Revelations of corruption and improper conduct within the IT operations of the Victorian Government painted a damaging picture of Australia's technology sector in 2012.
Staff at CenITex were found in a damning Ombudsman’s investigation to have accepted bribes and kickbacks and offered ‘blank cheques’ to certain suppliers.
Whilst the report generated most interest in iTnews, headlines in the mainstream and business press (“IT service found corrupt”, The Australian) undoubtedly reinforced the worst stereotypes of technology professionals for business leaders and politicians.
Business leaders often struggle to understand the complexities of the technology projects their IT departments engage in and hold grave fears about what level of risk any individuals' access to systems might pose to the organisation's reputation.
“I liken the IT industry to the Wild West,” says Professor Richard Lucas, Head of the information systems discipline at the University of Canberra and an adjunct professor in ethics.
Professor Lucas attributes corrupt activity in the industry to failures in education and accreditation processes.
IT degrees - which are by no means mandatory to being employed - often avoid the subject of ethics, he said. And membership to professional societies that might otherwise promote ethical practice - organisations such as the Australian Computer Society or SAGE-AU, are frighteningly low.
Employers thus often hire staff that appear technically confident “without measuring any other competency," he said.
“People are corrupted almost as soon as they enter the workforce. In the very least, IT staff might be asked to compromise quality to meet a deadline or a budget.”
Does IT require a code of ethics?
Robert Hudson, president of SAGE-AU (the Systems Administrators Guild of Australia) said the CenITex scandal highlighted the need for a "professional code of ethics" for IT workers.
While the "small number of individuals at CenITex should not reflect upon the vast majority of its staff or upon the broader industry… it highlights the value of a strongly enforced code of ethics that is overseen by a professional organisation."
If such a standard was adhered to en masse and "actively policed", he said, organisations could confidently restrict hiring of IT professionals to those certified by a professional body.
To some degree, there is already a candidate for this code of ethics in the industry, in the form of the Australian Computer Society.
“When you sign up to be a member of the ACS, there is a fairly clear code of ethics,” said Dr Nick Tate, president of the Australian Computer Society.
“It isn’t War and Peace, and doesn’t need to be. You as a member agree to put the public interest first, you agree that you are competent, that you will act with professionalism and keep your professional development up to scratch.”
Does it have teeth?
Professor Lucas acknowledged and applauded the ACS' long-standing code of ethics.
“But the real question is – why doesn’t it work?”
“It doesn’t work because so few people belong to SAGE-AU and ACS,” Professor Lucas said. “Under five percent* of IT workers belong to a professional body because there is currently no imperative to belong, whereas if you were a Doctor or a Lawyer, you don’t have a choice."
A survey of the Australian IT industry conducted by the Centre for Applied Philosophy and Public Ethics in 2008 found that close to a quarter of workers in the industry had no formal qualifications.
“The IT industry is not regulated and there is no control over the quality of the education of the people employed," Professor Lucas said.
“The obvious distinction between IT and regulated industries is that being a lawyer or a medico, you can lose your career over your lack of professionalism.
"In IT, you pack up and go somewhere else.”
Moves to regulate the IT sector are likely to meet stiff opposition.
Dr Tate said there was scant evidence that the IT industry requires the same level of regulation as the legal sector.
He noted that the accounting profession has successfully self-regulated.
“It is not mandatory to have CPA [certified practicing accountant] certification,” he said. “Professional associations in the finance sector have been running a long time and they have done a wonderful job. If you were a company hiring a CFO and you interviewed somebody that said they had ‘done a bit of accounting’ and a MYOB course, you might not hire them. You would only hire a chartered accountant or CPA - in that sense it is perfectly regulated by the market.
“That is the vision we have for an ACS Certified Professional or ACS Certified Technologist.”
Both the ACS and SAGE-AU said they would strip membership from any individual found to have acted unethically.
"If it became clear that any SAGE-AU member was implicated in [corrupt] practices, they would not remain a member for long,” said Hudson.
“If we found members were engaged in activities regarded as being against our code of practice, we would take action,” said Dr Tate. “If you’ve not lived up to this standard, you’ve got to go.”
Dr Tate said that in the long history of the ACS, only one individual has ever been stripped of their membership.
Professor Lucas doesn't feel this is enough. He said a professional code of ethics requires “critical mass” in its industry, with a “high sense of esteem from gaining a credential and high risks involved with behaving badly.
“There is none of that in IT industry,” he argued.
“If you read about the history of professional societies – be it for Doctors or Lawyers or Architects – they all claimed they would be hamstrung at the onset of regulation. But in each of their disciplines, regulation clearly worked.
“I think people should do things because it’s the right thing to do, but history suggests there is a time and place for regulation.”
Read on for a discussion on how CenITex and Google need to 'build an ethical culture'.
* This figure is disputed by the ACS.