When an Employee Has No Johnson and Brings His/Her Own Company Down

In working day to day in the information systems audit and business controls consulting arm of our business, I work under two codes of professional conduct and ethics (over and above my moral imperative). As a member of the Information Systems Audit and Control Association (ISACA), I am bound by that organization's Code of Professional Ethics. As a pending Associate Member of the American Institute of Certified Public Accountants (AICPA) ("Associate member" means you have passed the CPA Exam but are not yet licensed), I am also bound by the AICPA Code of Professional Conduct.

I feel that I have made every good faith effort to be as objective as possible in this whole swirl of controversy regarding the now infamous (at least in the Notes/Domino Community) report issued by the Radicati Group. The recent continued actions of an errant employee (or employees) of Radicati (note that this is not yet 100% confirmed), particularly his/her attempt to discredit Bruce Elgort in an anonymous email to his employer's marketing department (leaving no contact information).

So it is in the spirit of this that I am laying down the gauntlet to whomever sent the email and lacked the courage to stand up and show their real face. Since I am the managing partner of our company, and since Dr. Radicati has chosen not to respond to my e-mail to her, you can direct whatever versions of the email you want to the organizations above (I will even give you email addresses and phone numbers). I can live with the fallout. I wonder if you can? At least I know that one does not need to "scour" blogs. There is a nice invention out there called a RSS reader.
 

Each day as this episode unfolds (as well as other episodes), it is to my inner core that I feel that a strict code of conduct and ethics is needed, no make that necessary to save the credibility of information systems professionals, as well as independent analysts around the world. People do not trust the IT profession. They think that companies such as Microsoft do not do enough to make their software safe. They are convinced that the anti-virus companies are creating viruses to create revenue. They are scared to go on the web for whatever reasons (notwithstanding the fact that they create most of their own problems). People steal software right and left. They download copyrighted files. And the list goes on. Now I do not have numbers to support these often stated generalizations, but I am in discussions with the president of one of the most respected and credible survey research firms in the world about commissioning a survey on ethics and information technology. We just need a financial sponsor, so if any of you know of one, please let me know.

So here is my clarion call for people to digest, discuss, debate, and/or disagree:

1. No individual should be issued a certification by an independent entity or by a vendor unless the certification path has a required ethics component that includes at least 40 hours of education and a written examination. The certifications should require the written signature of the individual agreeing to live up to a code of professional conduct or risk losing their certification.

2. Independent entities and vendors should establish a certification clearinghouse where ethical violations (including, but not limited to legal violations, can be filed.

3. An international, independent body should be formed to develop a code of professional conduct and to maintain the educational/examination processes for this component.

4. Unless independent analysts AND vendors agree to abide by the same standards, they should be considered persona non grata.

This clarion call should be endorsed (in concept at least if not in detail) by all business customers because as we are seeing in this Radicati episode, and as we saw in the Oklahoma State debacle, ethics are taking a beating and bringing down people and businesses.

Enough is enough!