Most commercial and academic computers are networked, normally sharing connections with a local mailhost and fileserver, as well as enjoying onward links to the wider Internet, often through a company proxy server. Today, dependence upon local and global electronic mail (email) is routine, and the sharing of computer files and reliance upon information held on a local Intranet is both widespread and growing rapidly.
However, within many companies such use may have developed piecemeal, without any particular consideration of non-technical issues. Lack of usage considerations might well lead to potential problems, for manager and user alike. Given that business computers must inevitably be used by people, I suggest questions concerning the social, rather than technical, use of company computer systems are not only justified, but essential to ensure appropriate business use. For example: assuming the design and implementation of a typical commercial computer system only took account of technical issues, are clearly defined safeguards (for systems operators, as well as users) likely to be in force? Might the expectations of the owners of a networked system potentially conflict with the users of that system? Have guidelines been developed which specify how a company anticipates its computers should be used – and, if so, are such guidelines appropriately policed? Of course, large organisations, with greater resources, have often been able to give thought to the wider issues of corporate ethical behaviour, and in consequence are more likely to have generated company policies and ethical guidelines. However, even if such policies exist, the rapidly evolving issues involving employment of company computer systems may mean relevant sections are overdue for revision, while specialist consideration of computer use might well have been overlooked entirely. Naturally, in other, less well resourced, business settings, the reduced support available for generation of company policy guidelines could well result in an absence of direction, or even an ethical vacuum, where official definition of appropriate computer use is unclear and uncertain, and employer expectations of computer-using and computer-supporting staff are undefined.
While potential problems in the use of company computer systems may be obvious, the dependence of modern business and commerce upon computers is growing dramatically, increasing the risk of computer-related difficulties.
With honourable exceptions, official company policies toward computer use and abuse are typically either non-existent, or out of date. In view of the importance to business of appropriate use of their computer systems, I suggest a regular, independent and objective inspection of company systems is essential. The concept of such a regular evaluation – for which I have appropriated the accounting term ethical audit – should allow a business to feel confidence in the appropriate employment of its computer systems.
This paper briefly examines the background to the use of business computer systems, and addresses the need for both clear definition and regular and appropriate evaluation of that use. It then discusses the concept of ethical audit as applied to computer systems, and considers examples of such an audit in a variety of settings. It concludes with an evaluation of the advantages and disadvantages to business computing of the ethical audit procedure.