Behind the scenes
Taking stock of IT access and ethics.
In this digital age, whenever a corporate scandal erupts, there's a good chance that somewhere in the chain of custody of information or functionality, an IT professional was involved or, at the very least, turned a blind eye. And while lawyers, accountants and CEOs are governed by professional standards, no such global standard exists for the IT profession.
In fact, while CIOs can come through the traditional route of studying computer engineering at university and then proceeding through a number of relevant jobs, they can just as easily be self-taught techies who were involved in startups and then made some clever career choices.
And because until now there has been no formalised professional structure underpinning the careers of IT professionals, it has been possible for them to behave in unethical ways with absolutely no fear of professional consequences.
"When VW hit the headlines a couple of months back for doctoring their emissions readings in the United States, you have to consider who is responsible," says Ulandi Exner, president of the Institute for IT Professionals South Africa (IITPSA). "Yes, it was the VW CEO who made this happen, but IT guys wrote the programme. The company to which the measurement was outsourced had to make it happen with the use of technology. Where were its ethics or professionalism?"
The IITPSA has had a certification for a number of years, recognised by the South African Qualifications Authority (SAQA), to qualify the skills and experience of IT professionals. This year, after a long and arduous process with the International Federation for Information Processing, the institute has now had this certification accredited internationally as the IP3 (International Professional Practice Partnership) certification.
This global IP3 certification was established to lead the development of the global IT profession by providing a platform that will help shape and implement relevant policies to foster professionalism in IT around the world.
"Along with 80 other institutes around the world, the IITPSA is a member of IFIP," says Adrian Schofield, vice president of IITPSA and vice chair of IP3 Standards and Certification. "Professional members have put themselves under the spotlight and been through the rigour of achieving a certification of their level of competence, with a commitment to ethics, customer centricity and development."
This means that IT professionals can now obtain the IP3 certification through the IITPSA, included in the R880 annual professional membership fee. This gives professional standing to the certification holder, and recourse to clients, colleagues and associates if the holder acts unprofessionally or unethically.
Of course, no certification can guarantee that an individual will be ethical or professional. CEO culpability and accounting standards have done little to reduce the number of high-profile cases of corruption globally. But it does provide recourse for clients and members of the public who are affected by unethical or unprofessional acts.
"Those who want to be graded as ethical members will sign the code of conduct, and anyone who is found to have failed can be reported. If need be, they will be called in to a discovery process, which can go all the way to removing their membership from the institute," says Schofield.
While membership is by no means conditional for IT professionals or executives, he says that the IITPSA will be working on promoting the value of the certification in the next couple of years to strengthen the position of people who hold that membership.
Why it's vital
Professional certification, says Tshifilwa Ramuthaga, the CIO at the Financial Services Board, can only be a good thing. "Look at the number of failures in terms of IT projects, for example, and look at how much government spends on IT, and the solutions may not be effective because the vendor sold them something they don't need."
She stresses that some sort of channel for escalation or culpability is necessary. "Compare us to the auditing industry. They get reported if they're doing something that is wrong."
She echoes Exner's sentiments on global corporate scandals having necessitated the involvement of someone in IT. "If you look at major corporate failures, IT is right in the middle. Look at Enron. It can't be that the auditors cooked those books without the IT team knowing about it."
There are things we need to teach ourselves as IT professionals. We need to take an oath and define the standards of how we conduct ourselves.Tshifilwa Ramuthaga, FSB
For this reason, she champions the cause of creating mechanisms to uphold IT professionalism. "IT is not as mature as other fields and is very disruptive so it requires a massive investment. How do boards and excos justify their huge IT investments if they don't have a standard of some sort against which they can measure delivery?"
She believes that establishing a framework for how IT professionals should conduct themselves could go a long way to protecting organisations against the risk they take when making these large investments.
"If you look at the whole digital disruption, it has become so intrusive, it's as if someone is looking at you and has the same level of access to information about you as a doctor does, but they haven't taken any kind of an oath. They can hack into your fridge, or come into your house from any angle, not because they are professional hackers, but because the technology is there. So there are things we need to teach ourselves as IT professionals. We need to take an oath and define the standards of how we conduct ourselves."
However, some IT professionals feel the time and effort involved in applying for this accreditation mean the industry is far from widespread adoption.
"Many of the larger IT departments I have worked with have reasonable certification options for IT staff, like ITIL and others," says Steven Sidley, a partner at Grey Hair Consulting. "But they are expensive and time-consuming, and only the most flush of departments can afford to give certification more than a sporadic and optimistic effort."
He points out that this doesn't necessarily mean that the uncertified are any less professional - or even that small, underresourced departments are less capable. He adds that the speed at which digital and low-cost cloud options are seducing business units is presenting a much bigger problem for certification standards.
"That speed is antithetical to the old, slow, creaky certification offerings, none of which would have much idea what to do with, say, a capability like Facebook's Parse."
But it is the very fact that the IT environment changes so rapidly that had led the IITPSA to establish the IP3 certification locally. "The IT landscape is changing; the way we do IT is changing. It's not just about keeping the lights on but, instead, has become an integral part of business and society. IT has an impact on everyone's lives, and we have to make sure it's a positive impact - that the negative side of IT is mitigated," says Exner.
This article was first published in the [March 2016] edition of ITWeb Brainstorm magazine. To read more, go to the Brainstorm website.