Behind the scenes

Taking stock of IT access and ethics.

Read time 6min 30sec
Ulandi Exner
Ulandi Exner

In this digital age, whenever a corporate scandal erupts, there's a good chance that somewhere in the chain of custody of information or functionality, an IT professional was involved or, at the very least, turned a blind eye. And while lawyers, accountants and CEOs are governed by professional standards, no such global standard exists for the IT profession.

In fact, while CIOs can come through the traditional route of studying computer engineering at university and then proceeding through a number of relevant jobs, they can just as easily be self-taught techies who were involved in startups and then made some clever career choices.

And because until now there has been no formalised professional structure underpinning the careers of IT professionals, it has been possible for them to behave in unethical ways with absolutely no fear of professional consequences.

"When VW hit the headlines a couple of months back for doctoring their emissions readings in the United States, you have to consider who is responsible," says Ulandi Exner, president of the Institute for IT Professionals South Africa (IITPSA). "Yes, it was the VW CEO who made this happen, but IT guys wrote the programme. The company to which the measurement was outsourced had to make it happen with the use of technology. Where were its ethics or professionalism?"

Global certification

The IITPSA has had a certification for a number of years, recognised by the South African Qualifications Authority (SAQA), to qualify the skills and experience of IT professionals. This year, after a long and arduous process with the International Federation for Information Processing, the institute has now had this certification accredited internationally as the IP3 (International Professional Practice Partnership) certification.

This global IP3 certification was established to lead the development of the global IT profession by providing a platform that will help shape and implement relevant policies to foster professionalism in IT around the world.

"Along with 80 other institutes around the world, the IITPSA is a member of IFIP," says Adrian Schofield, vice president of IITPSA and vice chair of IP3 Standards and Certification. "Professional members have put themselves under the spotlight and been through the rigour of achieving a certification of their level of competence, with a commitment to ethics, customer centricity and development."

This means that IT professionals can now obtain the IP3 certification through the IITPSA, included in the R880 annual professional membership fee. This gives professional standing to the certification holder, and recourse to clients, colleagues and associates if the holder acts unprofessionally or unethically.

A standard for all IT professionals

All professional members of the Institute of Information Technology Professionals South Africa (IITPSA) must be signatories to the institute's Code of Ethics. This code gives insights into the kinds of ethical and professional standards to which all IT professionals should be accountable. A member of the IITPSA will:
* Act at all times with integrity.
* Act with complete loyalty towards a client when entrusted with confidential information.
* Act with impartiality when purporting to give independent advice and must disclose any relevant interests.
* Accept full responsibility for any work undertaken and will construct and deliver that which has been agreed upon.
* Not engage in discriminatory practices in professional activities on any basis whatsoever.
* Not seek personal advantage to the detriment of the institute, and will actively seek to enhance the image of the institute.

Of course, no certification can guarantee that an individual will be ethical or professional. CEO culpability and accounting standards have done little to reduce the number of high-profile cases of corruption globally. But it does provide recourse for clients and members of the public who are affected by unethical or unprofessional acts.

"Those who want to be graded as ethical members will sign the code of conduct, and anyone who is found to have failed can be reported. If need be, they will be called in to a discovery process, which can go all the way to removing their membership from the institute," says Schofield.

While membership is by no means conditional for IT professionals or executives, he says that the IITPSA will be working on promoting the value of the certification in the next couple of years to strengthen the position of people who hold that membership.

Why it's vital

Professional certification, says Tshifilwa Ramuthaga, the CIO at the Financial Services Board, can only be a good thing. "Look at the number of failures in terms of IT projects, for example, and look at how much government spends on IT, and the solutions may not be effective because the vendor sold them something they don't need."

She stresses that some sort of channel for escalation or culpability is necessary. "Compare us to the auditing industry. They get reported if they're doing something that is wrong."

She echoes Exner's sentiments on global corporate scandals having necessitated the involvement of someone in IT. "If you look at major corporate failures, IT is right in the middle. Look at Enron. It can't be that the auditors cooked those books without the IT team knowing about it."

There are things we need to teach ourselves as IT professionals. We need to take an oath and define the standards of how we conduct ourselves.

Tshifilwa Ramuthaga, FSB

For this reason, she champions the cause of creating mechanisms to uphold IT professionalism. "IT is not as mature as other fields and is very disruptive so it requires a massive investment. How do boards and excos justify their huge IT investments if they don't have a standard of some sort against which they can measure delivery?"

She believes that establishing a framework for how IT professionals should conduct themselves could go a long way to protecting organisations against the risk they take when making these large investments.

The IP3 certification process

The IITPSA Professional membership Grade (which entitles the holder to use the SAQA-registered professional designation of 'PMIITPSA') is pitched at SFIA Level 5 (Skills Framework for the Information Age), and the assessment process is quite rigorous, with the candidate having to fulfil the following:
1 Have a three-year, full-time post-matriculation qualification with a high element of ICT content, or equivalent.
2 Have in the region of eight years of relevant, post-qualification working experience in the ICT profession, the preponderance of which, over at least the last three years, should have been at SFIA level 5 or higher.
3 Undergo a 'face-to-face' peer review ('interview') with at least two IITPSA peers (Professional Member/Fellow of the Institute).
The IITPSA grading system is based on a sliding scale of a mixture of qualifications and experience - so, the higher the NQF level and value of the qualifications presented, the lower the amount of relevant professional experience that is required. For example, if the candidate presents an MSc in Computer Science (or equivalent), then only a little more than six years' relevant post-qualification experience would be required.

"If you look at the whole digital disruption, it has become so intrusive, it's as if someone is looking at you and has the same level of access to information about you as a doctor does, but they haven't taken any kind of an oath. They can hack into your fridge, or come into your house from any angle, not because they are professional hackers, but because the technology is there. So there are things we need to teach ourselves as IT professionals. We need to take an oath and define the standards of how we conduct ourselves."

Optimistic effort

However, some IT professionals feel the time and effort involved in applying for this accreditation mean the industry is far from widespread adoption.

"Many of the larger IT departments I have worked with have reasonable certification options for IT staff, like ITIL and others," says Steven Sidley, a partner at Grey Hair Consulting. "But they are expensive and time-consuming, and only the most flush of departments can afford to give certification more than a sporadic and optimistic effort."

He points out that this doesn't necessarily mean that the uncertified are any less professional - or even that small, underresourced departments are less capable. He adds that the speed at which digital and low-cost cloud options are seducing business units is presenting a much bigger problem for certification standards.

"That speed is antithetical to the old, slow, creaky certification offerings, none of which would have much idea what to do with, say, a capability like Facebook's Parse."

But it is the very fact that the IT environment changes so rapidly that had led the IITPSA to establish the IP3 certification locally. "The IT landscape is changing; the way we do IT is changing. It's not just about keeping the lights on but, instead, has become an integral part of business and society. IT has an impact on everyone's lives, and we have to make sure it's a positive impact - that the negative side of IT is mitigated," says Exner.

This article was first published in the [March 2016] edition of ITWeb Brainstorm magazine. To read more, go to the Brainstorm website.

See also