Professional Documents
Culture Documents
Ais m3
Ais m3
Ethics, Fraud, and Internal Control hardware and concerns about networks
connecting computers as well as computers
Ethical Issues in Business themselves.
• Ethical standards are derived from societal mores 3 Levels of Computer Ethics
and deep-rooted personal beliefs about issues of 1. Pop – exposure to stories about computer
right and wrong that are not universally agreed technology on popular media;
upon. 2. Para – having real interest in computer ethics;
• Ethics are the principles of conduct that acquiring skill and level in the field (e.g. for
individuals use in making choices that guide their systems professional and AIS students);
behaviour in situations involving the concepts of 3. Theoretical – for multidisciplinary researchers;
right and wrong. applying theories of other fields (e.g. philo, socio,
• Often, we confuse ethical issues with legal issues. psych) to computer science
• A new problem or just a new twist on an old
BUSINESS ETHICS problem?
• Business ethics involves answering two • Privacy
questions: o Privacy is full control of what and how
o How do managers decide what is right in much information about an individual is
conducting business? available to others and to whom it is
o Once recognized, how do managers available.
achieve what is right? • Ownership
• Making Ethical Decisions o The creation and maintenance of shared
o Businesses having conflicting databases make it necessary to protect
responsibilities to employees, people from the potential misuse of data.
shareholders, customers and the public. o It is the state or fact of exclusive rights
o Ethical responsibility is the and control over property, which may be
responsibility of organization managers an object, land/real estate, intellectual
to seek a balance between the risks and property, or some other kind of property.
benefits to their constituents that result
from their decisions. • Security (Accuracy and Confidentiality)
• PROPORTIONALITY - The benefit from a o Computer security is an attempt to
decision must outweigh the risks and no avoid such undesirable events as a loss
alternative should provide greater or same of confidentiality or data integrity.
benefit with less risk. • Ownership of Property
o What can an individual or organization
own?
• Equity in Access
o related to economic status, culture and
safety.
• Environmental Issues
o e.g. papers from trees
• Artificial Intelligence
o e.g. responsibility of decision making by
expert systems
• Unemployment and Displacement
o e.g. employers responsible in retraining
displaced employees due to
computerization?
• Misuse of Computers
o e.g. copying software, used personally
Distribution of Losses
IT APPLICATION CONTROLS
• are associated with applications.
BACKUP PROCESS IN BATCH SYSTEM USING Output controls are procedures to ensure output is not
DIRECT ACCESS FILES lost, misdirected or corrupted and that privacy is not
• Each record in a direct access file is assigned a violated.
unique disk location or address that is determined • Can cause disruption, financial loss and litigation.
by its primary key value.
• The destructive update approach leaves no Controlling Hard-Copy Output
backup copy of the original master file. It requires • OUTPUT SPOOLING: Spooling is directing an
a special recovery program if data is destroyed or application’s output to a magnetic disk file rather
corrupted. than to the printer directly because output data
in output devices can become backlogged
Destructive Update Approach (bottleneck). Proper access and backup
procedures must be in place to protect these
output (spool) files.
• PRINT PROGRAM CONTROLS should be designed
to prevent unauthorized copies and employee
browsing of sensitive data.
• SENSITIVE COMPUTER WASTE should be
shredded for protection.
• REPORT DISTRIBUTION must be controlled.*
• END-USER should examine reports for
correctness, report errors and maintain report
security.
Controlling Digital Output
• Can be directed to the user’s computer screen or
printer
• Threat: interception, disruption, destruction,
corruption of output message
• Two types: a) exposures from equipment failure,
b) exposures from subversive threats