ERP and Ethics - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

ERP and Ethics

Description:

Review key ethical issues associated with Information Technology ... Physical access includes network closets or switch rooms and access to PCs. All must be secure. ... – PowerPoint PPT presentation

Number of Views:378
Avg rating:3.0/5.0
Slides: 25
Provided by: valu84
Category:
Tags: erp | closets | ethics

less

Transcript and Presenter's Notes

Title: ERP and Ethics


1
ERP and Ethics
2
Objectives
  • Review key ethical issues associated with
    Information Technology
  • Discuss ethical issues specific to ERP
    implementations
  • Outline the need for appropriate security

3
Social and Ethical Issues
  • In the past, so-called white collar crimes were
    treated with a slap on the wrist and fines to
    restore any damage done
  • Industrial societies have become much less
    tolerant of financial, accounting, and computer
    crimes
  • Enron
  • WorldCom
  • Managers and employees must make judgments about
    what constitutes legal and ethical conduct
  • Information systems becoming more important and
    pervasive in society
  • The Internet
  • ERP systems

4
Ethics a definition
  • Principles of right and wrong that can be used by
    individuals acting as free moral agents to make
    choices to guide their behavior

5
Technology The Ripple in the Pond
  • Society develops norms, rules to guide how
    society operates
  • Individuals know how to behave society has
    balance
  • New Technology can upset balance takes time for
    society to react
  • Internet
  • Enterprise Systems

6
Technology Trends Raise Ethical Issues
  • Computing power doubles every 18 months
  • Declining costs of data storage
  • Data mining advances
  • Networking advances the Internet
  • Acxiom Infobase

7
Ethical Framework
  • Additional
  • System Quality
  • Accountability and Control
  • Quality of Life

8
Ethical Principles - Privacy
  • The need to ensure that information is subject to
    appropriate safeguards
  • Ensuring that no private data can be made
    available to the public.
  • Any organization that collects personal
    information must follow a process on how this
    information is collected, used, and shared.
  • Other problems are hacking, snooping, and virus
    attacks on the system, which also violate the
    privacy rights of individuals.
  • Biggest threat to privacy from ERP systems is
    from data-mining activities.

9
Ethical Principles - Accuracy
  • Requires organizations that collect and store
    data on consumers to have a responsibility in
    ensuring the accuracy of this data.
  • Protect an individual or consumer from negligent
    errors and prevent intentional manipulation of
    data by organizations.
  • Certain laws require information providers to
    report under guidelines.
  • They must provide complete and accurate
    information to the credit rating agencies.
  • The duty to investigate disputed information from
    consumers falls on them.
  • They must inform consumers about negative
    information that has been or is about to be
    placed on a consumers credit report within 30
    days.

10
Ethical Principles - Property
  • Makes organizations realize that they are not the
    ultimate owners of the information collected on
    individuals.
  • Consumers give organizations their information on
    a condition that they will be guardians of this
    property and will use it according to the
    permission granted to them.
  • Organizations must explicitly state how they will
    use collected information
  • http//www.ibm.com/privacy/us/en/
  • ERP systems facilitate the process of sharing
    information easily by integrating information
    within the organization and across organizations.
  • If implemented without proper controls, ERP can
    make it hard to safeguard information.

11
Ethical Principles Accessibility
  • ERP implementation teams must ensure that
    information stored in the databases about
    employees, customers, and other partners is
    accessible only to those who have the right to
    see and use this information.
  • Adequate security and controls must be in place
    within the ERP system to prevent unauthorized
    access.
  • Hacking, snooping, and other fraudulent access to
    data is a big concern to organizations.

12
Ethical Issues System Quality
  • Organizations must ensure that software is free
    from serious bugs that might have negative impact
    on stakeholders
  • What are the standards for data and system
    quality
  • Testing software, bugs who is responsible if a
    bug causes a problem? (Sobeys SAP)

13
Ethical Issues Quality of Life
  • How do we ensure that Information Systems do not
    degrade peoples quality of life?
  • Computing anywhere, any time (work/family/leisure)
  • Computer crime new technology, new ways to
    steal
  • Lay offs..

14
Ethical Issues - Accountability
  • Who should be held accountable and liable when
    individuals are harmed by technology?

15
GARAGE case
  • All What are the ethical issues confronting
    GARAGE? Consider Privacy, accuracy, access,
    property rights, system quality, QOL, and
    Accountability
  • (My) left side of room
  • GARAGE has responsibility for products sold
    through its site
  • (My) right side of room
  • GARAGE has no responsibility for products sold
    through its site

16
Code of Ethics for ERP
  • There are three normative theories of ethical
    behavior that can be used by organizations to
    influence the ERP implementation.
  • Stockholder Theory. Protects the interest of the
    investors or owners of the company at all costs.
  • Stakeholder Theory. Protects the interests of
    everyone having a stake in the company success
    namely, owners and stockholders, employees,
    customers, vendors, and other partners.
  • Social Contract Theory. Includes the right of
    society and social well-being before the interest
    of the stakeholders or company owners.

17
Code of Ethics for ERP (Examples)
  • Protect the interest of our customers first
  • Advise customers regarding use of information
  • Explicit permission must be obtained from
    customers before data can be shared with any
    outside party
  • Collect only information that is needed
  • Privacy decisions are made free of any outside
    influence.
  • Every reasonable effort will be made to protect
    the privacy and security of information
  • Company makes prompt, complete corrections of
    errors.
  • Company will regularly review processes and
    policies for data privacy and security. There
    will always be a senior executive accountable for
    security and privacy.

18
Security
  • Supply chain or eCommerce environments within the
    ERP are exposed to the intricacies of the
    Internet world.
  • As ERP systems are implemented, they become
    exposed to the good and bad of the Internet.
  • Securing an ERP system is complex and requires
    both good technical skills and communication and
    awareness.

19
Security (Contd)
  • User ID and Passwords
  • Current trend is to provide access to systems
    through an ID Management system.
  • Physical Hardware Security
  • Physical access includes network closets or
    switch rooms and access to PCs. All must be
    secure.
  • Network Security
  • Most companies implement some form of
    firewall(s), virus controls, and network or
    server, or both, intrusion detection to safeguard
    the networked environment.
  • Intrusion Detection
  • Real-time monitoring of anomalies in and misuse
    of network and server activities will assist in
    spotting intrusions and safeguarding systems from
    inappropriate access.

20
Security (Contd)
  • Encryption
  • Encryption involves using a key, usually a very
    long prime number that is difficult to guess or
    program, to scramble at one end and unscramble at
    the other end.
  • In todays Web-based Internet applications, data
    encryption is highly desirable.
  • Customers and users are sending and storing
    confidential data (e.g., credit card numbers and
    social security numbers) over the network.
  • Sensitive data on laptop hard drives or PDA
    storage should be encrypted for security purposes.

21
Security (Contd)
  • Awareness
  • Ensure that users are aware of security risks.
  • Enforce policies and procedures related to
    access.
  • Security Monitoring and Assessment
  • A good security plan will also detail how to
    provide for constant assessments of security.
  • A periodic review of who has access, what they
    have access to, and how often they are accessing
    the system.

22
Sarbanes-Oxley Act
  • Sponsored by U.S. Senator Paul Sarbanes and U.S.
    Representative Michael Oxley, represents the
    biggest change to federal securities laws in a
    long time.
  • Came as a result of the large corporate financial
    scandals involving Enron, WorldCom, Global
    Crossing, and Arthur Andersen.
  • Discusses the necessity for clear responsibility
    in IT systems, as well as for maintaining an
    adequate internal control structure and
    procedures for financial reporting.

23
SOX Impact on Privacy and Security
  • Audits are done to a companys ERP systems to
    test privacy and security levels.
  • Major areas of privacy include access to the
    system, user ID and verification, evaluating
    configurations relating to business processes,
    change management, and interfaces.
  • Users should have IDs, passwords, and access
    controls.

24
SOX Impact on Privacy and Security (Contd)
  • Users should not be able to change financial
    information, personnel information, vendor
    information.
  • Check how easily changes or modifications can be
    made.
Write a Comment
User Comments (0)
About PowerShow.com