That you may retain your self-respect, it is better to displease the people by doing what you know is right, than to temporarily please them by doing what you know is wrong.I was looking for a hook to start this article when the above quote showed up in and it tickled my ethical bone. Boetcker phrased the sentiment in terms of self respect that I understand to include intellectual and professional integrity, being the ethical responsibility to carry out our roles in an effective fashion and by definition to operate within our areas of knowledge and ability.
- William JH Boetcker
Company directors and executives in Australia know this responsibility well from the Corporations Act that imbues them with the obligation to act in good faith, without conflict of interest, with due diligence and for a proper purpose. The due diligence condition has been repeated tested and in practice is similar to negligence. As an issue of compliance, it is arguable that officers of a company must be sufficiently well informed and to have processes in place, training and sanctions to enact such policies. The usual business outcomes and operations give meaning to proper purpose. Conflict of interest resonates with our common sense. What does in good faith mean? To whom does this obligation fall?
Good faith is difficult to ascertain but may include behaving in the fashion that a reasonable person would have in factually similar circumstances, nominally an objective test. In another article I explore in a feather-weight fashion the ethical obligations of forming an opinion and acting in an ethical fashion - in this article I wish to address the same issue a little more seriously and with particular attention to IT governance and the obligations of officers and practitioners in an area that is often a technical minefield. As a result, it is even more important that the technical practitioners in IT and IS make every attempt to properly inform their superiors in their organisations so that the decision makers can make properly informed decisions.
In areas of general management, marketing and human resources it is far more likely that the responsible executives are reasonably versed in the applicable knowledge space so the obligation for their staff to keep them informed, while it exists, nevertheless exerts less pressure. However in IT and IS it is incumbent on the technical practitioners to make their knowledge available in an appropriately summarised form to the responsible officers because those executives cannot access the information they need without this kind of assistance.
The responsibility to put into place the processes to support such a system of communication and reporting is, of course, the responsibility of the directors and officers, the executives that managed the enterprise. Departmental general managers cannot shirk their obligation to remain accountable for their departments performance and their responsibility to put in place compliance systems to support these functions.
Certainly these are well understood in finance and accounting, where the Chief Financial Officer (CFO) may oversee internal and external audit programmes that report to the Risk, Audit and Compliance committees of the Board of Directors. The equivalent functions for the IT and IS departments have similar outcomes but the internal audit function will be the semantically equivalent series of reviews that are held of documents, designs, code and test as part of the software development life cycle.
The conclusion we must reach is that document reviews, peer reviews of designs and code are an obligatory part of the governance and compliance obligations that need to be met by organisations that depends on these functions. Part of assessing and managing financial, reputation and business risk is clearly within the sphere of IT and IS and should be deemed to the relevant department. The software development processes of design and code reviews, document reviews and testing and a natural part of the risk and compliance culture of enterprises where the relevant officers and their subordinates need to be educated of this fact.
The Chief Information Officer (CIO) has this obligation and the people who report to him are required to provide sufficient information for him to adequately perform this function. To do so is to act in an ethical fashion and to retain ones self respect.
No comments:
Post a Comment