Skip to content


How is IT influencing culture and ethics? COBIT 5 can help us assess

My last blog ended with an implied question: is information technology influencing culture and ethics?  It is certainly influencing behaviour.  Pokémon Go – need I say more?  But does it extend to culture and ethics?

And when does IT move from beneficial interaction to repetitive abuse?  The Institute of Ethics sets out some simple yet profound guidance in its ‘Ethics in the Provision and Use of IT for Business‘.  Since its publication in 2010, IT has advanced but the principles hold true.

First some ethical fundamentals:

  1. With rights come responsibilities.
  2. Behaving ethically is doing the right thing without the law demanding it.
  3. Culture drives the type and quality of ethical behaviour.

Now three examples:

  1. We have the right to freedom of speech but the responsibility to communicate wisely: was it right for Charlie Hebdo to publish its cartoons?  To quote the Guardian, “the simplest answer is that freedom …. should always be tempered by responsibility. Drawing the line between the two is difficult.”
  1. We must act, as a minimum, within the law but always equitably: was Sir Philip Green fair when selling BHS for £1 to people described as “retailing novices” by the Telegraph whilst a pension deficit existed?
  2. We must feel comfortable with the culture we exist in but check that the culture achieves the right behaviours: what do we do with companies that promote ethical integrity but do not apply it to themselves? And it is not only Volkswagen (again!) but also Mitsubishi.

These are common behavioural dilemmas.  When we factor in IT, opportunity is broadened and achieved faster:

  • Twitter encourages short, informative exchanges but also Twitter Trolls.
  • Skype, Facebook, Snapchat let us stay in touch with friends but also enable social grooming and ‘cyberstalking’ to take place.
  • IT communicates opportunity that includes the opportunity to abuse. It is as if, online, we create an avatar (defined by the Cambridge dictionary as “an image that represents you”) to act differently to our physical self.

I mentioned two examples in my last blog, the Internet of Things (IOT) and Big Data.  How do they impact us, and how can COBIT 5 help us assess where we fit within beneficial interaction and repetitive abuse?

Starting with the IOT, intelligent devices already have changed and will change further how we behave.

Scenario 1, the established practice of automatic decision-making: our insurance is up for renewal.  Automatic rollover is the default, convenient so long as we consciously want to continue with the service.  As retaining the status quo is of financial benefit to the supplier, the onus to cancel is forced on to the consumer.

Scenario 2: refrigerators will order perishable goods when we run out and the money automatically deducted from our bank account.  Great news unless we want to stop an order or to pay differently for goods.  Should the default be to ‘continue as before’ unless we opt out?  Who decides?  Supplier or customer?

Scenario 3: a dementia sufferer has difficulty in remembering to take medication.  The smart dosette box alerts relatives when tablets have not been taken.  Great news for someone who has lost control over a part of their life.

Are these ethical?  That depends on individuals’ circumstances.  Four thoughts:

  1. The benefits are convenience to the consumer, sales to the supplier.
  2. Convenience is not enough as it leads to a form of exploitation.
  3. IOT switches from creating and settling single transactions to multiple ones.
  4. IOT can genuinely enhances lives by offering to do more than the individual can manage alone.

Moving on to Big Data, 3rd parties will know more about us than we do ourselves, and predict our behaviour better than we can.  This means they can tailor products and services to our needs, convenient yet, at the same time, shutting out new opportunities.  Has Big Data analytics the right to determine what we choose?  Marketing and advertising are moving from ‘recommendation’ to ‘coercion’.

Is it ethical?  The new GDPR gives us the ‘right to be forgotten’ over our personal data but what about our personal shopping habits?  The options pushed on to us are changing how we choose.  I feel this area needs a lot more thought to make sure we are not controlled by the dictates of business.

As business opportunities increase as IT develops, how can COBIT 5 help make sure our business remains beneficial and not become abusive?

The three professional guides covering risk, security and assurance each have a chapter on culture, ethics and behaviour.  We can assess the risks to corporate culture that leads to poor behaviour, undermining ethical standards.

Chapter 5 in both the risk and security guides refer to “intrinsic quality” and the extent policies and practices motivate internal and external stakeholders to achieve it, for example how individuals treat each other, take and manage risks, apply security, deal with negative outcomes and are rewarded.

Appendix B4 in the risk guide sets out how important leadership is in making sure good culture and ethics exist in IT, with a “zero-tolerance approach for non-ethical behaviours [that] has clear consequences for misbehaviour”.

Appendix D1 in the security guide lists desirable behaviours to protect all stakeholders, making everyone “accountable for the protection of information within the enterprise”.  I would expand this to apply to all communication, so that suppliers and customers are protected too, making sure trolling, for example, is disallowed by default.

The assurance professional guide provides a comprehensive set of behaviours on pages 73 and 74 that need reviewing, including whether the cultural, ethical and behavioural goals have been achieved.  This is expanded on in Appendix B4.

COBIT 5 will neither make a firm ethical or unethical but, applying it to how business operates, will go a long way to help firms maintain beneficial interaction and avoid repetitive abuse, in the same way that this blog recommends rather than coerces.

 

Posted in COBIT 5, Qualifications.

Tagged with , .