Real World Case on IT and ethics (Below). The passage of the Sarbanes-Oxley Act in the U.S. has greatly increased the compliance obligations of publicly traded companies.Go online to research and explain how the landmark legislation affected the obligations of IT departments, and the way in which they develop and implement new technologies.Provide links to your sources as examples and to support your response.

****** Real World Case Reference******

Texas Health Resources and Intel: Ethics, IT, and Compliance

TheITstaffatTexasHealthResourcesInc.mustde- liver more than technical functionality. And it needs to deliver more than the business requirements: It also has to meet the organization's ethical standards.

To that end, its systems must help ensure that Texas Health complies with laws and regulations.

And they also have to promote the right behaviors and prevent or flag undesirable ones, says Michael Alverson, vice president and deputy CIO at the Arlington-based nonprofit health care system. Consider the challenge of handling patients' medical records. Even though the federal Health Insurance Portability and Accountability Act mandates that agencies keep those records private, caregivers still need to access themwhen appropriate.

So the organization's electronic health records system "gives doctors and nurses who are caring directly for patients quick ac- cess when they use the right authentication," Alverson says.

But additional authentication is required to get records for patients who aren't under the provider's immediate care. The system records who gets access to what, allowing officials to audit and review cases to ensure there's no inappropriate access.

"The IT staff holds itself to similar ethical standards, too," Alverson says. The department has policies that prohibit taking gifts and endorsing vendors, to help guarantee that workers make procurement decisions based only on quality and needs.

FIGURE 13.1

The pervasive use of information technology in organizations and society presents individuals with new ethical challenges and dilemmas.

Source: Punchstock.

And when there's any questionsuch as when a vendor proposes a deep discount if Texas Health agrees to be an early adopter of new technologyIT leaders can turn to the systemwide Business and Ethics Council for guidance.

"If we really want everyone to subscribe to the idea that working at Texas Health is special, then we have to have peo- ple actively believe in doing the right thing," Alverson says.

Companies are increasingly looking at their ethics poli- cies and articulating specific values that address a range of issues, from community commitment to environmental sus- tainability, which employees can use to guide their work. The need to comply with federal laws and regulations drives some of this, while consumer expectations, employee demands and economic pressures also play a part.

Information technology consultant Dena L. Smith lays out a hypothetical dilemma: Should an IT department hire a more expensive vendor because the vendor shares its own company's ethics standards, or should it go with a lower-cost provider that doesn't?

Companies with established ethical standards that guide how they conduct business frequently confront this kind of question, Smith says, but it's a particularly tough question today, given the recession. With IT departments forced to cut budgets and staff, CIOs will find it difficult to allocate dollars for applications that promote corporate ethics.

"The decisions were easier in the days when the econom- ics were favorable, but the choices may have to be more lim- ited now," says former CIO John Stevenson, president of consultancy JG Stevenson Associates. "Now it's how much can you afford to do versus how much do you have to do so you don't get burned." Stevenson says companies that had moved toward certain ethical goals before the economic crisis whether those goals involved green initiatives or corporate re- sponsibility programsaren't giving up their gains. "But if they haven't done that yet, it gets more difficult to say we'll spend more money than we have to," he says.

"Companies use the term 'corporate ethics' to mean many different things. In many organizations, if not the ma- jority, it means compliance with a set of legal and minimum standards. In other organizations, corporate ethics means defining a set of corporate values that are integral to how they go about business," says Kirk O. Hanson, executive director of the Markkula Center for Applied Ethics at Santa Clara University.

Either way, CIOs have an opportunity to show how technology can further their companies' ethics objectives.

"Policy decisions at the very senior level need the sensi- tivity that IT experts can bring to the table," Hanson says. "CIOs will know the capabilities of IT and be able to con- tribute that to corporate strategy. They will also know the misuses of those capabilities and be able to flag those and prevent the organization from stepping in scandals."

Hanson cites a 15-year-old case in which marketing workers at a large telephone company spent millions of dollars to develop a list of customers with ties to the Washington

530Module V / Management Challenges

area that they planned to sell to other marketers. In violation of company policy, they compiled the list using the compa- ny's database of customers who frequently placed calls to the District of Columbia.

Executives learned about the list before the marketing de- partment sold it. IT then developed a system to monitor use and block future unauthorized access to such information, Hanson says. However, it came a bit late, since IT should have developed the application in advance, anticipating the need to protect the information as well as detect any efforts to breach it.

Hanson says IT today can build systems that can screen potential subcontractors and vendors to see if they share cer- tain values.

It's also possible to create tools that flag contracts whose costs exceed expectations in ways that suggest bribery or other improprieties, or set up systems that analyze customer satisfaction surveys to find evidence of unethical behaviors on the part of workers.

Meanwhile, companies that put green initiatives at the top of their ethical concerns can have IT applications that track energy consumption to flag anomalies that indicate inefficiencies or calculate the corporate carbon footprint and identify ways to reduce it.

"You have to step back a minute and ask, 'What is the role of technology around ethics?' " says Smith. "Technology can help from a monitoring, protection and prevention stand- point in a lot of ways." The notion of corporate ethics hasn't always been so broad, says Mike Distelhorst, a law professor at Capital University Law School, a former adjunct professor of business ethics at the Capital School of Management and Leadership and former executive director for the university's Council for Ethical Leadership.

"You'd be hard-pressed to find any company that doesn't have a beautiful ethics and compliance program," Distelhorst says. "They're talking about it and they're working it all out in various strategic documents. But the question is whether they're actually living by it. Some are, and clearly some aren't."

Regardless of where a company stands in the process, IT leaders should be ready to contribute, he says.

"These policies are worked out on the ethics and com- pliance committees below the board level, and they're hav- ing the CIO as a key player," Distelhorst explains.

That's the case at Intel Corp., says the company's CIO, Diane Bryant.

Intel's Ethics and Compliance Oversight Committee estab- lished the following five principles for the company and its work- ers: Intel should conduct business with honesty and integrity; the company must follow the letter and spirit of the law; employees are expected to treat one another fairly; employees should act in the best interests of Intel and avoid conflicts of interest; and em- ployees must protect the company's assets and reputation.

"Intel's IT staff builds and maintains the systems that al- low the company to meet its legal and regulatory require- ments. Such as those laid out for accounting and governance by the Sarbanes-Oxley Act," Bryant says.

It also developed applications and a team of workers to handle document retention, which is crucial should there be a legal case with electronic discovery requests.

But IT also enables Intel to enforce its own values and not just meet regulatory requirements, Bryant explains. So there are applications to help perform rigorous checks on suppliers to ensure that they have sufficient business conti- nuity plans and environmental sustainability plans, as well as ethical stances that match Intel's own. IT has also delivered sophisticated systems that monitor the power consumption and carbon dioxide emissions of Intel's data centers. And it developed systems that monitor for potential malicious be- havior, such as violations of access management rights or the public release of Intel's intellectual property.

"We put solutions in place that help protect Intel's five principles," Bryant says.

Few companies are that advanced in their use of tech- nology to further an ethical agenda. "Companies recognize that they have to be on record as being committed, but they're not yet as convinced that they have to manage it like other parts of their business," Hanson explains.

But when companies do decide to move in that direc- tion, that's when CIOs can shine, offering ideas on what metrics to use and what to measure.

"That's where IT can be a real leader," Hanson says, "since they know what can be measured and captured."

Source: Adapted from Mary K. Pratt, "Business Ethics Steering Clear of Scandal,"Computerworld,August 23, 2009; and Mary K. Pratt, "The High Cost of Ethics Compliance,"Computerworld,August 24, 2009.