Ethics, Compliance Auditing, and Emerging Issues: Cyber Crime
Innovation is the way in which humans create unique ideas to solve problems in society. Innovation is linked to technology which has a major impact on society’s ways of life. Therefore, organizations are in a state of continual innovation or are able to take the risk of staying in the marketplace with their competitors who are keen on producing products and services innovatively. Generally, innovation is very significant for the progress of both companies and society at large. Hence, any innovation in technology, science, and other areas helps in solving the problems in society. However, new ideas and technologies present risks to the organization and the surrounding society. For instance, the proliferation of computers presents advantages and options to an average household and organization. Despite the advantages and the options brought by the technological innovation of computers, the innovation comes with risks, for instance, cybercrime which has become a global risk.
Therefore, this paper will analyze cyber crimes as a technological global risk. First identification of the countries associated with the risk will be done and the effects of the risk on all the countries identified will be carried out. The role of ethical decision-making will be analyzed in an organization in regard to cyber crimes and the impact of business ethics on the stakeholders of the company. Moreover, this paper will analyze the importance of the creation of the ethics program in a business and why it is necessary to conduct training as well as engage in compliance auditing. Recommendations for a training plan for social responsibility and ethical considerations in relation to the major risk areas and the selected countries will be made. Finally, the description of the manner in which the compliance auditing will be carried out will be presented.
Cyber Crime as a Global Risk
Cybercrime is among the emerging risk globally due to the advancement in technology through innovations. The affordability and the rise in the use of computers have resulted in the rise in cybercrime globally. Another important technological advancement that goes hand in hand with computers is the internet. This is a global system made up of an interconnection of computer networks such as government networks, and public, private, business, and academic networks which are linked together for easier access to information. In fact instance after the invention of computers, it was mainly used for connection of the academic and military networks. However, the advancement in computers and networking has led to the interconnection of every organization globally. As a result, organizations have experienced both the advantage and adverse effects in relation to ethical issues regarding the use of computers and the internet. This is because the internet and the computer system have provided an opportunity for different cyber crimes to be performed by individuals and organizations (Grabosky, 2000).
Cybercrime is a crime committed via a computer and/or a network. Thus, a computer can be used for committing a cybercrime or can be the target of a crime. Cyber crimes are technological crimes committed by an individual or a group of individuals to cause mental or physical harm to other people. Some crime can cause problems to an entire nation or several countries globally by threatening the nation’s security. Some of the cyber crimes that can be perpetuated through the internet are hacking, infringement of copyright, financial theft, malware, denial of service attack, pornographic, extortion, computer fraud, altering or stealing data, espionage, identity theft, cyberbullying, hate crimes, cyberstalking and drug trafficking.
The extensive type of cyber crimes is the cyber warfare which is carried out by super nations towards each other. Countries are now in the rush to develop abilities in carrying out cyber wars or to protect themselves against any attacks. At the present moment, the cyber warfare has not been kept under control by any treaty or agreement between nations but is controlled by the economic interdependence created by the modern society. The nations such as the United States are more at risk from the cyber attacks than the less developed nations. The less developed nations have weaker military and a cyber attack on the developed nations would act as a weapon for attacking the developed nations. The areas in the superpower nations with inadequate protection are prone to cyber-attacks by the less advanced nations. Cyber attacks are less costly as compared to conventional weaponry which takes up too many resources as well as finances. Thus, cyber-attacks are a better option the modern weaponry and it reduces the chances of being caught and eliminates the ramifications (Goud, n.d).
Countries Closely Associated with the Cyber Crime Risk
The preparedness for cyber attacks by countries is a significant issue. However, there are nations that are best prepared for the attacks while others are not. Some of those who are best prepared include Canada, the United States, Norway, Brazil, Estonia, Germany, Oman, Malaysia, and New Zealand. At the same time, the countries which could be most at risk to cyber-attacks include Belgium, Samoa, Dominican Republic, China, Hong Kong, Afghanistan, South Africa, Tajikistan, and Australia (Goud, n.d). Therefore, the cyber superpowers have been able to respond to a number of attacks in the near future by threatening their cyber capabilities. However, the costs of cybercrime have affected most of these nations making them lose billions to the crime which can’t be traced to an individual or a country (Breene, 2016).
A representation of the average cost in Million of US$ of cybercrime in some countries as of August 2015
Role of Ethical Decision Making in Relation to the Cyber Crimes
In regard to the statistics provided above, the US is currently leading in the highest costs of cyber attacks while Russia has the lowest costs. Most organizations now belong to the global industry and the greatest concern of the management is the development and implementation of an ethical plan which would be helpful in dealing with the challenges of cyber attacks. Hence, the role of ethical decision-making in an organization must be implicit for ethical planning to be successful.
Ethical Issues in an Organization
An organization comes across many ethical issues in its operations. The ethical issues affect the company in one way or another. Companies should be very careful when dealing with other issues such as financial growth and sales they forget to deal with ethical issues in the organization (De Colle & Werhane, 2008). some of the ethical issues which a company has to deal with in their operations include accounting fraud, bullying, corruption, conflict of interest, discrimination, fraud labor standards, violation of the rights to privacy, and many more crimes including cyber crimes such as hacking to get the organizations information (Gonzalez-Pedron, 2015). Therefore, it is not easy for an organization to make ethical decisions. The decisions must be in accordance with the code of ethics of the company and the ethical principles of each individual in the company. The type of ethical decision to be made in an organization should be based on moral reasoning which would be helpful in presenting the best moral option to be taken in times of risks such as cyber-attacks.
Moral reasoning simply means that the people involved in decision-making are considerate of the right or wrong aspects of a decision. According to Archie et l., (2014), the moral character has a significant role in the determination of moral responsibility. Moreover, virtue ethics takes into account the moral character of an individual while making good decisions for an organization. A virtuous person has characteristics such as honesty, fairness, humility, and trustworthiness which are important in the identification of the ethical or right action to take in a situation (de Colle & Werhane, 2008).
Ethical decision-making requires the use of reasoning and logic in any situation. Therefore, the individual must be aware of the intentions of their actions, the consequences, and the effects of the actions on others in the organization. For instance, an individual might use the computer in the office in the wrong way so as to prevent hurting other people or to prevent someone from harming others. These actions can also be for selfish reasons or for the good of the company against their competitors. Another example is stealing the rights and procedures of doing something from a rival company through the use of computer software or infecting their computers with a virus to beat rivals. In such circumstances, moral reasoning is very important in order to have the judgment of what is right and what is wrong. Moral reasoning requires the organization or the individual to make an analysis of the situation and to consider all factors which will affect a decision (De Colle & Werhane, 2008). Thus, an individual or an organization will be in a better to decide on pursuing what they deem as right as well as the flexibility and the strength to uphold their moral principles (Gonzalez-Padron, 2015).
Importance of Ethics on Stakeholders
A stakeholder is a party that is likely to be affected by a decision of the organization. The stakeholders of a company can be employees, suppliers, creditors, customers, competitors, the government, and the surrounding community. Thus, any decision made by the company affects these stakeholders in one way or the other (De Colle & Werhane, 2008). An example is that of a company that was making a lot of losses due to competition and decided to use technology to control its production and service delivery. The decision was made in consideration of the stakes they had while staying put or making the changes. Not changing the system would disadvantage investors in terms of losses while changing would render most of the workforce jobless. The suppliers of some of their products would lose income opportunities. The surrounding community would lose opportunities that came with the company such as job opportunities or will have to deal with the challenges of technology such as air and water pollution. Moreover, the change will impact the government in terms of revenues and they will have to change regulations to now deal with technology. However, the company has to decide which decision is most appropriate for all the stakeholders in such circumstances.
The code of ethics in a company is the guiding principle that helps in deciding what is right and what is wrong. The employees, suppliers, customers, and other stakeholders such as the surrounding community of the company are required to abide by these codes of ethics of the organization. In a company there exist many decisions to be made, problems needing solutions, and other issues which need to be reviewed. Therefore, business ethics is very significant in the development of employee as well as customer loyalty. Loyalty to the company will avoid bad decision-making in by the stakeholders of the company and in the end avoid a bad reputation for the company (Archie eta l., 2014).
Importance of Ethics Program, Training, and Compliance Audit
The time and resources spent on training workers would be a waste if those workers are lost through poor ethics. Thus, the workers being the greatest assets of a company should be ethical as they deal with the other stakeholders of the company, especially the customers. Hence, training employees on good ethics would help in the decision-making and the loyalty of both the employees and the customers of the organization. Training and retaining good employees in the company would be building a good reputation for themselves which will in the end attract investment opportunities (Boundless, 2015).
For an effective ethics program, some elements must be present for instance, the ethics program must have a structure consisting of an ethics officer, along with the board of directors to oversee the program and a reporting relationship within the program. Next, corporate standards must be established through the establishment of a code of conduct and consider the global impact in its implementation. The organization must then develop a training plan and execute the plan. This should be followed by the creation of investigative procedures which include ethical guidance, investigative processes, and the reporting mechanism. Finally, the organization must assess the effectiveness of the program through the assessment of ethical performance. This can be assessed by putting a metric system in place which would help in quantifying the impact of the program on the employees’ behavior and limiting misconduct (Gonzalez-Padron, 2015).
Goals and Objectives of the Training Program
An ethics training program is important as it allows the organization to communicate to the suppliers, employees, investors, and customers some important information. A successful training program has the capability of strengthening the relationships of stakeholders and the reputation of the company. An official ethics training program will do away with misunderstandings and confusion between the stakeholders in the organization as the same information is shared between them. Therefore, the objective of the training is to eliminate or reduce the conduct viewed as disorderly in the organization (Boundless, 2015).
The training will involve placing the employees on various ethical scenarios through role-playing as well as questions and answers sessions. They will then be provided with ethics handbooks for them to review and search for ethical issues and raise questions concerning the ethical issues found. The training will also present the way forward or what actions to take or whom to notify or report in case the employees have any ethical concerns (Boundless, 2015).
According to Julisch et al., (2005) a company needs to carry out a system and application audit to verify the appropriateness and effectiveness of the application and the systems. Thus compliance should be measured by checking if there is adequate control which will ensure timely, valid, reliability of processing of the secure input and output at all levels of the organization. An audit of the IT system in a company can be done through technological innovation audit which develops a risk profile for new and existing projects. Moreover, a comparison audit will be carried out to compare the company’s innovative capabilities in relation to its competitors. Lastly, the audit of the technological position will review the current technologies in the company and those that are needed (Goodman & Lawless, 2010).
The first step will be planning for the audit, then analyzing and evaluating of the results, followed by the testing and the evaluation of the results. Subsequently, reporting of the results will be performed and finally, the follow-up of the report will be done to ensure compliance with the IT requirements (Robert, 2005). Consequently, the company will be in compliance with the laws and regulations of the industry in which they are operating. In addition, compliance is important for the organization’s reputation and for saving the company from legal fees and other losses.
Cybercrime is among the emerging risk globally due to the advancement in technology through innovations. Some of those countries which are best prepared include Canada, the United States, Norway, Brazil, Estonia, Germany, Oman, Malaysia, and New Zealand. While those most at risk for the cyber attacks include Belgium, Samoa, Dominican Republic, China, Hong Kong, Afghanistan, South Africa, Tajikistan, and Australia. In this regard, the role of ethical decision-making is the development and implementation of an ethical plan which would be helpful in dealing with the challenges of cyber attacks. Minimization of the cyber attacks would be beneficial to the stakeholders of the company s the risk of doing business will be eliminated. Thus, an effective ethical program will enhance decision-making and the loyalty of both the employees and the customers of the organization. Training and retaining good employees in the company would be building a good reputation for themselves which will at the end attract investment opportunities. A compliance audit will evaluate the appropriateness and effectiveness of the application and the systems in place for success in the industry.
Archie, B. eta l., (2014). Corporate Responsibility: The American Experience. Administrative Science Quarterly, 59(3)
Boundless. (2015, June 27). Ethics Training: Boundless Management. Retrieved from https://www.boundless.com/management/textbooks/boundless-management-textbook/ethics-in-business-13/ethics-an-overview-95/ethics-training-447-1833/
Breene, K. (2016, May 04). World Economic Forum. Who are the Cyberwar Superpowers? Retrieved from https://www.weforum.org/agenda/2016/05/who-are-the-cyberwar-superpowers/
De Colle, S. Werhane, P.H. (2008). Moral Motivation Across Ethical Theories: What Can We Learn for Designing Corporate Ethics Programs? Journal of Business Ethics, 81(4),751–764. Goodman, R.A.& Lawless, M.W. (1994). Technology and Strategy: Conceptual Models and Diagnostics. Oxford University Press: Oxford.
Grabosky, P. (2000). Computer Crime: A criminological Overview. Australian Institute of Criminology. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.4660&rep=rep1&type=pdf& embedded=true
Goud, N. (n.d). List of Countries which are most vulnerable to Cyber Attacks. Retrieved from https://www.cybersecurity-insiders.com/list-of-countries-which-are-most-vulnerable-to-cyber-attacks/
Gonzalez-Padron, T. (2015). Business ethics and social responsibility for managers. Retrieved from https://content.ashford.edu/
Julisch, K. et al., (2011). Compliance by Design – Bridging the Chasm between Auditors and IT Architects. Computers & Security, Elsevier, 30 (6-7).
Robert, E.D. (2005). IT Auditing: An Adaptive Process. Mission Viejo: Pleier Corporation.