Ethics and Conduct in Aligning IT & Business
by Matthew Burrows
"Do unto others as you would have them do unto you"
Set against the backdrop of current news stories regarding ethics and conduct, and prompted by some new activity as well as his recent experience with priSM and itSMF UK, Matthew Burrows shares some thoughts about its relevance to aligning IT Service Management with business goals.
Whilst the “do unto others” quote is taken from the bible, this, so called, “Golden Rule” is actually present in almost all religions. In 1993, the “Declaration Toward a Global Ethic” from the Parliament of the World’s Religions, stated that it is a common principle for many religions. You can certainly find variants of this in most of them, but it’s also found in humanism and many non-religious areas.
It's fairly common to hear words and phrases like ethics, code of conduct, conflict of interest, values, and standards. The news seems to be full of government officials accused of doing something they shouldn't, whether claiming expenses or benefiting personally from official business. The corporate world seems little better, with people in the most senior positions leaving under a cloud of unreasonable behaviour, and some spectacular and devastating failures.
Many organisations around the world have been required to adhere to new legislation such as Sarbanes Oxley (SOX) or a Bribery & Corruption Act. It is now very common for professional bodies and membership organisations to have codes of ethics and standards of conduct, usually enforced by process and committee. Individual investors sometimes choose ethical investment funds, accepting that they have historically produced lower returns.
Is it important?
Those who lost out in cases such as Enron, where it has been suggested that the board should not have waived conflict of interest provisions, would probably feel that ethics and conduct are important. There is talk of poor organisational culture, bullying, lying, miss-selling, and more. I've noticed an increase in the mention of ethics and codes of conduct, and how they are intended to protect employers, managers, customers, the general public, and the environment.
The Institute of Business Ethics (IBE) www.ibe.org.uk was established in 1986 to encourage high standards of business behaviour based on ethical values. Corporate subscribers to IBE include a long list of well-known companies, including many associated with itSMF, and some mentioned in this article. Within their publically available literature, they provide some excellent guidance.
"A code of ethics (or similar title), main purpose is to provide guidance to staff. Unlike a code of conduct which is generally "do this or else” in tone, a code of ethics will usually be predominantly aspirational and supportive. The code illustrates how a company's values translate into concrete policies, procedures and standards."
Many organisations publish their ethics policy, and often include business values and behaviours in job descriptions and induction activity. These talk about commitment to stakeholders (inside and outside of the organisation), and go much further than mere compliance with regulations and the law. They define monitoring procedures and committees set up to govern them, as well as the acceptable behaviour which, if breached, can lead to disciplinary action and dismissal.
A code of ethics is designed to promote mutual respect and integrity, trust, and responsibility. The benefits can include greater customer and employee satisfaction, and a reduction in unacceptable behaviour such as bullying, harassment and violence – usually leading to risk reduction, efficiency improvement and cost benefits. It is often considered a sign of maturity and professionalism, and is considered by many to be a good and essential practice.
Do we have a problem?
In the Enron example, one criticism was that the Ethics industry didn’t aggressively push for the active participation of executives and directors in ethics and compliance activity. At the time of writing, we have people in the UK giving evidence to a judge-led inquiry into media culture, practices and ethics, following phone tapping allegations which seem to go far beyond a couple of rogue individuals. Medical ethics, the behaviour of some church officials surrounding child abuse claims, the euthanasia debate, the list goes on. Many companies experience issues and create policies regarding employee behaviour, including bullying, acceptable use of IT, data protection, diversity, alcohol abuse, equal opportunities, security, whistleblowing, travel and entertainment. Bribery, insider dealing, fraud, competition law, political contributions, and corporate social responsibility, are all words and phrases that we hear regularly in the news.
Within the IT world, there are discussions around Sustainability and Green IT, which often include conversation about balancing ethics and profitability. Many service providers, whether outsourcers, managed service providers, companies delivering government IT projects, consultants, trainers or others, are suffering from reduced credibility and questions about the quality of their work. There is distrust of many in the IT Service Management area too, with tools vendors being accused of pretending to share best practices whilst really just delivering sales pitch. Consultancy organisations are accused of maximising the number of days or the scope of work to get the most money out of the customer, rather than doing what is right for that customer. Even if many of these examples can be challenged and proved incorrect, perception is important, particularly when we need to be able to trust those we work with, deliver to, and reply on.
Pete McGarahan and Ric Mims made some excellent points in their BSMReview article "The Essence of Professionalism: Will it make a difference in your IT career?” This included an observation that IT professionals used to take pride in being "oddball" and different from the rest of the business. They note that things have changed, and that this is for the better - requiring the need to "bring professionalism to the forefront of the IT makeover". Many of us recognise the need to demonstrate the business value of what we do, particularly when there are survival threats from multiple angles. Our attitude needs to be different in many ways, and our behaviour must demonstrate that attitude to our colleagues and customers, in the way we communicate, and be embedded in the culture of our organisation. McGarahan and Mims talk about the need for higher standards in how we relate to others, and how vital this is in the struggle to "bridge the gap of respect and credibility with the business", and "building meaningful relationships based on professionalism and a common pursuit of doing what’s best for the business to create value".
What are we doing to address these issues?
Many organisations already have an approach to this problem; others are starting to think about it. Within companies, an effective ethics programme is likely to include policy and values which the organisation takes action to embed into their organisational culture, covering the entire workforce and all activity. The Code of Ethics and Conduct, or whatever name is used, gives guidance for staff on the expected standards of professionalism and the business principles the organisation has adopted. There is usually a defined communications and engagement approach to ensure individuals understand what is happening and why. Training is typically included in induction activity for new starters, and reinforced for existing employees. There will also be process, procedures, guidelines and advice, along with a monitoring mechanism and some governance – usually including roles with defined accountability and responsibility.
In membership organisations, professional associations, or credentialing schemes, there may be very similar structures, although the focus tends to be at point of application and renewal, to ensure that individuals understand the requirement to abide by the code – and the consequences of breach.
A Code of Ethics will not stop all breaches and unacceptable behaviour, but it can reduce the risk. There are many examples of organisations, including several in and around our community, who have taken steps to address these issues. These include the following:
BCS, the Chartered Institute for IT (www.bcs.org), has a Code of Conduct, and an Ethics Group which reports to the BCS Professionalism Board. Their code covers several areas, including promoting awareness and engagement with the ethical issues for society from IT, public interest, professional competence and integrity. It includes a requirement to only do that which is within an individual's professional competence, and not to claim any level of competence that they do not possess. It explains the duty to the profession, including upholding reputation, acting with integrity and respect, and encouraging the professional development of others.
The APM Group (www.apmggroupltd.com), have a code, and an independent Ethics and Standards Board, which they set up in 2006 to "ensure the highest ethical standards in its operations and dealings with accredited examiners, trainers and consultants, contracts, suppliers, the community and all its other stakeholders". The independent board members, who are not involved in the operational side of the business, help to safeguard impartiality and provide objectivity. Their website states that "The Board is free to investigate anything we do and to speak to anyone employed by APM Group, to ensure that we actually do and deliver what we say we will".
PMI, the Project Management Institute (www.pmi.org) has a Code of Ethics and Professional Conduct. The Institute of Consulting (www.iconsulting.org.uk) and the Chartered Management Institute (www.managers.org.uk) have a Code of Professional Conduct and Practice. Some readers will be covered by several of these, or maybe similar codes from ISACA (www.isaca.org) or others.
SFIA®, the Skills Framework for the Information Age, contains several references to Professional Standards in version 5 (released in December 2011). Professional Standards are mentioned in a few SFIA® skills, including this reference within the highest level of responsibility (level 7) for the Information Management skill in the Strategy & Architecture category: "Directs information resources, to create value for the stakeholders by improving the performance of the organisation, whilst maintaining the principles of professional standards, accountability, openness, equality and diversity and clarity of purpose."
What’s happening in IT Service Management?
itSMF have a Code of Ethics and Standards of Conduct, rolled out globally by itSMF International to the chapters, which all members are required to abide by.
Every itSMF UK Management Board meeting includes a standard agenda item, which is to declare any potential conflicts of interest.
In 2007, itSMF USA put in place a code of ethics, created an Ethics Committee, and established a clear process. Doug Tedder, Governance Chair and President-Elect for itSMF USA, said “One of the primary drivers behind instituting the code of conduct and starting an ethics review board was to help drive professionalism and ensure honesty in our interactions with one another. We also wanted to ensure that no single individual could unduly influence the itSMF through unethical means. It is very critical in setting up the ethics board that its members understand and adhere to a standard of strict confidentiality, as well as identify and recuse themselves if they feel even the slightest bit of a conflict of interest. From the itSMF USA board of directors perspective, it is critical that we allow the ethics board to do their job—in other words, forward any issues regarding potential code of conduct violations to the ethics board for resolution and not try to resolve such situations at the board of directors.”
priSM® (www.theprisminstitute.org), the credentialing scheme for Professional Recognition in IT Service Management, promotes professionalism. Upon application for a priSM® credential, applicants are required to sign up to the itSMF codes mentioned above. Credential Holders are subject to disciplinary action if found to have breached these - typically this would include the credential being taken away. The new mentoring scheme utilises additional ethical guidance for coaching and mentoring activity.
The Business Relationship Management section of the Service Strategy book within ITIL® 2011 Edition includes guidance on conflict of interest.
Within the ISO/IEC20000 certification scheme, there is a rule that the Registered Certification Bodies (RCBs), who perform audits for an organisation, cannot provide them with consultancy. This is to avoid a potential conflict of interest, and demonstrate the independence of the auditor.
Although details are kept strictly confidential, investigations do take place, individuals sometimes have membership refused or credential applications turned down for ethical and conduct reasons.
What can we do next?
We all need to make our own decisions on whether we want to act ethically, and there may be some debate about acceptable conduct. I'm confident that the majority of people I know in our community will see ethics, conduct and professionalism as important - I see it demonstrated regularly, but unfortunately not by all. If we believe in these professional values, we should do the following:
- Read the itSMF Code of Ethics and Standards of Conduct
- and any other codes we’re covered by, from employers or other organisations
- Think about how we would like to be treated
- Apply those thoughts and the requirements of the code to our own behaviour
If we see behaviour in others that we believe is below standard, we should follow defined procedures from our organisations, or the organisation whose code covers the unacceptable behaviour. This should tell us how to record our concerns, and the process which will be followed. Some procedures will encourage direct discussion with the individual to explain our concerns and give them a chance to resolve the issue. In some circumstances this may not be practical, we may feel uncomfortable, or it may not be part of the suggested procedure.
Conclusion and comments
I believe that the majority of people within this industry try to act professionally and ethically, they want to do a good job, and they try to treat others with respect. Well-designed codes and procedures are there to keep us all honest, protect others, minimize the risks, and provide a mechanism if things do actually go wrong. At times, we may need to raise ethical issues, refuse to deal with certain companies or individuals, and turn down offers which we consider to be inappropriate – even though there may be a negative commercial impact for us and our organisations. We shouldn’t have any fear or reluctance to act ethically and accept professional standards of conduct.
Sometimes people make genuine mistakes, and they may just need some guidance and encouragement. Generally, I find that if it is pointed out sensitively, and is a genuine oversight or an unusual behaviour for them, they will take the observation in the right spirit and do something about it. I've done this recently with boards and committees who have unintentionally failed to spot potential conflicts of interest; and with individuals who I feel have treated others inappropriately. It's natural to feel uncomfortable about it, but I've found it to be positive for those involved, and I believe it helps drive greater professionalism in our industry.
Conflict of interest should be taken very seriously, with all interests and potential conflicts declared openly. Sometime it requires temporary removal from a debate or decision. If in any doubt, we should always raise a potential item, be completely open about it, as this will enable better-informed decision making.
My personal involvement in this space has included my activity with the Institute of Service Management, the development of the priSM® credentialing program, and my on-going duties as part of the itSMF UK Management Board. At time of writing I have just accepted appointment to the independent Ethics and Standards Board overseeing activity at APM Group. Within my own company, BSMimpact, we require adherence to a code of ethics – many staff, including myself, are obliged to abide by several, due to various company and individual memberships and credentials.
I feel that ethics and conduct are important, and should be demonstrated through our dealings with others. We should understand our obligations under any codes which may cover us. We should encourage positive and appropriate behaviour in others. We might want to consider publishing details of the codes of ethics and conduct that we abide by; after all it is a positive message that we take professionalism seriously. Experience shows that there are positive business benefit, including staff and customer satisfaction, trust and respect. Embracing ethics and professionalism should be a positive marketing message, and therefore be of value to us, our organisations and our customers.
If you are interested in learning more about ethics, or setting up a code for your organisation, there is information and training available. The Institute of Business Ethics (IBE) www.ibe.org.uk provides resources on-line, which includes guidance on developing a code of business ethics. They also offer training, including a course called “Understanding Business Ethics”.
Think about how you would like to be treated.
Matthew Burrows is Managing Director of BSMimpact, Lead for the priSM® Global Advisory Committee, and a member of the itSMF UK Management Board and the SFIA® Council.
Adherence to itSMF Member Code of Ethics
The Mission of itSMFI is to harness global resources to strengthen IT Service Management as a management discipline, to support its growth into new markets, to direct its expansion into new areas and to protect its integrity.
The Vision of itSMFI as a global community is to be the leading authority for IT Service Management (ITSM) worldwide.
To achieve our mission and vision, itSMFI has established a Code of Ethics whose intent and purpose is to define and clarify the ethical responsibilities for members of the organization.
The Code of Ethics provides the aspirational statements for all members. The Standards of Conduct provide additional detail regarding specific principles that all members are expected to adhere to and are subject to disciplinary action.
CODE OF ETHICS
- I will act in a manner that will allow me to adhere to the Standards of Conduct
- I will cooperate with my fellow itSMF members and treat them with respect at all times
- I will be honest in all my professional relationships
- I will promote the understanding of IT Service Management principles
- I will report any unethical or illegal activities to the appropriate management
- I will not maintain a personal interest in an organization that places my personal interest above those of the itSMF organization
STANDARDS OF CONDUCT
- I will use my skill and knowledge to educate fellow members in the areas of my expertise
- I will continually strive to increase the recognition and respect of the itSMF organization
- I will comply with all applicable laws
- I will avoid conflicts of interest in my activities within the organization
- I will not violate the privacy of information entrusted to me
- I will support the itSMFI position of being vendor neutral
Members who volunteer for committees, boards, and other leadership activity, are required to adhere to the Leader Code of Ethics and Standards of Conduct. In addition to the requirements in the member code, the following standards of conduct also apply:
- I will not use confidential knowledge gained through my position for my personal gain
- I will have full and accurate information so to be informed prior to making decisions impacting the organization
- I will make decisions for the organization that are consistent with the mission, goals, governance documents and in the best interests of the membership
- I will take all reports of unethical or illegal behavior seriously and ensure that they are fully investigated and appropriate actions taken
- I will not exercise the power of my position to influence decisions or actions of the organization that will result in my personal gain
- I will disclose all potential conflicts of interest in my role as a leader of the itSMF organization
- I will be accountable for all my actions fulfilling my role as a leader in the organization
- At all times I will perform my duties with respect for the law and the organization and strive to better the organization
- I will not accept gifts, hospitality or any benefit other than those that are practical and of modest value in my role as a leader in the itSMF organization
- I will not misuse the authority entrusted to me
- I will act solely in the interests of the organization without regard for personal interests
Matthew Burrows is an acknowledged best practice expert and a regular contributor to publications and events, providing thought leadership on industry committees and working groups. He was involved at the very beginning of BSM through his presentations at BMC launch events. These customer case studies of BSM programs he was responsible for managing, demonstrated that BSM was real and delivering tangible business benefits. In his day job, Matthew is the Managing Director and an active consultant/practitioner at BSMimpact, a niche consultancy that works with organizations to deliver successful transformation and maximize the value of a Business Service Management approach. The company's impressive client list includes O2, British Airways, IBM, HP/Compaq, Centrica (British Gas), Vodafone, BMC, BT, Unilever, Virgin Mobile, and more. In addition to his fellowships with RSA and the priSM Institute, Matthew is a member of the itSMF UK Management Board, lead for the Global priSM Advisory Committee, and a member of the SFIA Council. He is passionate about sharing knowledge and supporting the continual professional development of others.
Register for our monthly newsletter