AUTHOR
Antony Panteli and Duncan Langford
ABSTRACT
Codes of professional practice have long been assumed to be effective, and promoted as the means by which standards of ethical conduct can be delineated throughout the computing industry. However, to date there has been few studies of the actual effects of code implementation. We In this paper we consider real world approaches towards the construction of professional codes, and examine the effects of the ethical codes in actual working environments. We also examine the enforcement of codes, together with their use to support disciplinary actions. Finally,We conclude by describing a proposed framework for the management of professional codes, at the organisational level. is proposed.
Introduction
While for many years formal acceptance by the computing industry of the value of professional codes was lacking, iIt is now normal for the ethical commitment of professional practitioners to be codified as codes of professional practice (Gotterbarn, 1999). Such codes describe the acceptable standards of professional practice expected from the members of a profession. (Gotterbarn, 1988) (Martin, 1998) (Granger et al, 1997).
However, the term ‘profession’ is used to describe the set of disciplines generally held to be within the domain of the that ‘profession’. If When the varying skills required for each of the computing disciplines listed in figure 1 (Denning 2001) are considered, this contention becomes more apparent. There is little overlap, if any, between the knowledge, skills and professional practices of a database administrator compared to those of a telecommunications engineer.
A ‘one-code-fits-all’ approach is therefore not necessarily practical (Abi-Raad, 1999) (Conger and Loch, 2001). We In order to achieve effective implementation, we must, therefore, consequently seek to establish methods for the construction and management of specialist, focused professional codes at the a ‘micro ‘ level (Panteli 2003). Hopefully, tThis will potentially allow the ethos of the ‘profession-wide’ code to be applied in a manner appropriate to the actual end user, with resultant gains in acceptance and utility.
| IT-Specific Disciplines | IT-Intensive Disciplines | IT-Supportive Occupations |
|---|---|---|
|
Artificial intelligence Computer science Computer engineering Computational sciences Database engineering Computer graphics Human-computer interaction Network engineering Operating systems Performance engineering Robotics Scientific computing Software architecture Software engineering System security |
Aerospace engineering Bioinformatics Cognitive science Digital library science E-commerce Financial services Genetic engineering Information science Information systems Public policy and privacy Instructional design Knowledge engineering Management information systems Multimedia design Telecommunication Transportation |
Computer technician Help desk technician Network technician Professional IT trainer Security specialist System administrator Web services designer Web identity designer Database administrator |
Current Code Construction
Gotterbarn (1999b) describes two very different procedures used to create the ‘ACM Code of Ethics & Professional Conduct’ and the ‘ACM/IEEE Software Engineer’s Code of Ethics & Professional Conduct’. The former involved a collaborative effort by a broad base of contributors; using, and used an iterative process of draft submission to replace an existing code. The latter was developed as an ordinarya typical ‘technical standard’, which consequently required formal review procedures to be conducted at various stages.
The As a matter of declared policy, the reviews review process deliberately enabled enables more concerned professionals to become involved throughout the development process with the creation of — in this case – the a professional code. throughout the development process. Similarly, Ttheis iterative process meant that by the time the second code was ready for adoption, those making the decision to adopt the code had already The As a matter of declared policy, the reviews review process deliberately enabled enables more concerned professionals to become involved throughout the development process with the creation of — in this case – the a professional code. throughout the development process. Similarly, Ttheis iterative process meant that by the time the second code was ready for adoption, those making the decision to adopt the code had already ‘had their say’ on its contents, and were therefore less likely to raise any objections. ‘had their say’ on its contents, and were therefore less likely to raise any objections.
However, theseis procedures is are not how real-world organisations generally go about creating codes of practice. For example, iInterviews with two organisations in the UK (both with in excess of 400 computer users) painted a very different reality. In one case, the organisation had had no code of practice at all, prior to the recent appointment of a new IT manager. He brought the code of practice from his previous employ and, with very little modification, simply re-entitled introduced it.
In the second case example (a local government organisation), the senior auditor of the organisation in conjunction with the IT manager, realising the possible ramifications of not having a code of practice, set about contacting similar organisations to obtain as many examples of existing code documents as was possible. These individual codes were reviewed, and, what were considered to be appropriate partsaspects were, integrated into a new policy document.
In both cases, however, very little consideration was given to the effects of the codes upon the actual end user and their working environment. It is unsurprising then, that once established neither code wais regularly reviewed and updated, and that details of disciplinary actions , brought about due to breaches of codes, are rare, sketchy, and (typically) anecdotal. Probably our most important finding is was the admission by those responsible for the administration of the codes, – in both cases, by those responsible for the administration of the codes, that most of their employees were unlikely to actually be aware of the existence of the Company’sa code.
A Practical Framework
The term ‘code of practice’ is often very frequently confused with ‘code of ethics’ and ‘code of conduct’. Gotterbarn (1999a) describes the distinction as:
| Ethics | – Mission Statements or guidelines of aspirational standards. |
| Conduct | – Clarification of issues although not prescribing specific actions. |
| Practice | – Specific descriptions of issues and corresponding actions. |
However, in approaching code development we must not only must we also consider any applicable lawslegislation, but we must also consider the strategic policies of the organisation for which the code is to be created. This is important essential, especially as we are now able to recognise that a single code of practice should not be interchangeable between organisations.
For the greatest efficiency and acceptance, however, We we must also go one step further though. We must, and also look at examine the users who will be affected by the code, and their specific working environments. There An example: there is very little value in providing a POS terminal operator with an elaborate email security policy, whenif, in fact, they have haved no access to this facility within their working environment.
The A code must also be easily updateable, allowing for fast propagation of code modifications across the user network. as and when needed. Changes in law, ethos, or strategy can must be reflected in the standards required of specific users in specific environments. By ensuring user/environment specificity, we preserve the integrity of non-affected parts of the operation.
We propose a systemised model for the management of professional codes developed using contemporary software engineering methodologies.
Conclusion
If we accept that codes of practice are now the natural method of promoting professional and ethical behaviour among computing practitioners, then we must also ensure that such codes are adhered to and correctly maintained. We have been able to demonstrate that in actual working situations, this is may not currently be the case. If a code of conductpractice is to have any effect it is not enough for it to be generated – those concerned need to be aware of its contents. By attempting to ensure adherence with a code, we must reduce, if not remove, any possibility of confusion of the codes meaning and intent. This Such clarification not only ensures that users are provided with clear and specific guidelines of their performance expectations, but also ensures that code breaches can be correctly and fairly dealt with in disciplinary actions.
The Micro-code framework we propose allows an organisation to create and manage non-redundant user/environment specific codes, with specific consideration to of company policies and legislation.
REFERENCES
Abi-Raad M., (1999), Code of Ethics? Which One?, ACM SIGCSE Bulletin, (Volume 31, Issue 2) Pages 73 – 77.
Conger S. & Loch K. D. (2001), Invitation to a Public Debate on Ethical Computer Use, ACM SIGMIS (Volume 32, Issue 1), Pages 58 – 69.
Denning P. J., (2001), The Profession of IT: who are we?, Communications of the ACM (Volume 44, Issue 2), Pages 15-19.
Gotterbarn D., (12/98), Reconstructing the ACM Code of Ethics and Teaching Computer Ethics, ACM SIGCSE Bulletin (Volume 30 Issue 4), Pages 9-11.
Gotterbarn D., (1999a), Specifying the Standard – Make it right: a software engineering code of ethics and professional practice, ACM SIGCAS Computers & Society (Volume 29, Issue 3), Pages 13 – 16.
Gotterbarn D. (1999b), Two Computer-Related Codes, Perspectives of the Professions (Vol 19, No. 1), available online: http://www.iit.edu/departments/csep/perspective/persp_v19_fall99.html [05/09/2003]
Granger et al., (1997), Using information technology to integrate social and ethical issues into the computer science and information systems curriculum: report of the ITiCSE ’97 working group on social and ethical issues in computing curricula, ACM SIGCUE Outlook (Volume 25 , Issue 4), Pages 38 – 47
Martin C. D., (1998a), Is computer science a profession, ACM SIGCSE Bulletin, (Volume 30, Issue 2), Pages 7 – 8.
Panteli A., (2003), Code Confidential: codes of practice for computing professionals, ACM SIGCAS Computers & Society (Volume 32 Issue 6).