A Framework for Organizational Ethical Assessment with Specific Directions for IT Management

Ernest A. Kallman and H Jeff Smith


Managing computers ethically, that is, acting ethically and assisting others to do likewise, is no easy task for either an individual or a manager. Donn Parker, Susan Swope, and Bruce Baker (all of SRI International), claim that “the application of ethics in information science, technology, and business is more difficult than in other disciplines” [Parker, et al., 1990]. Part of the reason for this is that unethical computer use takes many forms, is performed by people inside and outside organizations, and occurs with computers of all sizes and capabilities, both standalone and networked.

Networked computers are much less secure because of their “outside” connection; therefore, they are more vulnerable to certain unethical activity such as hacking. But in spite of the publicity that hackers have received, most unethical computer activity is performed by people inside a firm, quite often by disgruntled employees. Furthermore, harm occurs and ethical problems arise not only in the use of the computer, but in all the tasks performed by information systems professionals and those who work with them. [Kallman and Grillo, 1996]

The challenge for the IT manager is to understand the current ethical climate in the organization and, where the climate appears deficient, to invoke corrective action. But, even for a willing and pro-active IT manager, few aids exist to guide an organizational assessment and remedial action. This paper proposes, as an assessment tool, a model of stages of ethical growth. The stages reflect the degree to which an organization and its people respond to the ethical challenges of today’s computing environment. To invoke the model, managers are urged to assess ten major areas where unethical activity may take place: individual practice; software development; manager-subordinate relationships; computer processing; work environment; data collection, storage, and access; electronic mail and the Internet; resource exploitation; vendor-client relations; and computer crime [Kallman and Grillo, 1996].

In addition, managers are also asked to plot the organization’s level of achievement on seven dimensions which reflect a commitment to an ethical computing environment: formal ethics objectives; a designated responsible person; established guidelines; a communications process; training; reporting process; audit and revision. Using the assessment model and specific recommended actions, managers can discover their organization’s strengths and weaknesses, understand their ethical challenges, and plan appropriate responses for their particular IT environments.