As a result of a lot of people doing wrong — executives at Enron, Adelphia Communications and Tyco International, to name but a few — there are now a lot of people trying to make sure that everyone else is doing right (for example, auditors, regulators and those enforcing the likes of the Sarbanes-Oxley Act). And smack in the middle of it all is the IT department.
A few years ago, your company’s lawyers may not have thought there was much to IT beyond the help desk. Now, as a result of lawsuits, indictments, arrests, convictions and accusations, corporate legal departments have become intimately familiar with how their companies’ IT departments operate. The reason for this is that the information on servers and backup tapes amounts to a chronicle of the company’s activities and those of its employees.
At the same time that IT is trying to figure out how to restore data from many years ago (“Do we have a tape drive that can read this format tape? What software was it created with?”), we have to look forward by creating new records-retention policies and trying to make sure that we comply with the latest regulations.
Many IT staffers must be thinking, “It’s nice to be the centre of attention for a while,” and, “So this is what it’s like when other departments know you exist.”
But in all seriousness, these changes elevate IT’s role in the organization and underline the need for IT professionals to act responsibly and ethically.
Of course, the discussion of ethics goes well beyond corporate fraud and creative accounting. There are plenty of situations that can present ethical challenges for IT professionals, including software licence requirements, vendor selection and procurement procedures, administrative access to servers and tools that monitor user activity.
A lot of the time, it’s easy to tell right from wrong (although apparently those guys that made it to the front pages had some difficulty). But often it’s not so black-and-white.
And then there are the issues you read about in the trade press. Should security flaws be made public before the vendor is able to release the patch?
Brian Jaffe is an IT director in New York and co-author of the IT Manager’s Handbook: Getting Your New Job Done (Morgan Kaufmann, 2000)