When an Employee Has No Johnson and Brings His/Her Own Company Down
In working day to day in the information
systems audit and business controls consulting arm of our business, I work
under two codes of professional conduct and ethics (over and above my moral
imperative). As a member of the Information
Systems Audit and Control Association (ISACA),
I am bound by that organization's Code
of Professional Ethics. As
a pending Associate Member of the American
Institute of Certified Public Accountants (AICPA)
("Associate member" means you have passed the CPA Exam but are
not yet licensed), I am also bound by the AICPA
Code of Professional Conduct.
I feel that I have made every good faith effort to be as objective as possible
in this whole swirl of controversy regarding the now infamous (at least
in the Notes/Domino Community) report issued by the Radicati Group. The
recent continued actions of an errant employee (or employees) of Radicati
(note that this is not yet 100% confirmed), particularly his/her attempt
to discredit Bruce
Elgort in an anonymous email to his employer's marketing department
(leaving no contact information).
So it is in the spirit of this that I am laying down the gauntlet to whomever
sent the email and lacked the courage to stand up and show their real face.
Since I am the managing partner of our company, and since Dr. Radicati
has chosen not to respond to my e-mail to her, you can direct whatever
versions of the email you want to the organizations above (I will even
give you email addresses and phone numbers). I can live with the fallout.
I wonder if you can? At least I know that one does not need to "scour"
blogs. There is a nice invention out there called a RSS reader.
Each day as this episode unfolds (as well as other episodes), it is to
my inner core that I feel that a strict code of conduct and ethics is needed,
no make that necessary to save the credibility of information systems professionals,
as well as independent analysts around the world. People do not trust the
IT profession. They think that companies such as Microsoft do not do enough
to make their software safe. They are convinced that the anti-virus companies
are creating viruses to create revenue. They are scared to go on the web
for whatever reasons (notwithstanding the fact that they create most of
their own problems). People steal software right and left. They download
copyrighted files. And the list goes on. Now I do not have numbers to support
these often stated generalizations, but I am in discussions with the president
of one of the most respected and credible survey research firms in the
world about commissioning a survey on ethics and information technology.
We just need a financial sponsor, so if any of you know of one, please
let me know.
So here is my clarion call for people to digest, discuss, debate, and/or
disagree:
1. No individual should be issued a certification by an independent entity
or by a vendor unless the certification path has a required ethics component
that includes at least 40 hours of education and a written examination.
The certifications should require the written signature of the individual
agreeing to live up to a code of professional conduct or risk losing their
certification.
2. Independent entities and vendors should establish a certification clearinghouse
where ethical violations (including, but not limited to legal violations,
can be filed.
3. An international, independent body should be formed to develop a code
of professional conduct and to maintain the educational/examination processes
for this component.
4. Unless independent analysts AND vendors agree to abide by the same standards,
they should be considered persona non grata.
This clarion call should be endorsed (in concept at least if not in detail)
by all business customers because as we are seeing in this Radicati episode,
and as we saw in the Oklahoma
State debacle, ethics are
taking a beating and bringing down people and businesses.
Enough is enough!