Revelations of corruption and improper conduct within the IT operations of the Victorian Government painted a damaging picture of Australia's technology sector in 2012.
Staff at CenITex were found in a damning Ombudsman’s investigation to have accepted bribes and kickbacks and offered ‘blank cheques’ to certain suppliers.
Whilst the report generated most interest in iTnews, headlines in the mainstream and business press (“IT service found corrupt”, The Australian) undoubtedly reinforced the worst stereotypes of technology professionals for business leaders and politicians.
Business leaders often struggle to understand the complexities of the technology projects their IT departments engage in and hold grave fears about what level of risk any individuals' access to systems might pose to the organisation's reputation.
“I liken the IT industry to the Wild West,” says Professor Richard Lucas, Head of the information systems discipline at the University of Canberra and an adjunct professor in ethics.
Professor Lucas attributes corrupt activity in the industry to failures in education and accreditation processes.
IT degrees - which are by no means mandatory to being employed - often avoid the subject of ethics, he said. And membership to professional societies that might otherwise promote ethical practice - organisations such as the Australian Computer Society or SAGE-AU, are frighteningly low.
Employers thus often hire staff that appear technically confident “without measuring any other competency," he said.
“People are corrupted almost as soon as they enter the workforce. In the very least, IT staff might be asked to compromise quality to meet a deadline or a budget.”
Does IT require a code of ethics?
Robert Hudson, president of SAGE-AU (the Systems Administrators Guild of Australia) said the CenITex scandal highlighted the need for a "professional code of ethics" for IT workers.
While the "small number of individuals at CenITex should not reflect upon the vast majority of its staff or upon the broader industry… it highlights the value of a strongly enforced code of ethics that is overseen by a professional organisation."
If such a standard was adhered to en masse and "actively policed", he said, organisations could confidently restrict hiring of IT professionals to those certified by a professional body.
To some degree, there is already a candidate for this code of ethics in the industry, in the form of the Australian Computer Society.
“When you sign up to be a member of the ACS, there is a fairly clear code of ethics,” said Dr Nick Tate, president of the Australian Computer Society.
“It isn’t War and Peace, and doesn’t need to be. You as a member agree to put the public interest first, you agree that you are competent, that you will act with professionalism and keep your professional development up to scratch.”
Does it have teeth?
Professor Lucas acknowledged and applauded the ACS' long-standing code of ethics.
“But the real question is – why doesn’t it work?”
“It doesn’t work because so few people belong to SAGE-AU and ACS,” Professor Lucas said. “Under five percent* of IT workers belong to a professional body because there is currently no imperative to belong, whereas if you were a Doctor or a Lawyer, you don’t have a choice."
A survey of the Australian IT industry conducted by the Centre for Applied Philosophy and Public Ethics in 2008 found that close to a quarter of workers in the industry had no formal qualifications.
“The IT industry is not regulated and there is no control over the quality of the education of the people employed," Professor Lucas said.
“The obvious distinction between IT and regulated industries is that being a lawyer or a medico, you can lose your career over your lack of professionalism.
"In IT, you pack up and go somewhere else.”
Moves to regulate the IT sector are likely to meet stiff opposition.
Dr Tate said there was scant evidence that the IT industry requires the same level of regulation as the legal sector.
He noted that the accounting profession has successfully self-regulated.
“It is not mandatory to have CPA [certified practicing accountant] certification,” he said. “Professional associations in the finance sector have been running a long time and they have done a wonderful job. If you were a company hiring a CFO and you interviewed somebody that said they had ‘done a bit of accounting’ and a MYOB course, you might not hire them. You would only hire a chartered accountant or CPA - in that sense it is perfectly regulated by the market.
“That is the vision we have for an ACS Certified Professional or ACS Certified Technologist.”
Both the ACS and SAGE-AU said they would strip membership from any individual found to have acted unethically.
"If it became clear that any SAGE-AU member was implicated in [corrupt] practices, they would not remain a member for long,” said Hudson.
“If we found members were engaged in activities regarded as being against our code of practice, we would take action,” said Dr Tate. “If you’ve not lived up to this standard, you’ve got to go.”
Dr Tate said that in the long history of the ACS, only one individual has ever been stripped of their membership.
Professor Lucas doesn't feel this is enough. He said a professional code of ethics requires “critical mass” in its industry, with a “high sense of esteem from gaining a credential and high risks involved with behaving badly.
“There is none of that in IT industry,” he argued.
“If you read about the history of professional societies – be it for Doctors or Lawyers or Architects – they all claimed they would be hamstrung at the onset of regulation. But in each of their disciplines, regulation clearly worked.
“I think people should do things because it’s the right thing to do, but history suggests there is a time and place for regulation.”
Read on for a discussion on how CenITex and Google need to 'build an ethical culture'.
* This figure is disputed by the ACS.
Building an ethical culture
Professor Lucas said the IT industry sorely lacks an “ethical culture”.
“When we surveyed IT staff, many said they know their organisation has a code of ethics, but they had trouble finding them. They were usually in the bottom of a drawer, and nobody was paying attention to it," he said.
“What you tend to find is – during an ethically-charged event – you as an IT worker are told you have to act now, and there is no time to think about the consequences. Who stands up and says no in that scenario? That luxury is usually only reserved for those in powerful positions - people that believe they won’t suffer any consequences. We all know that the abysmal history of how well whistle-blowers are treated in Australia.
The aforementioned survey asked IT workers why they they didn't stand up when asked to act in an unethical manner.
“The most common response was that they felt it wouldn’t make a difference to the existing culture,” Professor Lucas said. “If you don’t see your management act a certain way, you won’t either. If your leaders clam up about it – you don’t have the confidence to speak out. And even for those few staff that stood up and said it’s wrong initially - when push comes to shove, most said they just gave in and did it anyway.”
Professor Lucas said the IT industry has some well understood standard methodologies for good practice in aspects of the technical work - around project management or programming, for example. “But what we tend to find is that people don’t refer to them until after things have gone wrong, when they finally have time to reflect on the ethics of the decision.”
CenITex CEO Michael Vanderheide, for example, has promised a shift in organisational culture in the wake of the Ombudsman investigation.
Vanderheide has written to both the Ombudsman and CenITex staff of significant changes at the organisation to stamp out corruption.
CenITex plans to tighten its controls around procurement and recruitment processes and decision-making, developing a 'conflict of interest' policy for all 250 staff - to be monitored by the senior executive - with probity matters included in fortnightly executive meetings.
Further, the CEO intends to build a "plain speaking" culture where staff feel encouraged to raise concerns or to challenge poor process such that red flags can be raised internally before aggrieved staff feel obliged to look externally for help.
Room for optimism?
Professor Lucas said it was hard to see ethical practices improving when the shining light of the technology industry - Google - has also been found to have engaged in deceptive, unethical conduct.
“You want to believe that originally there was good intent behind Google's statement, ‘Don’t be Evil’,” he said.
“But given the Google Maps story - when the company ‘accidentally started recording people’s networks’, you are left with the belief that while somebody wrote that statement down, it can be reasonably assumed that nobody practices it. Often a company says one thing - because it is politically correct - but there is no visible practice of the behaviour.
“I have taught ethics in IT for 15 years. I can say all kinds of things to my students: be brave, be honest, be courageous. But I know that people will bend to the existing culture to survive – especially young people. I have to hope my students hang on to those values - be brave, be honest, be courageous - in those first five and six years of the pressure of the workforce, before they get to a position of influence.”