean to The Company’s business? Ensures that we conform to legal & regulatory requirements Protects our reputation Customers & business partners want to deal with an ethical organisation Gives us a license to operate Shareholders happy to invest in us Stronger environmental stewardship Employees proud to work for the organisation Greater social engagement

  23. Protect company reputation Promote competitive edge Avoid or mitigate costs of non-compliance Enhance employee morale and productivity Key benefits of Code of Conduct An effective, integrated company-wide programme will… • Optimise good and profitable business • Become preferred business partner • Avoid high risk premiums • Brand protection • Investor confidence • Customer confidence • Individual/company sanctions • Legal and other costs • Government blacklisting • Business interruption

  24. Management Framework- Group Values(Tier 1) Group Standards(Tier 2) Code of Conduct(Tier 2) Group Standards(Tier 2) Universal legal & regulatoryrequirements Internal policies that set higher standard than applicable law • Equal opportunity • Bribery • Competition • Privacy • Safety & environment • Facilitation payments • Gifts & entertainment • Conflicts of interest • Political Activity Administrative instruction, guidance, policies(Tier 3) Context

  25. What is the Code of Conduct? • Brand and Values in action • One Global Code wherever in the world the company operates • Sets minimum legal and ethical standards for all employees • Builds on and replaces “What We Stand For” • Brief, user-friendly terminology • Where to get help and advice • Including Web Talk

  26. How is the Code Organised?

  27. Serious fraud, Loss of Rep Competition law breach Sexual discrimination, Political contributions Small Payments, Conflicts of Interest, Wrongful dismissal Excessive Gifts & Entertainment Compliance & Ethics Compliance & Ethics – the safety analogy REPUTATION International Media 1’s Fatality 10’s National Media DAFWCs Local Media 1000’s Near Misses, Minor Incidents, Safety “Make compliance and ethics second nature, like safety”

  28. Code Objectives for 2005 • Communicate the Code to all staff by “give date” • All ‘Compliance & Ethics Leaders’ receive training in 1Q so they can oversee implementation in their area in 2Q. • Training for everyone will include one or more of the following: • CEO Video • Awareness presentation (in Workshops) • Team leaders to hold 1-2 hour session for their staff either as team meeting or town hall – to include combination of video, presentation, discussion and scenario breakout discussion • e-Learning module

  29. Success will require active support from senior leadership …. • Visible & audible messages from Executive Board • Tone set from the top • Supporting open culture of employee dialogue • Commitment to consistently enforce the Code • Integration of Code values into the performance contract and in promotion decisions

  30. Code of Conduct: Summary • Every individual’sresponsibility • Minimum legal and ethical requirements - allemployees worldwide • Consistent enforcement with appropriate discipline – up to and including dismissal • Any employee who seeks advice/raises an issue in good faith is following the Code – and will not be retaliated against • Many channels for raising questions or concerns, including line manager, functions, GC&E, and Web Consult

  31. Our Commitment to Integrity • Is the action legal ? • Does it comply with the Code of Conduct ? • Is it line with The Company’s values ? • If you do it, will you feel bad ? • Does it match our commitments and guarantees that we have made to others ? • How would it look like in the newspapers ? • If you are not sure, ask ?

  32. Questions?

More Related