OMM640 Business ethics and social responsibility
Ethics, Compliance, Auditing, and Emerging Issues
Describe an emerging global risk for 2015 and beyond
Technology risk is insofar the greatest challenge facing majority of businesses across the world, yet many remain oblivious to the risks they are exposed to. Technology risk includes cyber attacks, data fraud/theft, critical information infrastructure breakdown and misuse of technologies. Technology risk has the greatest financial impact on a company, in addition to time consumption and loss of trust from customers. The impact and likelihood of a cyber attack in the modern business environment is estimated at above average, and the threats are becoming more each day. This is compounded by the fact that businesses have become more hyper-connected, and sensitive personal and consumer data is currently being stored in cloud where hackers can gain access from any part of the world.
Currently, more businesses continue to lean on technology as an integral part of their daily operations. This is due to the realization that businesses can only remain competitive in the modern world by adopting the latest technologies. This has in turn brought about technology-driven threats in the digital world. Emerging technologies such as data mining and cloud computing has created vast opportunities for businesses in terms of data and information gathering, storing and retrieval. Nonetheless, these new technologies present new threats which are often unknown or unanticipated by businesses. Worse still, most managers do not understand how technology poses serious risks in the business. Since they do not want to appear incompetent in matters to do with technology, they often shy away from talking about it.
Related content : Hacking AIS
Hacking is the greatest form of technology risk that businesses face today. About 33% of all technology risk aspects comprise of hacking. This is where malicious programs are used to obtain sensitive business information such as customers’ card details and later used to commit fraudulent transactions. The second risk aspect involves system failure. This accounts for about 30% of all the risks associated with technology. Systems failure may be brought about by hardware failure, utility disruptions and software failures. A number of institutions are at risk of experiencing failures in their computer systems from the larger data they process daily from mobile applications, computer applications, and other virtual devices. New applications present a 29% technology risk while deliberate malicious applications stand at 27% (“ACE Group,” 2015).
Some of the companies which have come under cyber attack include Target Company, TalkTalk in the UK, Orange France and others. In all these cases, customer’s personal data was stolen and used to commit fraudulent transactions resulting in huge losses. Surprisingly, about 90% of the cyber attacks originate from employees – this is through irresponsible online behavior, basic error, carelessness when handling their digital devices and loss of work equipment (“ACE Group,” 2015). There is no easy way out of the risks posed by cyber attacks. In most cases, cyber criminals remain anonymous and the business has little chances of apprehending them.
Discuss the key countries that might be associated with the risk
Ironically, technology risks are mostly associated with countries that rely heavily on technology. In that line, the United States is at a high risk of experiencing cyber attacks than any other country. The U.S. lacks an appropriate defense mechanism against cyber threats, making it a haven for cyber attacks. According to Kakutani (2010), the U.S. is more susceptible to cyber attacks compared to minor countries such as China, Russia, and other smaller nations such as North Korea. The U.S. relies heavily on new technology and storage of data in databases making it highly vulnerable to attacks from all over the globe. Countries lagging behind in technology adoption are less susceptible to cyber attacks. Nonetheless, this does not necessarily mean that countries should not adopt modern technologies – the benefits far outweigh the risks.
The banking system and payment systems involving use of credit cards in the U.S. are greatly exposed to cyber attacks. This is documented by the number of cyber attacks targeting banks and other institutions which keep sensitive consumer data during payments. A string of attacks have hit companies such as Target Company, Primera Blue Cross, Anthem, Sony Pictures, JPMorgan Chase, Home Depot, and others. These attacks led to loss of sensitive customer information, and the trend continues. In 2010, the Cyber Command and the Department of Homeland Security were unveiled to fight cyber crime. However, these agencies were formed to protect the federal government, leaving financial institutions and other retail businesses vulnerable to cyber attacks (Kakutani, 2010). The federal government is yet to establish institutions that can defend banks and other institutions during attacks, making them more vulnerable.
Evaluate the role of ethical decision-making in business organizations
Ethical decision making in business organizations has a key role to play in their success. Ethical decision making in business organizations constitute what is right or wrong decisions or behaviors. Ethical decisions can be described as those which are largely acceptable in the eyes of the law and the community. Business ethics involve the application of moral or ethical principles to solve complex problems that arise in business organizations (Gonzalez-Padron, 2015). Ethical decision making is critical to the viability of business organizations in the modern world. Unethical practices have led to heavy penalties, imprisonment and in worst cases failure of business organizations.
Deducing from above, ethical decision making helps to ensure longevity of the business organization, ensures the well-being of employees, suppliers, directors and individual officers, and helps the organization protect the welfare of the consumers and the society at large. The attitude of the top leadership towards ethical decision making sets the tone in the entire organization. Unethical managers often encourage employees to follow in the same steps and to engage in unethical practices (Gonzalez-Padron, 2015). The specific roles ethical decision-making plays among each of the categories will be discussed in the literature below.
Related paper : Accounting information system (AIS) Needs
Ethical decision making helps individuals in business organizations decide what is wrong or right, avoiding consequences such as sanctions, imprisonment and fines. During ethical reasoning, employees analyze complex business problems by looking at their duty and the possible consequences of their actions (Miller & Jentz, 2010). In this case, consequences are analyzed in terms of what the law dictates, and the punishment for going contrary to the law. Ethical decision making enables business organizations to be socially responsible in their operations. Social responsibility is an important role of business. In maintain corporate social responsibility, business organizations are responsible for their actions to the community at large. Business organizations are expected to give back to community, ensure responsible utilization of resources, minimize on pollution and ensure least negative impact on the environment.
Ethical decision making enables business organizations to maintain trust with shareholders, suppliers and customers. This is because the relationship among shareholders, suppliers, customers and the business is based on trust (Miller & Jentz, 2010). Customers expect the business to perform its duties accordingly, while suppliers also expect the business to fulfill its contractual obligations and to exercise fair dealings. The business is also expected to act to the best interest of the various stakeholders such as shareholders by focusing on stability and maximizing profits. Ethical decision making enables business organizations conform to the law and other written rules and procedures. The law contains gray areas or legal uncertainties. By analyzing whether the consequences of their actions will be right or wrong, employees are able to decide on correct decisions which do not have legal consequences (Miller & Jentz, 2010).
Impact of business ethics on stakeholder relationships
Stakeholders to a business encompass all individuals who have an interest either directly or indirectly in the organization. Thus stakeholders not only include individuals who receive monetary rewards but also those individuals in the community where the business operates. Examples include customers, suppliers, shareholders, investors, employees, the society and the government. Businesses consider the consumers, employees and shareholders as the most important stakeholders. Business ethics have a significant impact on the shareholders. As a result, most businesses have adopted stringent measures to ensure they act ethically.
Proper business ethics are important in establishing good rapport with various stakeholders. Business organizations which act unethically damage their reputation among consumers, who are among the primary stakeholders (Usnick, L., & Usnick, R., 2013). Consumers often change their perception of firms reported to have instances of ethical misconduct. Negative reputation drives sales down resulting to reduced profits. Unethical behavior among business organizations erodes investors’ confidence. Firms which manipulate their financial statements often erode investor confidence. Investors pull out their investment which leads to decline in shareholders’ value. Such actions increase consumer scrutiny which may result in a negative reputation. Business organizations are legally obligated to give a true and fair statement of their financial position to the public.
Unethical behavior that harms the community may result in strained relationship between the community and the organization. Communities are more concerned with the impact of the business organization to the natural environment. For instance in China, there have been violent community protests as people hold demonstrations against construction of companies which are viewed as heavy environmental pollutants (Arredy, 2014). Unethical conduct also attracts sanctions and hefty fines or penalties from the government and other relevant bodies.
It is absolutely necessary for businesses to design an ethics program, conduct training, and engage in compliance auditing. Ethics programs are meant to instill employees with sound decision making skills (Gonzalez-Padron, 2015). Many people are guided by personal morals and values. However, these play a minor role in helping the employee make the right decisions in the complex business environment. Employees find themselves in complex dilemmas involving the need to make decisions on hiring and dismissal, pollution control, pricing, advertising and other challenges. The little ethical knowledge they gained at school, church, and home may not provide them with a sufficient guideline on how to act when confronted with such issues. This necessitates creation of an ethics program.
An ethics program helps employees recognize ethical issues which arise in business (Usnick, L., & Usnick, R., 2013). Training enables the employees know how to solve such issues. Training also enables employees learn how they can cultivate ethical behavior within the business organization. Compliance auditing is important to a business organization since it helps to determine whether employees conform to certain processes or applicable rules. If the auditor detects laxity in employee conformance to rules or procedures established by the organization, the auditor may determine the course of action or put in place mechanisms to ensure employees comply. One of the roles of the auditors is to determine whether transactions or processes adhere to standards.
The following training plan is intended to create a general awareness among employees of the various security threats related to technology risks. The plan details the necessary standards of conduct and compliance to be achieved by all the employees.
The application of modern technology in every aspect of business organizations is inevitable in the current competitive global market. The use of modern technology enables firms to gain a competitive edge in the market. Currently, more businesses are adopting the use of technology in all areas of their business operations – from security, processing transactions, maintaining client files, and other confidential customer data. Data stored in digital format is easy to retrieve, update, search, transfer, erase, and takes less space. Nonetheless, the use of modern technology has exposed businesses to cyber attacks which results in losses worth millions of dollars. Statistics indicate that about 90% of the cyber attacks originate from employees (“ACA Group,” 2015).
Ethics and codes of conduct review
Employees should review the ethics and codes of conduct manual to increase their knowledge. Discussion will take place around the following key areas:
- Basics in the code of conduct
- Ethical behavior
- Fraud and misappropriation
- Conflicts of interest and ethical decision making
- Accountability in individual actions
- Reporting identified policy violations
- Impact of unethical decision making to the employees and the organization
Common technological risks
The following are the most common aspects of information technology risks that businesses are currently facing.
- Hacking – hacking is one of the most high risk technology risks. Cyber attacks conducted on businesses can cause immeasurable losses within days.
- Systems failure – This may occur in form of software failures, hardware problems and utility disruptions.
- Viruses and other malware programs, prevention and detection – employees play a critical role in malware detection and prevention. Irresponsible and careless use of the internet has been associated with cyber attacks.
- Data theft by staff and third parties – data theft by employees is also common in some institutions. Fraudulent company employees have in the past been associated with incidences of data loss. However with proper internal controls, these incidences can be minimized.
- New technological advancements which disrupt the existing business models – new technology advancements have disrupted business models which most businesses were familiar in. For instance, the rise of Uber has disrupted the traditional taxi model.
Malware and virus prevention
In this section, employees will watch videos of two other employees prowling the internet and discuss the following:
- How can employees differentiate e-mails from authentic senders and those from unknown sources?
- What are the dangers of clicking links and pop ups from unknown sources?
- What are the risks of using social media and online gaming sites to the organization?
- What are the risks of making downloads from the internet?
Best practices in the workplace
Employees will be trained on the best practices to adopt while using computers in the workplace.
- Importance and need for physical security measures
- Security of passwords
- Virus and spyware protection
- General computer use policy
Proactive responses to cyber attacks
The final phase of the plan will include detailed training on how employees ought to respond to suspected cyber attacks. Employees will be briefed on common hacking scenarios and the appropriate responses they should make in case of such incidences. This part will cover issues such as reporting, public relations, investigation, initial response and law enforcement.
Explain how the program will be implemented
Training must be carefully implemented so that the goals and objectives can be achieved. Training helps employees gain new knowledge or learn new ways of doing things. The first step in implementation will involve defining the goals and objectives to be achieved in a clear and concise manner. Objectives are derived from needs assessment. The next step is the implementation of the training program which takes into account the educational and experience level of employees. The best option in this case is short term training courses since employees are well educated and can easily grasp the new knowledge. Short term courses can be offered to employees at their workplaces by scheduling training programs preferably in early mornings.
A variety of techniques will be employed during training. Some training sessions will involve direct verbal interaction where employees will take notes. Visual stimuli will also be used in learning to make the program lively and interesting. Videos will be used to show employees how cyber criminals can gain access to computers remotely. Evaluations will be conducted during training though question and answer basis. This will enable the trainers to monitor the progress of employees. At the end of the training program, employees will be expected to sit for a written evaluation to gauge their overall understanding of the issues. At the end of the training, employees should demonstrate the skills learnt through safe use of digital gadgets in the office.
There are a number of considerations which must be in place prior to commencing the training program. These can be divided into institutional and individual considerations. The institutional considerations include systems capacity, supervisory capacity, structural capacity, availability of necessary facilities, and the amount of workload. Individual factors include performance of the employees and their availability for the training program. In addition to the above, relevant teaching materials must be available before teaching can commence. These materials include manuals and guides for both trainers and employees. Instructors conducting the training programs must have adequate knowledge in their respective teaching areas.
Availability of time must also be taken into consideration before training begins. Training should be conducted when employees have less workload at hand. It may not be wise to conduct training at a time when a business organization receives a great number of customers. In some cases, training can be scheduled during Saturdays when employees have less workload.
ACE Group, (2015). Emerging Risks Barometer 2015. Retrieved from http://www.acegroup.com/global-assets/documents/Europe-Corporate/Risk- Briefing/2015-07-07-Emerging-Risks-Barometer-final–PUBLISHED.pdf
Arredy, J. (2014). Police, Villagers Clash in Eastern China Over Waste Incinerator. The Wall Street Journal. http://www.wsj.com/news/articles/SB10001424052702303851804579555673333103480 ?mg=reno64-wsj
Gonzalez-Padron, T. (2015).Business ethics and social responsibility for managers[Electronic version]. Retrieved from https://content.ashford.edu/
Kakutani, M. (2010, April 26). The Attack Coming From Bytes, Not Bombs. The New York Times. http://www.nytimes.com/2010/04/27/books/27book.html?pagewanted=all&_r=0
Miller, R. L. R., & Jentz, G. A. (2010). Fundamentals of business law: Excerpted cases. Mason, OH: South-Western Cengage Learning.
Usnick, L., & Usnick, R. (2013) Compliance program auditing: The growing need to insure that compliance programs themselves comply. Southern Law Journal, 13(3), 1 – 327.