ethical issues 1

8/8/2019 Ethical Issues 1

1/31

Information Systems Frontiers, Vol. 1, No. 2, 1999Focused Issue: Managing Year 2000 Risks Guest Editors: Mark Blaskovich & Prabhudev Konana

Copyright: Kluwer academic publishers

Volume 1, Number 2, 1999

The Year 2000 Problem: Ethical Implications

Leon A. KappelmanCo-chair, Society for Information Management (SIM) Year 2000 Working Group

Associate Professor, Business Computer Information SystemsAssociate Director, Center for Quality and Productivity

College of Business AdministrationUniversity of North Texas

P.O. Box 305249, Denton, Texas 76203

Phone: (940) 565-3110Facsimile: (940) 565-4935

E-mail: [email protected]

Website: www.unt.edu/bcis/faculty/kappelma/

James J. CappelAssistant Professor

Business Information Systems Department

College of Business Administration

Central Michigan UniversityMt. Pleasant, Michigan 48858

phone: (517) 774-3435fax: (517) 774-3356

email: [email protected]: www.mis.cmich.edu/jcappel/

Copyright:


2/31


Copyright : Kluwer academic publishers

The Year 2000 Problem: Ethical Implications

Abstract

As the end of 1990s draws ever closer, organizations are making the dash to the year 2000 finishline. Unfortunately, this is no small task. Moreover, the year 2000 concerns of many

organizations will not end on January 1, 2000. Systems failures will inevitably occur, and expertspredict that the year 2000 (Y2K) problem will lead to numerous lawsuits costing enterprises vastsums of money. With the rise of litigation, it is likely that ethical questions will also be raised

about organizations handling of their year 2000 problems. Among the relevant ethical issues thatwill be considered is did system developers and their organizations have an ethical obligation toaddress the year 2000 problem? This question is of great importance whether the developers

work for in-house information systems (IS) departments or for software and hardware vendororganizations. This paper takes a detailed look at this issue. This paper also focuses special

attention on a typology of factors, derived from models of ethical decision making, that haveserved to inhibit or facilitate organizational responses to the year 2000 problem. The goal of thisanalysis is to recognize and remove the obstacles that remain to an effective Y2K response, so

that organizations can not only become year-2000-ready, but also become better prepared toethically, technically, and effectively manage their information assets. In so doing, organizationswill be pursuing the prudent, ethical course of action that minimizes their legal exposure, and

protects the long-term interests of their stakeholders.


3/31



Introduction

The quotation above aptly describes many ethical decision making situations. Ethical problems

tend to be thorny, requiring, among other things, balancing the interests of various affected

parties and considering ones duties and obligations. There are often no easy answers.

In the case of the year 2000 problem, however, just the opposite of President Johnsons remark

appears to be true. While many information systems (IS) professionals recognize that addressing

the year 2000 problem (Y2K) is in the best interests of their organizations, and they want to do

the right thing, many organizations have failed to take adequate action to ensure that their systems

will be year-2000-ready. In effect, they are placing themselves in jeopardy. Thus, the underlying

ethical quandary with the Y2K issue seems not so much a matter of knowing what is right, but

doing what is right.

Many year-2000-related lawsuits are predicted if systems failures occur and various parties are

harmed. Harm to third parties or not, there is still the issue of the recovery of Y2K repair costs.

In the wake of such mishaps, lawyers, investigative reporters, shareholders, and others will raise

some glaring questions such as: Why did this happen? Could it have been prevented? Who

is responsible? The key question for organizations is how can they best utilize their resources in

the short time that remains to reduce their risks of year-2000-related damages?

Doing whats right isnt the problem. Its knowing what is right.

- President Lyndon Baines Johnson(Source: Boone, 1992)


4/31



This paper explores the ethical dimensions of the year 2000 problem. The ethical responsibilities

of IS professionals and top management to act on the year 2000 problem are highlighted based

upon their professional obligations. In addition, various dynamic forces are examined that have

served to inhibit or facilitate an effective year 2000 response. First, however, it is important to

address the potential harm that may arise from the year 2000 problem and the legal issues

surrounding it.

Potential Consequences of the Year 2000 Problem

The scope and magnitude of the year 2000 problem is truly striking. While the Y2K problem is

commonly perceived as only affecting older, mainframe systems, its effects extend much farther

than this. The year 2000 problem potentially affects packaged software, operating systems,

customized applications, and embedded systems in buildings and equipment, including elevators,

bank vaults, security systems, heating controls, navigational systems, medical devices, telephone

systems, and many other systems. Any computer system that makes use of dates is potentially at

risk, and the age of the system is of little relevance.

The Society of Information Management (SIM) Year 2000 Working Group estimates that

organizations worldwide will spend between $409 and $615 billion on year 2000 conversion

(Kappelman et al. 1998). In terms of individual organizations, Chase Manhattan Corp. will

reportedly spend $250 million on its year 2000 conversion efforts, American Airlines, $100

million, the Internal Revenue Service, $1 billion, and GTE, $150 million (Bergen 1997). The SIM

study also found that organizations on average were expected to spend about 38% of their annual


5/31



information systems operating budgets in 1997 on the year 2000 problem (Kappelman et al.

1998).

The year 2000 problem is also expected to have negative impacts on the economy. Unlike some

systems development projects that may improve efficiency or lead to competitive advantage,

addressing the Y2K problem is largely a systems maintenance expense that a company must bear

just to stay in business. A Standard and Poor's DSI study commissioned byBusiness Week

projected that the year 2000 problem will lead to lower economic growth, lower productivity, and

higher inflation. This study estimated that the economic growth rate of the United States will be

0.3 percent lower in 1999 and 0.5 percent lower in 2000 and early 2001 due to organizations

diverting resources to fix the year 2000 problem (Mandel 1998). Furthermore, these conclusions

only considered the remediation costs and not any possible supply chain or cascading ripple

effects.

The lack of a timely response to the year 2000 problem can result in systems errors that lead to

significant financial losses. For example, invoices may be miscalculated and customers misbilled,

production systems could be shut down, good inventory could be discarded, and many other

problems. Some experts have even predicted that errors in mission-critical systems could be so

severe that they could lead to business failures (de Jager 1996).

Beyond an organization itself, systems that are not year-2000-ready could harm a companys

trading partners. Since many enterprises today are linked through extended supply chains with

their vendors, suppliers, customers, and other parties, non-year-2000-ready systems could corrupt


6/31



the systems of other organizations with which a company exchanges data. This may result in

various problems such as improper billings, the unavailability of parts and supplies, and stalled

production. According to Joe Bione of the Deloitte Consulting Group, Supply-chain interaction

is critical to the success of Y2K as exemplified last year in the General Motors strike. We

observed where one facility could literally shut down the worlds largest corporation There is

very little room for error or even a brief disruption (Melymuka 1998b, p. 60).

Most importantly, the year 2000 issue raises a threat to public safety, since computer programs

that utilize dates also control nuclear power plants, water and sewer plants, chemical factories,

petroleum pipelines, and weapon systems (Scheier et al. 1996/1997). For these systems, potential

year 2000 impacts include injuries, the loss of human life, or environmental damage. For

example, when Phillips Petroleum ran year 2000 simulation tests on an oil and gas platform in the

North Sea in Fall 1997, they found that an essential system for detecting harmful gases such as

hydrogen sulfide failed (Mandel 1998).

Finally, the effects of the Y2K problem resulting from government, public utilities, telephone, and

public transportation systems could be significant. For example, the Department of Health and

Human Services has received low grades from a U.S. Congressional Committee that issues

quarterly ratings on agencies Y2K readiness. This raises concerns that Medicare, Medicaid, and

welfare payments that are delivered by this agency through the states could be delayed (Lester

1998; Neumann 1998). Meanwhile, some state governments are also behind on their Y2K efforts.

An analyst at the GIGA Information Group estimates that states, on average, have completed

remediation work on only about half of their mission-critical systems (Caldwell 1998). The


7/31



Department of Transportation is also among the agencies receiving unfavorable ratings by

Congress for its Y2K readiness, and some have predicted that there could be failures for aviation

and U.S. railroads (Neumann 1998). If these failures materialize, they could obviously be

disruptive to travelers or the flow of goods. Representative Steve Horn, whose Congressional

Committee issues the quarterly report cards on federal agencies, says, What worries us most is

the power gridA power blackout (in some areas) is entirely possible (Zuckerman 1998/1999a,

p. 1A).

Legal Considerations

Since the year 2000 problem poses significant risks to organizations and their constituents, it is

not hard to imagine numerous lawsuits arising from the year 2000 problem. In fact, they have

already begun. A number of class-action lawsuits that seek damages have been filed against

software vendors such as Software Business Technologies, Symantec, Medical Manager Corp.,

and Intuit, alleging that these vendors required customers to purchase Y2K-compliant software

upgrades of certain products instead of providing these repairs for free like other vendors

(Mukherjee 1997;Reuters News Wire 1998). As part of the settlement of several class-action

lawsuits against it, Medical Manager Corp. agreed to provide a free patch to make certain

versions of its medical management software year-2000-ready (Year 2000 Litigation 1998).

The cases against Intuit were also dismissed when the software maker agreed to provide free

upgrades for its non-year-2000-ready versions 5 and 6 of Quicken (Year 2000 Litigation 1998).

In another case that gained media attention, Produce Palace, a Michigan grocery store, sued its

cash register vendors because the systems they sold did not accept credit cards expiring in the


8/31



year 2000 (Hamilton and Springen 1998). As a result, Produce Palace allegedly experienced

more than 100 system crashes that led to lost business and customer goodwill (Century Date

Program News 1997). This suit was later settled out of court for $250,000 ( Market Rids Itself

of Bad Y2K Goods, 1998).

In another intriguing case, Andersen Consulting made a pre-emptive move by suing a

Massachusetts company in a dispute involving work that Andersen performed on a system. The

company, J. Baker, Inc. demanded that Andersen upgrade the system at no cost because it was

not year-200-ready. Andersen seeks a declarative judgment that it fulfilled its contractual

obligation and is not responsible for upgrading the system at no additional cost to the customer.

This case is still pending (Year 2000 Litigation 1998).

Lou Marcoccio, who monitors legal developments for the Gartner Group, reports that he already

knows of about two hundred year 2000 disputes that have been settled out of court, many of

which involved the payment of between $1 million and $10 million (Chandrasekaran 1998). It is

striking to note that the legal costs of the year 2000 problem are estimated to exceed the costs of

fixing the problem itself. GIGA International, a large consulting firm, projects that year-2000-

related litigation worldwide could top $1 trillion (Ditchburn 1997).

Besides software vendors, many other parties are potentially at risk. Consultants could be held

liable if they fail to fix systems adequately. In fact, according to a Wall StreetJournal article, the

consulting arms of some Big 5 public accounting firms have not taken on new year 2000

conversion work due to concerns over potential legal liability (MacDonald 1998). Organizations


9/31



could face product liability lawsuits for year-2000-related systems failures, or corporate directors

and officers could be liable to shareholders if they do not fix year 2000-related-problems or fail to

disclose them properly (Scheier 1996). For example, shareholders of a company might sue

directors if year-2000-related losses lead to falling stock prices. Since companies can negatively

impact others in their supply chain, a firm could also sue its suppliers if their Y2K-related

problems cause delivery disruptions in parts that halt production. Finally, it is predicted that

companies who have to pay year 2000 damages will also file cases against their insurance

companies to try to get reimbursed for some damages that they are forced to pay out

(Chandrasekaran 1998).

Ethical Duties of IS Professionals and Top Management

As noted above, failures associated with the year 2000 problem can result in serious harm. Yet,

many of these failures are preventable if an organization takes timely, prudent action. A key

concern is who in organizations is responsible for taking this action? A careful analysis of this

issue, based on ethical theory and relevant professional codes of ethics, suggests that both

information systems professionals and top management, whether they work for IS vendor or

customer enterprises, have an obligation to act on the year 2000 problem.

IS Professionals.

The responsibilities of information systems to act on the year 2000 problem are founded largely

upon "deontological" considerations. This ethical perspective emphasizes the duties or

obligations of agents (actors). Several national computing organizations have developed codes of

conduct that address the ethical duties and obligations of IS professionals. Relevant provisions


10/31



from three ethical codes are cited below that suggest that IS professionals have a duty to take

timely action on the year 2000 problem.

ACM Code of Ethics. The Association for Computing Machinery (ACM) is an international

organization dedicated to advancing information technology and promoting the highest

professional and ethical standards (ACM 1998, p. 6). The ACM Code of Ethics, revised in

1992, is a fairly detailed code that stipulates general moral imperatives and specific

professional responsibilities for computing professionals in confronting ethical dilemmas in the

workplace (Anderson et al. 1993). Many of its provisions are based upon the fundamental notion

of avoiding doing harm to others (Kling 1995). While it should be recognized that general codes

of conduct such as this are subject to different interpretations by different people who have good

intentions, at least several provisions of the ACM code suggest that systems developers may have

an ethical obligation to act on the year 2000 problem.

General Moral Imperative 1.1, Contribute to society and human well-being: An

essential aim of computing professionals is to minimize negative consequences of computingsystems, including threats to health and safety.

General Moral Imperative 1.2, Avoid harm to others: The computing professional has

the additional responsibility to report any signs of system dangers that might result in seriouspersonal or social damage. If ones superiors do not act to curtail or mitigate such dangers, itmay be necessary to blow the whistle to help correct the problem or reduce the risk.

Specific Professional Responsibility 2.1, Strive to achieve the highest quality,

effectiveness and dignity in both the process and product of professional work: The computing

professional must strive to achieve quality and to be cognizant of the serious negativeconsequences that may result from poor quality in a system.

Specific Professional Responsibility 2.5, Give comprehensive and thorough evaluations

of computer systems and their impacts, including analysis of possible risks : Computerprofessionals are in a position of special trust, and therefore have a special responsibility to

provide objective, credible evaluations to employers, clients, users, and the public... As noted in


11/31



principle 1.2 on avoiding harm, any signs of danger from systems must be reported to those whohave opportunity and/or responsibility to resolve them.

AITP Code of Ethics. The Association of Information Technology Professionals (AITP),

formerly known as the Data Processing Management Association (DPMA), is an organization

whose stated mission is to provide superior leadership and education in Information Technology

(About AITP 1997). Its Code of Ethics stipulates various obligations that information

technology professionals have to their fellow members and their profession, their employer and its

management, their community, and society in general. According to this code, the responsibilities

of IT professionals to management include not to misrepresent or withhold information

concerning the capabilities of equipment, software, or systems and to protect the proper

interests of my employer at all times. IT professionals also have an obligation to society never

to misrepresent or withhold information that is germane to a problem or situation of public

concern (About AITP 1997).

ASM Code of Ethics. The Association of Systems Management (ASM) Code of Ethics is a very

succinct code that identifies ten responsibilities of its members. Included in this code is the

responsibility for information systems professionals to maintain and improve sound business

practices and foster high standards of professional conduct.

Comparison of the Codes of Ethics. A synthesis of these codes suggest IS professionals and the

enterprises they work for have an ethical obligation to act on the year 2000 problem based on

their duties to: avoid doing harm to others, strive for high quality systems, thoroughly evaluate

the impacts and risks of systems, look out for the business interests of their employer, maintain


12/31



sound business practices, and communicate any significant systems risks to management. Given

the risks the Y2K problem raises in terms of financial losses, business failure, harm to trading

partners, and a threat to health and safety, these duties, whether considered singularly or together,

suggest the need for timely and effective action.

As the ACM code notes, IS professionals are technical experts in positions of special trust.

Thus, they need to take a leadership role, including educating management about year 2000 risks

and creating a sense of urgency to act on this issue. Without adequate resources, a year 2000

conversion effort will fail. If top management refuses to take appropriate action, despite the best

efforts of IS management, the ACM code even suggests that whistle blowing may be in order;

however, the specific responsibilities of IS professionals in this regard are uncertain and

controversial.

Interestingly, one Y2K whistleblowing initiative was attempted, but it went out of operation after

only a few months. Consultant Peter de Jager established Project Damocles after he heard horror

stories from people about systems that companies were not fixing that could lead to serious

consequences (Hoffman 1998a). This project allowed a tipster with first-hand knowledge of a

year 2000 problem that a company was ignoring to report it anonymously to a website. That

information was then to be passed on to the company's legal department via registered mail. If a

court case later arose over a systems failure that had been reported, a copy of the report would be

released to lawyers as part of the discovery process. Unfortunately, de Jager ultimately concluded

he had to abandon this project saying, I have no intention to get subpeonaed for the rest of my

life (Melymuka 1998a, p. 3).


13/31



Top management.

Besides information systems professionals, top managers (e.g., boards of directors and corporate

officers) have an important responsibility to act on the year 2000 problem. This responsibility is

rooted in agency theory, which recognizes that the owners and managers of a business are

typically separate and distinct parties. Thus, top management has a fiduciary responsibility to

exercise reasonable care and diligence in managing the business and safeguarding assets (Sawyer

1988). Top management has a duty to take the actions necessary to assure the survival and long-

term profitability of the organization in the interests of stockholders (Badaracco 1995). In

addition, top managers have a basic duty to avoid doing harm to others (Ross 1930) and, as noted

earlier, the year 2000 problem raises various, important harm scenarios.

Addressing the year 2000 problem requires a sacrifice in the sense that other organizational

spending must be postponed and this requires the support of top management. It means devoting

substantial money and manpower that could be put toward other important projects. However,

considering that the alternative (i.e., not acting) can produce such disastrous consequences as

threats to public welfare and safety, financial losses, business failure, and hardship to

organizational constituents, the choice is clear. Top management, as the agents of owners, must

provide adequate resources for year-2000-conversion efforts and ensure that they are

accomplished in a timely, effective manner.


14/31



Organization Year 2000 Responses: Inhibiting and Facilitating Factors

Since addressing the year 2000 problem raises an ethical issue, it is useful to examine ethical

theory to determine what factors may explain the variation of organizations responses to the

Y2K problem. If relevant forces impacting enterprises year 2000 responses can be identified, this

may be help enterprises lagging on the year 2000 problem to move forward to a more effective

response.

Table 1 presents a typology of factors that have affected organizations responses to the year

2000 problem. As indicated in column one of the table, these influences operate at four

environmental levels: individual, professional, enterprise, and external. This classification scheme

is broken down further in column two, based on ethical dimensions derived from elements from

two prominent models of ethical decision making (Jones 1991; Bommer, Gratto, Gravander &

Tuttle 1987). These dimensions involve perceptions of the issue itself (Jones) and professional,

work, social, governmental/legal, and other environmental factors (Bommer, Gratto, Gravander &

Tuttle). Columns three and four of the table indicate how these ethical dimensions apply in either

a positive or negative way to organizations response to the year 2000 problem. Column three

lists inhibiting factors that either have delayed action or had no significant effect on moving

enterprises toward a positive year 2000 response. In contrast, the facilitating factors shown in

column four have exerted a positive influence on getting organizations to adopt a productive year

2000 response. It should be noted that while many inhibiting factors have tended to erode over

time, they still exert important influences on Y2K response.

[Insert Table 1 here]


15/31



Perceptual factors. According to Jones (1991), perceptions of the issue itself play a key role in

determining ethical behavior. At least three dimensions of moral intensity identified by Jones

appear to be instrumental in explaining the varying responses by organizations to the year 2000

issue: (1)magnitude of consequences -- the sum of the harms (or benefits) done to victim (or

beneficiaries) of the act in question; (2) social consensus -- the degree of social consensus about

whether a proposed act should or should not be done; and (3) temporal immediacy -- the length

of time between an act and the onset of the consequences of the act in question (with a shorter

length of time implying greater immediacy).

Avoiding the year 2000 problem (a response that continues even today in some organizations) is

consistent with a low perception of each of these dimensions. First, these organizations have

tended to downplay the magnitude of the consequences of the year 2000 issue, believing that they

are overstated by consultants who are looking to make a fast buck. Well-known Y2K

consultant Peter de Jager, for example, has been struck by those in the media who view the Y2K

problem with suspicion and continue to ask him whether this problem is real (de Jager 1998).

Undoubtedly, there are managers in organizations who share these views. Second, these

organizations may believe that there is a lack of consensus among authorities about the scope and

timetable of a year 2000 conversion effort, and this provides a convenient excuse for delaying

action. In addition, these organizations have felt low temporal immediacy about the issue,

thinking that there is plenty of time left to meet this challenge. There are also pressures for

short-term earnings that serve to justify delaying year 2000 spending.


16/31



However, a more enlightened view of the year 2000 problem, to which many organizations

eventually seem to subscribe, includes just the opposite perceptions of these dimensions. This

perspective recognizes that: the magnitude of the consequences of not addressing the year 2000

problem is potentially great; there is growing support in the IS community that this issue is real

and cannot be ignored (i.e., there is high social consensus); and time is quickly running out (this is

a matter of high temporal immediacy). Where these perceptions are dominant, they help to

facilitate an effective year 2000 response.

Professional codes of conduct. Various codes of conduct have been promulgated over the years

by computing, audit, and managerial organizations. Generally speaking, the members of these

organizations agree to abide by these rules as a condition of membership. While the three codes

of ethics reviewed here suggest that computing professionals have an ethical obligation to respond

to the year 2000 problem, these codes likely have had little impact on organizations year 2000

responses for several reasons. First, there is a problem of decision framing effects. It is likely

that many professionals have not thought about the year 2000 problem as an ethical issue, and,

consequently, they have not consulted the codes for guidance about it. Second, many

professionals may lack an awareness of codes of conduct or their provisions. Since computing

and managerial professionals are not licensed, violations of the code are not subject to strong

sanctions. Flagrant code violations are punishable only by the expulsion of individuals from

membership in the organization. In contrast, if stronger sanctions could be imposed, they would

serve as a facilitating factor for a positive year 2000 response, but that is not likely to happen.


17/31



Work factors. Several forces in the work environment have been powerful inhibitors to action

on the year 2000 problem. In many enterprises, IS management was reluctant for a long time to

bring the year 2000 problem up to senior management out of fear of being blamed for a problem

that appears to have been preventable. Organizational culture did not encourage a frank

discussion of the year 2000 issue, and too many enterprises lingered in a stage of denial about the

problem for too long. As Jackall (1988) points out in a classic book on organizational ethics,

supervisory pressures exert a profound influence on employees perceptions of ethical issues.

According to a former vice-president of a large company, what is right in the corporation is what

the guy above you wants from you (Jackall, p. 6). Thus, organizational culture, and particularly

supervisory pressures, have likely been a powerful determinant on year 2000 responses since their

presence is felt pervasively across ethical issues.

In addition, short-term profitability goals have also tended to delay a year 2000 response. Most

organizations are in business to make a profit, yet responding to the year 2000 problem is

perceived to represent a non-value-added activity. It is a maintenance expense that is required

just for a company to stay in business. Further, Y2K remediation efforts tend to be non-

glamorous and tedious, and many IS professionals would prefer to utilize their skills on other

projects such as new systems development.

Organizational forces such as downsizing, reorganization, mergers, and acquisitions in recent

years have forced a sea of change on IS departments and have brought about pressures to do

more with less. Unfortunately, an organizations other IS projects often cannot come to a halt

during a year 2000 conversion effort. Thus, the need to attend to other concurrent projects and


18/31



priorities has been an inhibiting factor on enterprises year 2000 responses. Many European

organizations, for instance, are behind their U.S. counterparts on the Y2K problem, since this

problem has taken a backseat to the problem of converting systems to handle the euro currency

(Wilson 1997).

In contrast, since a year 2000 conversion effort requires a significant commitment of resources,

key facilitating factors are management support and organizational commitment, i.e., goal

congruence between individuals and the organization. Forward thinking enterprises took various

prudent actions such as: getting an early start, establishing a Y2K project director to lead the

effort, performing systems inventory and impact analysis, addressing systems conversions based

upon criticality, enlisting the efforts of consultants or outsourcers as needed, completing

conversion efforts by the end of 1998, thoroughly testing systems both internally and externally,

and developing contingency plans in the event of systems failures. These organizations realized

rightfully that year 2000 conversion is necessary for the long-term profitability, service levels, and

market share of the enterprise.

Social factors. Through the mid-1990s, the year 2000 problem received relatively little attention

in the popular general or business press. This led to a lack of awareness among the general public

about the Y2K problem, so there were few calls to address it. However, beginning in 1996, the

year 2000 problem gained increasing notoriety in the IS press, and this spread shortly thereafter to

the popular press. IS trade publications began providing regular updates on year 2000

developments, and stories about this problem increasing sprang up in newspapers and magazines.

Today it is not uncommon to see multiple stories about the Y2K problem in Computerworldor to


19/31



find Y2K stories on the front page or business sections of newspapers. This publicity heightened

management awareness of the year 2000 issue. It finally helped to communicate a sense of

urgency about this problem to managers who may have previously doubted its importance. Still

the tendency of the popular press to sensationalize or trivialize the issue inhibits appropriate

actions.

Government/legal factors. Until the past year or so, government and legal factors worked more

to inhibit an effective year 2000 response than to facilitate it. For example, prior to passage of the

Year 2000 Information and Readiness Disclosure Act of 1998, many companies were very

cautious of sharing year 2000 information with their competitors for fear of violating anti-trust

laws. Professionals from competing organizations who may have otherwise shared Y2K

information either did not do so or they met only with their anti-trust lawyers present. It is hoped

that the Act will change this.

Secondly, as Capers Jones and others have noted, government officials, including the President

and Vice President, have not taken sufficient action to raise awareness about the Y2K issue and

urge action (Kappelman 1997; Hamblen 1998). It has been pointed out, for instance, that even

though Vice President Al Gore is perceived as a high-tech leader, he has said little about the

Y2K problem (Moschella 1998). It was not until February 1998 that the Clinton Administration

issued Executive Order 13073 to create the Presidents Council on Year 2000 Conversion to

address the Y2K preparedness of government agencies and to coordinate the preparedness efforts

of the general economy (Aisenberg 1998).


20/31



Third, some have argued that protective legislation that limits or eliminates organizations Y2K

liability also inhibits action (Kappelman 1998a). Several states, for example, have passed

legislation limiting their liability in the event of Y2K-related-systems failures. In July 1997,

Nevada passed a law that protects state agencies from lawsuits arising from year 2000 failures;

the law declares these failures to be "acts of God" so the state will not be liable (Kabler 1997).

Initiatives have also been introduced at the state level to protect software vendors. For example,

a California bill would have protected the state's software industry by limiting the punitive

damages available in year-2000-related lawsuits to bodily injuries or the costs to repair or replace

hardware or software was proposed (Hoffman 1997). While this measure failed, similar

legislative attempts could be made soon.

On the other hand, one of the biggest motivators for organizations to take action on the Y2K

problem has been the potential for lawsuits and damages that could arise from Y2K failures. As

noted earlier, since these costs are predicted to eclipse the cost of systems conversion, they have

gotten the attention of many organizations.

Secondly, internal and external auditors who are responsible for attesting to the integrity of

financial statements and systems have stepped up their Y2K efforts motivated, in part, by the

action of regulators. For example, the Securities and Exchange Commission (SEC) has

aggressively stepped up its Y2K disclosure requirements, after its earlier pronouncements led to a

disappointing lack of disclosure in organizations 1997 annual reports and Form 10-Ks. In July

1998, the SEC issued an Interpretation that requires publicly traded companies to disclose

detailed information about their state of Y2K readiness, costs, risks, and contingency plans (SEC


21/31



1998). Moreover, in October 1998, the SEC took disciplinary action against 37 securities firms

for insufficient Year 2000 disclosures. At the time of this writing, nineteen of these companies

agreed to pay fines of between $5,000 and $25,000 for either failing to file information about their

Y2K efforts, or for filing their forms late or incomplete. The SECs Enforcement Director,

Richard Walker, vowed that the agency will continue to be vigilant in policing companies Year

2000 disclosures (Hoffman 1998b, p. 90).

In the case of the federal government, as noted earlier, the issuance of quarterly report cards by a

Congressional committee on federal agencies Y2K readiness appears to be an important

development. This approach rewards forward-looking agencies with praise while motivating other

agencies that are behind to step up their efforts to avoid the public embarrassment of a bad grade.

The Year 2000 Information and Readiness Disclosure Act of 1998 is designed to encourage

software vendors and other enterprises to share more information with organizations regarding

the year 2000 readiness of their products and services. Prior to the passage of this law, experts

and government agencies reported that about one-third of high tech vendors were silent on the

Y2K issue, another third provided incorrect information about their products, and the remaining

third gave valid, useful information. This law can protect the evidentiary use of statements of

software makers and others made after January 1, 1996, regarding their products or other aspects

of Y2K readiness, be they true or false, except if a harmed party can prove that such statements

were made fraudulently (Kappelman 1998b). It is hoped that this act will facilitate the

information exchange between companies and thereby improve organizations Y2K responses.


22/31



There is danger, however, that anything less than candid and complete disclosures may be seen as

lacking credibility.

Overall, government is forced to play a complex, challenging role in terms of the year 2000

problem. On the one hand, government officials must raise sufficient concern about the problem

among organizations and the general public to propel action and avoid complacency. However,

this message cannot be overly strong or it may induce panic that could lead to other serious

problems. For example, an overly anxious public might make massive withdrawals of cash that

would drain the reserves of the banking system. While the federal government has reportedly

printed an additional $120 billion of currency in an attempt to mitigate such problems (CSPAN2

Broadcast 1998), this situation needs to be avoided. As January 1, 2000 draws closer, the federal

government is increasing its information dissemination efforts. The Presidents Council on Year

2000 has just established a toll-free hot line (888-USA-4-Y2K) that provides information to

consumers about how the year 2000 problem can affect personal computers, small business,

telephones, and other products and services (Y2K Consumer Hot Line Starting 1999).

Other factors. There have been few calls from stockholders to date about the need to address

the century date error. This is likely due to the lack of awareness about this issue that has

persisted among the general public until rather recently (and it could change with the new SEC

Y2K disclosure requirements). In addition, just as some have criticized government officials for

doing too little, too late on the Y2K issue, the same criticism has been leveled against prominent

business leaders. Ironically, for example, some organizations reportedly delayed action on the

Y2K problem because they thought Bill Gates would find a magic solution to it that they could


23/31



adopt (de Jager 1997; Gutterman 1997). In reality, Bill Gates has said very little about the Y2K

problem, and this has caused some to criticize him and other high tech leaders for not taking a

more active leadership role that would have motivated organizations to take more aggressive

Y2K action (de Jager 1997). Finally, Y2K responses have likely been delayed in some

organizations due to the lack of skilled resources to address the problem. As many organizations

rush to meet the Y2K deadline, the demand for Y2K labor has outstripped the supply. In

addition, as noted earlier, some consulting organizations have refused to take on Y2K work for

new clients due to liability concerns (MacDonald 1998).

In contrast, pressures from electronic trading partners have been an important push factor

toward year-2000-readiness. Organizations have become increasingly aware of the damage that

their trading partners could inflict on their systems and operations. Consequently, enterprises

have obtained written assurances from their partners about their Y2K readiness, and companies

have engaged in the inter-organizational testing of systems. For example, in July 1998 the

Securities Industry Association began Y2K systems tests between major stock exchanges, banks,

and brokerage firms (DiDio 1998).

A second other facilitating factor has simply been the increasing availability of most

Y2K resources. These resources range from automated tools designed to streamline and leverage

the manual effort required for systems conversions, to Web sites of year 2000 resources, to third

parties that assist in year 2000 planning and conversion efforts, as well as special interest mail

services and community groups. Of course, with the passage of time, the cost of some resources,

particularly labor, grows ever higher as its availability wanes.


24/31



Conclusions and Discussion

From time to time, anecdotes appear in newspapers to tell us that the year 2000 problem is

already here in terms of its repercussions. Recent reports indicate that more than 40% of

enterprises have already experienced Y2K problems (ITAA 1998). For instance, a 105-year-old

man in Switzerland recently received a letter that told him he was supposed to start elementary

school. This resulted from a computer system that took 100 years off his age, since it stored year

data in two digits rather than four (Associated Press Wire Service 1998).

Ideally, all year-2000-related problems would be as innocent and harmless as this. Unfortunately,

that is not the case. Because the year 2000 problem raises serious consequences, it needs to be

considered also in an ethical context.

This paper provides credible evidence that IS professionals and the top management of their

organizations (both public and private) have an ethical obligation to address the year 2000

problem on a timely basis. Not only is solving the year 2000 problem the ethical course of action,

but it is also in an enterprises own best self-interests. Like many other ethical violations, the

failure to respond to the Y2K challenge can lead to financial losses, business failure, harm to

internal or external parties, negative publicity, embarrassment, loss of reputation, distraction from

meeting company goals, civil damages, and even criminal charges. As John Koskinen, the federal

governments Y2K czar, stresses, Complacency is wrong. This is a problem that doesnt solve

itself (Zuckerman 1998/1999b, p. 10A).

Many organizations have done an excellent job of responding to the year 2000 challenge. They

have completed all or most of their systems conversion activities, and they are currently engaged


25/31



in further systems testing and contingency planning. It would be reassuring to the information

systems community and society in general if these organizations would announce publicly that

they are year-2000-ready, or at least the systems they believe to be ready (such as payroll,

inventory, etc.). Unfortunately, this has happened only in a few cases. For example, President

Clinton recently assured pensioners that, the millennium bug will not delay the payment of social

security checks by a single day (Lester 1998, p. A1). However, despite limited protections of

the Y2K Information and Readiness Disclosure Act of 1998, many lawyers still do not allow

organizational personnel to make such public pronouncements, over fear that these statements

could constitute legal guarantees and be used against them should any unforeseen problems arise.

Many lawyers are concerned this law could be overturned. Management may be ill-advised to

follow such guidance.

For other organizations, the pain of delaying action on the year 2000 problem is being felt acutely.

Some enterprises have more systems problems to fix than they can possibly address before

January 1, 2000. Even worse, these organizations face the continual uncertainty as to what new,

unexpected Y2K problems may be discovered. The best prescription for these organizations is to

make the best use of the time that remains. If mission-critical systems remain to be converted,

enterprises need to devote whatever time and resources are necessary to fix them. This may

require obtaining additional resources from top management and halting all new systems and even

other projects until these systems are converted. Finally, as time grows short, the importance of

contingency planning assumes an even greater role. Organizations must anticipate Y2K scenarios

and develop effective plans to address them, as well as unknown ones. Regardless of the outcome


26/31



of the Y2K, it is hoped that because of it the decision-making processes of those who manage

information assets will become more responsible, proactive, and ethical.

Note: Earlier portions of this manuscript appeared in: Cappel, James J. and Leon A. Kappelman.The Year 2000 Problem and Ethical Responsibility: A Call to Action. The Information

Society: An International Journal 14.3 (July-September 1998): 187-197; Kappelman, Leon A.,1997. Year 2000 Problem: Strategies and Solutions from the Fortune 100 . Boston: InternationalThompson Computer Press; and Cappel, James J. and Leon A. Kappelman. The Year 2000

Problem: An Ethical View. AIS Americas Conference, August 1997.


27/31



References

About AITP. (Author Unknown). Association of Information Technology. Available at http://ww.w.itaaorg,Accessed February 25, 1997.

Aisenberg, Michael, 1998. Year 2000 Regulatory and Legislative Update. Washington, D.C: Galland,

Kharasch, & Garfinkle, P.C. (September 1998).

Anderson, Ronald E., Deborah G. Johnson, Donald Gotterbarn, and Judith Perrolle, 1993. Using the New ACM

Code of Ethics in Decision Making. Communications of the ACM 36.2 (February): 98-107.

Associated Press Wire Service, 1998. Computer Goof Sends Man, 105, to School. The Saginaw News

(November 4): A6.

Association for Computing Machinery (ACM), 1998. Communications of the ACM 41.11 (November): 6.

Badaracco, Joseph, Jr., 1995. Business Ethics: Roles and Responsibilities. Chicago: Richard D. Irwin.

Bergen, Kathy, 1997. "SEC Revises Year 2000 Guidelines to Keep Investors Informed." Available at

http://www.chicagotribune.com/pri...s/9712/12/business/9712120086.html. Accessed December 17, 1997.

Bommer, Michael, Clarence Gratto, Jerry Gravander, and Mark Tuttle, 1987. A Behavioral Model of Ethical andUnethical Decision Making. Journal of Business Ethics 6: 265-280.

Boone, Louis E., 1992. Quotable Business. New York: Random House.

CSPAN2 Broadcast, 1998. The Year 2000 Problem Workshop at George Washington University (December15).

Caldwell, Bruce, 1998. States Lag on Y2K Efforts. Information Week(December 14). Available at

http://www.informationweek.com/713/13iuy2k.htm. Accessed December 17, 1998.

Century Date Program News, 1997. "Y2K Goes to Court." 8.2 (August 18). Available at

http://intranet.cib.fcnbd.com/CenturyDate/CDP%20News/CDPN_8-14-97_y2kcourt.htm. Accessed November 12,1997.

Chandrasekaran, V., 1998. As It Clogs Computers, Year 2000 Glitch May Clog Courts. Saginaw News (May

5): A1, A4 (reprinted from The Washington Post).

de Jager, Peter, 1997. "Dear Mr. Gates." Available at http://www.year2000.com/archive/gates.html. Accessed

December 18, 1997.

de Jager, Peter, 1996. "Take a Reporter to Lunch." Datamation (January 1): 76.

de Jager, Peter, 1998. "An Unreal Question." Available at http://www.year2000.com/archive/y2kunreal.html.Accessed December 17, 1998.

DiDio, Laura, 1998. Wall Street to Test Y2K Readiness. Computerworld (32.6 (February 9): 1.

Ditchburn, Jennifer, 1997. "Lawyers Posed to Pounce on Millennium Bug." Edmonton Journal. Available athttp://www.southam.com/edmontonjournal/computers/102397/stor1.html. Accessed December 18, 1997.


28/31



Gutterman, Jimmy, 1997. "Year 2000 Economic Implications." Chicago Tribune (December 7). Available athttp://www.chicagotribune.com/tech/columns/story/0,1048,237_2,00.html. Accessed December 17, 1997.

Hamblen, Matt, 1998. Government Action on Year 2000 Not Enough. Computerworld 32.22 (June 1): 4.

Hamilton, Kendall and Karen Springen, 1998. Beyond the Year 2000 Bug: A New Wave of Lawsuits.

Newsweek(March 23): 12.

Hoffman, Thomas, 1998a. "Consultant Urges Year 2000 Snitching." Computerworld32.3 (February 19): 6.

Hoffman, Thomas, 1998b. SEC Lowers Boom on Y2K Data. Computerworld32.43 (October 26): 90.

Hoffman, Thomas, 1997. "California Bill Would Put Cap on Year 2000 Damages." Computerworld31.50(December 15): 1.

Information Technology Association of America (ITAA), 1998. ITAA Y2K Survey Finds Failures Already

Starting to Occur. Press Release (March 25). Available at http://www.itaa.org. Accessed November 12, 1998.

Jackall, Robert, 1988. Moral Mazes: The World of Corporate Managers. New York: Oxford University Press.

Jones, Thomas M., 1991. Ethical Decision Making by Individuals in Organizations: An Issue-Contingent

Model, Academy of Management Review 16.2: 366-395.

Kabler, Phil, 1997. "State To Seek Immunity against Year 2000 Glitch." West Virginia Gazette. Available athttp://www.wvgazette.com/News/WV2000.html. Accessed December 17, 1997.

Kappelman, Leon A., 1997. An Open Letter to the President. Year/2000 Journal (November/December): 78.

Kappelman, Leon A., 1998a. Don't Look To Lawmakers For Year 2000 Relief. Computerworld (February 16):37.

Kappelman, Leon A., 1998b. 2000s Leadership Vacuum. InformationWeek(March 16): 147.

Kappelman, L., Fent, D., Keeling, Kellie B., and Prybutok, V., 1998. "Calculating the Cost of Year-2000Compliance." Communications of the ACM 41.8 (February): 30-39.

Kling, Rob, 1995. Beyond Outlaws, Hackers, and Pirates: Ethical Issues in the Work of Information and

Computer Science Professionals. Computerization and Controversy: Value Conflicts and Social Choices. 2nded. Kling, Rob. ed. San Diego: Academic Press.

Lester, Will, 1998. Benefits Checks Said Safe from Bug. Cincinnati Enquirer(December 29): A1.

MacDonald, Elizabeth, 1998. Consultants Shunting Work on Year 2000. The Wall Street Journal (June 29):B6.

Mandel, Michael J., 1998. "Zap! How the Year 2000 Bug Will Hurt the Economy." Business Week(March 2).

Available at http://www.businessweek.com/premium/09/b3567001.htm. Accessed February 20, 1998.

Market Rids Itself of Bad Y2K Goods, 1998. The Saginaw News (September 15): D2.

Melymuka, Kathleen, 1998a. Year 2000 Whistleblower Derailed. Computerworld32.20 (May 18): 3.

Melymuka, Kathleen, 1998b. Y2K Night Sweats. Computerworld32.51 (December 21): 60.


29/31



Moschella, David, 1998. The Year 2000 Question: Where was Al? Computerworld32.24 (June 15): 40.

Mukherjee, Sougata, 1997. "Small Business Throws First Volley in Expected War over Year 2000." HoustonBusiness Journal (December 15). Available at http://www.amcity.com/houston/stories/121597/smallb5.html.

Accessed December 17, 1997.

Neumann, Peter G., 1998. Y2K Update. Communications of the ACM 40.9 (September 1998): 128.

Reuters News Wire, 1998. "Symantec is Sued Over Software." (February 20).

Ross, W. D., 1930. The Right and the Good. New York: Oxford University Press.

Sawyer, Lawrence B., 1988. Sawyer's Internal Auditing. 3rd. ed. Altamonte Springs, FL: The Institute of InternalAuditors, Inc.

Scheier, Robert L., 1996. "New Rule Tightens Year 2000 Noose." Computerworld30.38 (September 16): 1,135.

Scheier, Robert L., Anthes, Gary H. and Alter, Allan E., 1996/1997. "Year 2000 May Ambush U.S. Military."Computerworld(December 23/January 1): 1, 124.

Securities and Exchange Commission (SEC), 1998. Interpretation: Disclosure of Year 2000 Issues and

Consequences by Public Companies, Investment Advisers, Investment Companies, and Municipal SecuritiesIssuers. Issued July 1998. Available at http://www.sec.gov/rules/concept/33-7558.htm. Accessed October 24,

1998.

Wilson, Tim, 1997. "Year 2000 Problem Takes a Backseat in Europe." Available athttp://www.techweb.com/wire/story/twb19971202s0005. Accessed December 17, 1997.

Y2K Consumer Hot Line Starting, 1999. Saginaw News (from Wire Service Reports), (January 11): A6.

Year 2000 Litigation. International Technology Association of America. Available athttp://www.itaa.org/govt/y2k/lit.htm. Accessed December 17, 1998.

Zuckerman, M. J., 1998/1999a. Y2K Fears Subsiding, Poll Shows. USA Today (December 31-January3): 1A.

Zuckerman, M. J., 1998/1999b. Y2K: Minor Glitch or Major Disaster? USA Today (December 31-January3):10A.


30/31



Environments Ethical Dimensions Inhibiting factors Facilitating factors

Individual Perceptual - magnitude of consequences (low)

- social consensus (low)

- temporal immediacy (low)

- magnitude of consequences (high)

- social consensus (high)

- temporal immediacy (high)

Professional Professional codes of conduct:

- computing

- audit

- managerial

- decision framing effects

- lack of awareness of codes or

their provisions

- lack of sanctions for violating

- potential sanctions for violating

Enterprise Work:

- enterprise culture

- enterprise goals

- other work factors

- fear of authority, blame

- denial

- supervisory or group pressures

- emphasis on short-termprofitability

- stress/work demands

- other projects/priorities

- management support

- organizational commitment (i.e.,

goal congruence)

- emphasis on long-term profitabilityand market share

External Social - lack of pressure from the general

public for year 2000 compliance

- growing publicity about the year

2000 issue

Government/legal - anti-trust pressure

- lack of government leadership

- efforts to limit legal liability

- potential for lawsuits, damages

- pressure for Y2K compliance from

auditors

- increased Y2K disclosures

requirements from the SEC

- review of Y2K federal agency efforts

by Congress

- protective legislation designed to

facilitate information exchangeincluding anti-trust waivers

- information dissemination by thegovernment

Other factors - lack of stockholder pressure for

Y2K compliance- lack of leadership from

prominent business leaders

- scarcity of Y2K skilled labor;

refusal of some consultants to takeon new clients

- pressure for Y2K compliance from

suppliers and customers- availability of Y2K resources: tools,

vendors, Web sites, workshops,outsourcers, information


31/31


Table 1: Ethical Factors

About the Authors

Leon A. Kappelman, Ph.D., is a researcher, writer, teacher, speaker, facilitator, and consultant

dedicated to helping organizations better manage their information assets. Dr. Kappelman is anAssociate Professor of Business Computer Information Systems in the College of BusinessAdministration at the University of North Texas, Associate Director of the Center for Quality andProductivity, and co-chair of the Society for Information Management's (SIM) Year 2000

Working Group. After a successful career in industry, he received his Ph.D. (1990) inManagement Information Systems (MIS) from Georgia State University. He has conducted

research and consulting projects in banking, insurance, aerospace, defense, telecommunications,retail, municipal government, educational, non-profit, sales, marketing, distribution, electricutility, petrochemical, and other organizations. In addition to year 2000, his professional

expertise includes the management of information assets, information systems development andmaintenance, change management and technology transfer, project management, and information

systems assessment and benchmarking. He has published dozens of journal articles and his workhas appeared in the Communications of the ACM,Journal of Management Information Systems,MIS Quarterly,InformationWeek, Computerworld, Project Management Journal, theDATABASE for Advances in Information Systems,National Productivity Review,Industrial

Management,Logistics Information Management, theJournal of Systems Management, theJournal of Computer Information Systems, as well as other journals and conference proceedings.He authoredInformation Systems for Managers, McGraw-Hill (1993); Solving the Year 2000

Computer Date Problem: A Guide and Resource Directory, SIM International (1996); and Year2000 Problem: Strategies and Solutions from the Fortune 100, International Thomson ComputerPress (1997).

James J. Cappel, Ph.D., is an Assistant Professor of Business Information Systems at CentralMichigan University. His previous and forthcoming works include articles in Communications ofthe ACM,DATA BASE, The Information Society: An International Journal, theJournal of

Computer Information Systems, theJournal of Systems Management, Information Strategy: TheExecutive's Journal, the Journal of Business Ethics, the Competitive Intelligence Review, and theBusiness Communication Quarterly. His research interests include the year 2000 problem,electronic commerce, ethics, and enterprise software. He earned his Ph.D. in Business ComputerInformation Systems at the University of North Texas.

ethical issues 1

Documents