Home / Resources / News and Trends / Newsletters / AtIsaca / 2022 / Volume 50 / Addressing Professional Ethical Dilemmas

Addressing Professional Ethical Dilemmas

Author: Sunil Bakshi, CISA, CRISC, CISM, CGEIT, CDPSE, AMIIB, MCA
Date Published: 14 December 2022

One evening around midnight, I observed a lone car waiting for a traffic signal to turn from red to green. There was not a single other driver, pedestrian or law enforcement officer watching, yet the driver of the car waited patiently for the signal to turn green. Though this is not an uncommon sight, I wondered about the thought process of the person driving.

An anecdote my grandfather once told me came to mind:

A sage told his disciple to take a pigeon and kill it where nobody would see him doing so. The disciple returned after few hours with the pigeon, which was still alive. The sage asked, “Did you not find a place where nobody could see you?” The disciple replied, “No, wherever I went, still I was there—and watching.” I believe that helps answer the question, “What are ethics?” The notion of ethics upholds the idea that it is possible for a person to monitor themselves and take responsibility for their own behavior.

The problem lies in determining which actions are considered ethical and which are unethical. Consider the driver waiting at the traffic signal. Would it be considered ethical if the person drove through while the signal was still red if they did so in an effort to bring an injured person to the hospital? The same act, which would normally be considered unethical, can be considered ethical under different circumstances.

Professional ethics are not so different from this example. Professionals are supposed to engage in ethical behaviors, but they are not immune to ethical dilemmas such as those described. There is a need to understand and determine which actions are ethical and which are unethical, since stakeholders prefer to do business with reputable enterprises that conduct themselves ethically. An ethical professional helps set the standard for others within the organization. Professionals have an opportunity to not only inspire others to do the right thing, but also to consider what kind of people they themselves want to be.

There are various ethical dilemmas that a professional may encounter. For example, should a salesperson disclose to a customer that there are possible issues with the product being sold? If so, the salesperson may be acting against business objectives to maximize the benefits to stakeholders and could therefore be considered unethical as an employee. 

To determine what to do in such a situation, it can be helpful to consider the example of a trauma center at a hospital that holds multiple injured people but only has 1 or 2 medical professionals. The medical staff need to treat critically injured people as a priority, which will require the less critically injured patients to wait. This analogy illustrates that when faced with such a situation, the most ethical behavior should be prioritized, similar to driving through the traffic stop light to take an injured person to the hospital. Hence, the rule here is to focus on higher ethics in the worst-case scenario.

Professionals must determine which ethics need to be considered top priorities. The following are 4 levels of priority of various professional ethics: 

  1. As a member of society, a professional’s first priority should be to ensure that their actions are focused on protecting society, the commonwealth and infrastructure. This principle adds contexts to the role of a whistleblower—drawing attention to unethical behavior at an organization. Actions that a member of society should take include:
    • Promote and preserve public trust and confidence.
    • Promote an understanding of information security.
    • Preserve and strengthen the integrity of public infrastructure.
    • Discourage unsafe practices.
  2. As an individual, the professional must adhere to basic qualities such as acting honorably, honestly, justly, responsibly and legally. Those qualities can be applied to professional actions and interactions such as:
    • Be truthful and transparent.
    • Honor contract terms.
    • Treat clients/constituents of the enterprise fairly and show respect.
    • Give prudent advice to clients/constituents.
    • Adhere to local laws.
  3. As a professional providing a service to an enterprise or other client, one must provide diligent and competent service in accordance with principles such as:
    • Preserve the value of an enterprise.
    • Respect the trust of the client/constituents to whom the service is being provided.
    • Avoid conflicts of interest and reject any applicable potential clients politely.
    • Offer only competency and qualified services.
  4. As a professional, one must focus on advancing and protecting the profession in ways such as these:
    • Sponsor professional advancement.
    • Avoid associations that will diminish the profession.
    • Take care not to injure others.
    • Maintain competence.

By prioritizing these issues in the order described, employees can better comply with workplace ethics. Professionals must build a reputation for themselves and the enterprises for which they work. Ethical behavior helps achieve a positive reputation.

Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP

Is a consultant and trainer in IT governance and information security.