ethics – week 1
DESCRIPTION
Ethics – Week 1. Lewis University Legal Issues in Information Security Ethics Gary A Bannister FCMA, AICPA, CGEIT Associate Professor. “ What I hear I forget, what I see I learn, what I do I understand.” by Confucius. Why We’re Here Today. - PowerPoint PPT PresentationTRANSCRIPT
Ethics – Week 1
Lewis University
Legal Issues in Information SecurityEthics
Gary A Bannister FCMA, AICPA, CGEITAssociate Professor
“ What I hear I forget, what I see I learn, what I do I understand.” by Confucius.
Why We’re Here Today
“The business and professional world is at a critical juncture – brought about by heightened fear and publicity about computer crime, e fraud, privacy invasion, identity theft, and liability exposure”.
Principles and Practice of Information Security,
Difference Between the Law and Ethics
An ethic is an objectively defined standard of right and wrong.
Ethics is the intent to observe the spirit of the law—in other words, it is the expressed intent to do what is right.
Law - A rule of conduct established and enforced by the authority, legislation, or custom of a given community, State, or nation
What is a Code of Ethics?
A code of ethics is a set of guidelines that describes the norms and principles of the right conduct that a group agrees to work by:
Establishes a baseline for addressing complex issues
Enhances the professionalism and image of the staff by promoting ethical behavior
May act as a reference for developing acceptable use policies
Code of Ethics Do not use a computer to harm other people Do not interfere with other people’s computer work Do not snoop around in other people’s computer files Do not use a computer to steal Do not use a computer to bear false witness Do not copy or use proprietary software for which you have not
paid Do not use other people’s computer resources without
authorization or proper compensation Do not appropriate other people’s intellectual output Think about the social consequences of the program you are
writing or the system you are designing Always use a computer in ways that ensure consideration and
respect for your fellow humans
Simple ethical tests for a business decision Transparency
Do I mind others knowing what I have decided?
Effect Who does my decision affect or hurt?
Fairness Would my decision be considered fair by
those affected?
The Ethical Control Environment Do board members and senior executives set an example? Is there a written code of conduct for employees? Are performance and incentive compensation targets
reasonable and realistic? Is it clear that fraudulent financial reporting will not be
tolerated? Are ethics woven into criteria that are used to evaluate
individual and business unit performance? Does management react appropriately when receiving bad
news? Does a process exist to resolve close ethical calls? Are business risks identified and candidly discussed with the
board of directors?
The Cultural Assessment–A Critical First Step
Do rank-and-file employees understand the tone set by senior management?
Do employees know, without a doubt, that the organization’s culture encourages ethical behavior at all levels?
Can employees throughout the organization describe the company’s code of ethics?
Do employees in all areas of the organization ask questions and express concerns?
Do your employees believe that the mechanisms are in place to allow them to voice opinions without fear of retribution?
Five-Phase Approach
Phase One – Risk and Cultural Assessment
Employee surveys, interviews, and document reviews, will help validate the culture of ethics and compliance at all levels of the organization or establish a baseline for change.
Five-Phase Approach
Phase Two - Program design and update
Phase Two involves the creation of guideline documents that outline the reporting structure, communications methods, and other key components of the code of ethics and compliance program.
Five-Phase Approach
Phase Three - Policies and procedures
Phase Three is the development or enhancement of the detailed policies of the program, including issues of financial reporting, antitrust and conflicts of interest.
Five-Phase Approach
Phase Four - Communication, Training, and Implementation
Program specifics and the philosophy behind it must be articulated, communicated, and reinforced.
Five-Phase Approach
Phase Five - Ongoing Self-assessment, Monitoring, and Reporting
The true test of your ethics and compliance program comes over time. The cultural assessment, mechanisms, and processes put in place today, including employee surveys, internal controls, and monitoring and auditing programs, can help achieve sustained success.
Special Topics- Web Ethics- Multicultural / International Ethics
How are conflicting values handled? How are legal problems resolved between
nations? How can users evaluate claims made on the
Web? Are the individual’s rights maintained? What, when, how and who should archive
Web material?
Suggestions for developing a Code of Ethics Keep language simple and concise Don't write in a "thou shalt not" format Apply the code evenly to all employees,
board members and geographies. Convene a cross functional team. Revise and update the code as needed Make sure people actually understand it,
comply with it, and are not afraid to use it.
Information Security: Ethical Issues
Is rewarding people for trying to break into systems--even if they're doing it benignly on their own as a hobby, ethically wrong?
Should vendors offer cash bounties to bring malware writers to justice?
Should there be digital underground for buying and selling computer vulnerability information?
The Positive Impact of Strong Corporate Ethics Companies that embed positive ethics deep within their
culture often enjoy healthy returns through employee and customer loyalty and public respect for their brand.
Companies that go the extra mile with their ethics and compliance programs also lay the foundation for the control environment.
Company officials who observe the law are more likely to avoid stiff personal penalties, both monetary and potential jail time.
Companies that create, communicate, enforce, and promote effective compliance programs, as defined by the U.S. Federal Sentencing Guidelines for Organizations, have been given favorable treatment by the Department of Justice
Code of Ethics/Conduct Resource Centers
Ethics Resource Center http: //www.ethics.org/ Ten Writing Tips for Creating an Effective Code of Conduct
http: //www.ethics.org/code_writing.html Center for Applied Ethics
http: //www.ethics.ubc.ca/resources/business/eth-inst.html Ethics Officers Association http://www.eoa.org/ Creating a Code of Ethics for Your Organization http://www.ethicsweb.ca/codes/ Institute for Global Ethics http: / / www. globalethics. org/ Markkula Center for Applied Ethics http: // www. scu. edu/ ethics Business for Social Responsibility http://www.bsr.org/ Ethics Codes/Values http://www.bsr.org/B SRResources/IssueBriefDetail. cfm?
DocumentID=395 Institute of Business Ethics http: / /www.ibe. org.uk/ Center for the Study of Ethics in the Professions - Illinois Institute for Technology
http://www.iit.edu/departments/csep/PublicWWW/codes/ Ethical Corporation Magazine online http: //www.ethicalcorp.com/
APPENDIX
HOW ONE COMPANY DID IT
Our Commitment to Integrity Code of Conduct - Example
What does the Code mean to The Company’s business?
Gives us a license to operate
Stronger environmental stewardship
Customers & business partners want to deal
with an ethical organisation
Greater social
engagement
Shareholders happy to
invest in us
Ensures that we conform to legal &
regulatory requirements
Employees proud to work for the organisation
Protects our reputation
Optimise good and profitable business
Become preferred business partner
Avoid high risk premiums
Individual/company sanctions Legal and other costs Government blacklisting
Business interruption
Brand protection Investor confidence Customer confidence
An effective, integrated company-wide programme will…
Key benefits of Code of Conduct
Protect company
reputation
Promote competitive
edgeAvoid or mitigate
costs of non-compliance
Enhance employee
morale and productivit
y
Code of Conduct
(Tier 2)
Universal legal & regulatory
requirements
Administrative instruction, guidance, policies(Tier 3)
Internal policies that set higher standard than applicable law
Management
Framework
- Group Values
(Tier 1)
• Safety & environment • Facilitation payments• Gifts & entertainment • Conflicts of interest• Political Activity
• Equal opportunity• Bribery• Competition• Privacy
Group Standards
(Tier 2)
Group Standards
(Tier 2)
Context
What is the Code of Conduct?
Brand and Values in action One Global Code wherever in the world the company
operates Sets minimum legal and ethical standards for all
employees Builds on and replaces “What We Stand For” Brief, user-friendly terminology Where to get help and advice
Including Web Talk
Health, Safety, Security & the Environment
Employees Business Partners
Governments & Communities
Company Assets & Financial Integrity
Health, Safety & Security
Environment
Fair Treatment & Equal Employment Opportunity
Respectful, Harassment-Free Workplace
Privacy & Employee Confidentiality
Gifts & Entertainment
Conflicts of Interest
Competition & Antitrust
Trade Restrictions, Export Controls & Boycott Laws
Money Laundering
Working with Suppliers
Bribery & Corruption
Dealing with Governments
Community Engagement
External Communications
Political Activity
Accurate & Complete Data, Records, Reporting & Accounting
Protecting BP’s assets
Intellectual Property & Copyright of Others
Insider Trading
Digital Systems Use & Security
How is the Code Organised?
Compliance & Ethics –the safety analogy
Near Misses, Minor Incidents,
Fatality
DAFWCs
International Media
Local Media
1’s
10’s
1000’s Small Payments, Conflicts of Interest, Wrongful dismissal
Excessive Gifts & Entertainment
Seriousfraud,Loss of
Rep
Competition law breach Sexual discrimination,Political contributions
Compliance & EthicsSafety
National Media
REPUTATION
“Make compliance and ethics second nature, like safety”
Code Objectives for 2005
Communicate the Code to all staff by “give date”
All ‘Compliance & Ethics Leaders’ receive training in 1Q so they can oversee implementation in their area in 2Q.
Training for everyone will include one or more of the following:
CEO Video Awareness presentation (in Workshops) Team leaders to hold 1-2 hour session for their staff either as
team meeting or town hall – to include combination of video, presentation, discussion and scenario breakout discussion
e-Learning module
Success will require active support from senior leadership ….
Visible & audible messages from Executive Board Tone set from the top
Supporting open culture of employee dialogue Commitment to consistently enforce the Code Integration of Code values into the performance contract
and in promotion decisions
Code of Conduct: Summary
Every individual’s responsibility Minimum legal and ethical requirements - all
employees worldwide Consistent enforcement with appropriate
discipline – up to and including dismissal Any employee who seeks advice/raises an issue
in good faith is following the Code – and will not be retaliated against
Many channels for raising questions or concerns, including line manager, functions, GC&E, and Web Consult
Our Commitment to Integrity Is the action legal ? Does it comply with the Code of Conduct ? Is it line with The Company’s values ? If you do it, will you feel bad ? Does it match our commitments and
guarantees that we have made to others ? How would it look like in the newspapers ? If you are not sure, ask ?
Questions?