&simon; &mary; 1999 Simon Rogerson, Mary Prior IMIS Journal Originally published as ETHIcol in the IMIS Journal Volume 9 No 1 (Febuary 1999) Companies throughout Europe continue to invest heavily in ICT. It is estimated that Europe's companies spend more than $210 billion annually. Intranets and the Internet are seen as the leading corporate technologies. An increasing number of chief information officers now sit on the board of companies. It is clear that the ICT professional is an important person in the workplace and one who has increasing power and influence. It is important that such people strive to work to the highest possible professional standards. With this in mind the IMIS has long been interested in the ethical and social responsibility issues related to the use of ICT within organisations and by society in general. As part of this interest and activity detailed information has been sought from the membership. A multidisciplined team from the Centre for Computing and Social Responsibility at De Montfort University has investigated the attitudes of information systems professionals to a range of ethical issues. The survey was published in the March 1998 edition of the IMIS Journal. A report of the survey's findings is now available. This edition of ETHIcol highlights some of the key points in the report. Of the 170 respondents to the survey, 152 are members of the IMIS. The overwhelming majority (88.2%) are male. There is an equal number of responses from those aged between 25-40, and 41-50, with fewer in the over-50 age bracket and fewer still under 25. The majority of respondents are experienced personnel; 67.2% have more than 10 years experience as an IS professional. The largest single group by job title is 'Manager/Director of IS' - 26.6% of respondents An encouraging number of respondents - over 90% - either agree or strongly agree that organisations should require all employees to abide by a code of professional ethics, and that employees who violate such a code should be appropriately disciplined. Over 60% of respondents say that their employing organisation has a code of conduct for all employees. However, a much smaller proportion of organisations have a code of conduct for IS employees. Many IS professionals are less than completely satisfied with the existing codes within their organisations. While it is true that respondents to a questionnaire concerning ethical attitudes are likely to be those interested in ethical behaviour, this nevertheless represents an extraordinary level of support for the implementation of ethical policies at an organisational level, although there could be widely diverging views as to what constitutes 'appropriate' penalties among the respondents. A majority also agree or strongly agree that organisations should develop and administer an ethics awareness programme for their employees. The evidence from the survey suggests that it is the younger IS professional who would particularly benefit from such an ethical awareness programme. There is a correlation between the type of employing organisation and those people refusing to work on a project considered to be unethical. There was 100% agreement from the self-employed and 'others', reflecting perhaps the greater freedom of the self-employed to choose their work. The largest proportion of respondents indicating either disagreement or indifference was among those employed in private enterprise outside the computer industry. These results may suggest that many of those who care about the type of projects on which they work choose employment in areas such as public service, while many of those who are less bothered find employment in industries in the private sector. Another possible explanation is that employers in private enterprise outside the computer industry give employees less freedom to refuse to work on particular projects. The other influencing factor is age; a higher proportion of those in the 25-40 age group disagree that they would refuse to work on a project that they considered to be unethical and agree that providing a project makes for an interesting challenge, they do not care about its overall objectives or purpose. As this is a crucial period during which careers are being built, perhaps more employees in this age group find they have to be pragmatic in accepting work than do employees in the relatively well-established older group. If this is the case, there are some important implications here for organisations and for professional societies. This is because it would seem that an unscrupulous organisation could put pressure on a proportion of employees, and especially some of those within the 25-40 age group, to work on ethically dubious projects or aspects of projects. Concerning the recreation of a product, program or design for a new employer, respondents are clearly split on the issue of the ownership of intellectual property of this nature. Age is the most significant factor connected with the response to this issue; more of those over 50 than under 50 say that employees should not be allowed to recreate a product, program or design for another employer. Once again, the younger age groups seem to be taking a pragmatic approach. In this instance it may be related to the stage the young IS professionals have reached in their career: they expect to move between employers and acknowledge the likelihood of re-creating intellectual products. Or it may be reflecting a shift in view across different age groups Respondents draw a distinction between whether their employer's computing facilities are used for the employee's own profit-making or non-profit activities. A majority agree or strongly agree that it is acceptable to use their employer's computing facilities for non-profit activities if this has no adverse affect on their employer (although more than 15% were indifferent). On the other hand, a much smaller number (13.1%) agree or strongly agree that it is acceptable to use their employer's computing facilities for the employee's own profit-making activities, with less than 6% being indifferent. More respondents indicate that their organisation's computer- held data is secure from external than from internal sources. The occupational groups that most frequently reported their organisation's data to be at threat from unauthorised access from internal sources were Database Managers, Technical Services Managers and Network Managers. It would seem that those most closely involved with the storage, access and transmission of data have less confidence in security arrangements than IS managers. This is a worrying finding, as the more pessimistic view of security could be the more realistic one, since it is held by those working most closely with the hardware and software systems on which data is held. There is a clear warning here to IS managers to ensure that they acquire a realistic assessment of the effectiveness of their security arrangements. Over 20% of respondents agree or strongly agree that employers are entitled to use electronic surveillance to monitor employees' performance without their consent. The responses appears correlated with age; the tendency is that the younger the age group, the higher proportion of respondents agree with the statement. It seems extraordinary to find such a high proportion of respondents seemingly unaware of, or indifferent to, the issues raised by the practice of electronic surveillance by an organisation of their employees without their consent. It would seem that fewer of the younger respondents are aware of the ethical issues raised by this practice. Or it may be that the use of CCTV and other electronic surveillance devices has become so ubiquitous in recent years that its presence is taken for granted by younger people, and they see only the benefits in terms of increased public safety and the contribution made towards the detection of criminal behaviour. It is especially worrying in the light of the fact that IS professionals are the employees likely to be called upon to install and maintain electronic surveillance systems within an organisation. A number of statements, worded in slightly different ways, were designed to find out respondents' views of their responsibility to clients and to users. There are some interesting variations in the responses to the different statements. The vast majority of respondents consider the overall working environment to be part of the IS professional's responsibility. An overwhelming majority of respondents agree or strongly agree that ongoing consultation with representatives of all those affected should occur throughout the information systems development life cycle. However, nearly half of the respondents agree that when disagreements arise between development personnel and those affected by the system it is the project manager who should have the final say. There is some variation of response according to the respondents' job titles. Interestingly, higher proportions of the project leaders and analysts than of other occupational groups disagree with the statement. The response to the statement concerning who should have 'the final say' when there are disagreements calls into question how the respondents interpret the terms 'responsibility' and 'consultation'. For an ethically acceptable approach to systems development, consultation needs to embrace meaningful involvement of representatives of those affected. Employees should have some input into any redesign of their working environment brought about by the introduction of new information systems. There is clearly considerable work to be done to persuade IS professionals that all stakeholders in an information systems development project need to be a part of the decision-making process. Those in education and the professional societies have a role to play in encouraging young IS professionals to adopt a more participative approach. A significant minority of respondents agree or strongly agree that it is acceptable for a software contractor, provided with a brief specification, to go ahead and develop the system knowing that in the future re-work under another contract will be essential. Yet to do so would imply a level of deceit to the client. While most respondents agree that it is not acceptable to cut down on testing effort if a project is significantly behind schedule or over budget, a sizeable minority think that it is acceptable. A higher proportion of the under-25s than of other age groups agree that it is acceptable. The findings for both the issue of honesty to the client and the issue of the amount of testing effort confirm a trend apparent in the responses to some of the other statements, for a higher proportion of younger respondents to adopt a less ethically acceptable approach. The findings of the survey point to a high level of ethical awareness among those information systems professionals who responded. Nevertheless, there are a number of areas where more guidance and support for individuals is desirable, to encourage consistently responsible behaviour. The survey includes a number of recommendations for organisations. These are intended to promote more socially responsible practices within the information systems community. It is recommended that organisations should: promote awareness among all employees of: ethical issues the organisation's Code of Conduct (if there is one) how the organisation's Code of Conduct may be applied to guide ethical decision-making; provide a working environment that encourages ethical practices, supporting employees in resisting the temptation to allow commercial pressures to lead to ethically dubious practices - instead, promoting their ethical stance to their commercial advantage; consider the promotion of ethical awareness among younger IS professionals, including the use of more experienced personnel as mentors; establish 'whistle-blowing' procedures to encourage employees who become aware of unethical practices within the organisation to come forward; introduce a clear policy concerning the use of computing resources by employees for their own activities, and consider allowing the use for selected non-profit-making activities as a contribution to the local community or as a legitimate perk for employees; review the security of computer-held data with attention to both technical aspects and management aspects affecting potential threats, especially from internal sources; consider and clarify their policy concerning the re-creation of intellectual property such as a product, program or design by employees when they move to another employer; and seriously consider adopting a Code of Conduct for all employees; and if adopted, include in the Code of Conduct provision for full consultation with employees before initiatives such as electronic surveillance are introduced, and ensure that safeguards for employees are put in place. For a copy of the report, "IS IT Ethical? 1998 ETHICOMP Survey of Professional Practice" please contact the IMIS Office (central@imis.org.uk) Press Release about the launch of the 'Is IT Ethical?' Report. &footer;