Ethics

Ethical Employee Behavior Abstract Unethical employee behavior is becoming a serious problem for several organizations in the country. Unethical behaviors include a wide variety of different activities. One unethical behavior of employees could be related to the theft to disclosure of confidential information. Organizations should support ethical behaviors among employees and employers to avoid any type of communication problems and lawsuits from employees and customers who claim unethical behaviors. What is ethical for some individuals might be unethical for others. Code of ethics should be reinforced as values and the personal integrity of the employee. Honesty, loyalty, commitment and high quality of work are values which are expected from every single employee. One major example of unethical behavior in my present employment is about an employee who committed a Category I violation and received a 3-day suspension. Social Security Administration's Rules of Behavior extend to all personnel and any other persons accessing SSA Systems under formally established agreements. This includes contractor personnel as well as other external government agency users. The lack of ethics in business can not only damage the reputation and image of an organization, but it might cost its existence and failure of an organization. Therefore, employers need constantly to support the ethical conduct and behavior at work and employers should keep promoting social responsibility in order to resolve some ethical problems or business misconduct among employees. Social Security Administration’s main goal is to ensure that individual personal information remains secure and the public confidence is maintained in the agency. Social Security Administration reinforces the system security standards and procedures. Ethical Employee Behavior Unethical employee behavior is becoming a serious problem for several organizations in the country. Unethical behaviors include a wide variety of different activities. One unethical behavior of employees could be related to the theft to disclosure of confidential information. The impact of such behavior could include low productivity, scandals of fraud, lawsuits and fines. A decision making response to unethical employee behavior is to enhance random monitoring and searches as a part of fostering an ethical corporate culture. Organizations should support ethical behaviors among employees and employers to avoid any type of communication problems and lawsuits from employees and customers who claim unethical behaviors. It is important to note that what is ethical for some individuals might be unethical for others. Therefore, the rules of behavior are a very significant part of current employer which is the Social Security Administration and the Information Security Program.  They tell users and managers of Social Security Administration's Automated Information Systems (AIS) what is expected of them and how to conduct themselves while using these resources.  This way, it is easy to translate the requirements of Social Security Administration's Security Policy into daily activities. Social Security Administration's Rules of Behavior extend to all personnel and any other persons accessing SSA Systems under formally established agreements.  This includes contractor personnel as well as other external government agency users. Users and managers of Social Security Administration’s automated systems are required to follow the rules for using its systems. Employees who fail to safeguard personally identifiable information properly from theft, loss or inadvertent disclosure might be subject to disciplinary action. One major example of unethical behavior in my present employment is about an employee who committed a Category I violation and received a 3-day suspension. According to an audit report in the agency, after the suspension, Social Security Administration management was advised by a friend of the employee on two separate occasions that the employee was suspected of accessing the friend's personal information. Social Security Administration did not take any actions for these allegations and local law enforcement attempted to arrest the employee for a domestic dispute involving the friend. Social Security Administration informed the Office of Inspector General of the attempted arrest and it assisted the local law enforcement with the employee's arrest 5 days later. The arrest for the domestic dispute led to an investigation of systems security violations by Social Security Administration and the employee was given a 15 day Category IIA suspension. According to Social Security Administration’s monitoring of potential employee systems security violations (A-14-04-23004), the Office of the Inspector General Prevent and detect fraud, waste, and abuse in agency programs and operations. It reviews and makes recommendations regarding existing and proposed legislation and regulations relating to agency programs and operations. The OIG keeps the agency head and the Congress fully and currently informed of problems in agency programs and operations. Its main objective is to examine the processes that the Social Security Administration has in place to review potential employee systems security violations in a timely and proper manner and to limit Social Security Administration's exposure to employee misuse of its systems. Social Security stated in a March 2000 memorandum that it established a uniform set of Sanctions for Unauthorized Systems Access Violations (Sanctions) to secure the integrity and privacy of personal information contained in the agency's computer systems and to ensure that any violations of the confidentiality of its computer records are treated in a timely and proper manner. This memorandum advised Social Security employees of the categories of systems security violations and the minimum recommended sanctions. These sanctions pertain to all Social Security Administration employees who have access to computer systems containing personal data about workers, claimants, beneficiaries, SSA employees or other individuals. The OIG's efforts require assisting Social Security Administration in improving its security and integrity review process. For instance, this is an illustration of the Systems Security Violation Category and Sanction Category First Time Offense Sanction: Violation I is to unauthorized access without disclosure 2-day suspension, Violation IIA is connected to the disclosure of information to an individual entitled to the information 2-day suspension, Violation IIB is about the disclosure of information to an individual not entitled to the information 14-day suspension and Violation III would be given to employees who commit unauthorized access for personal gain or with malicious intent Removal. All employees are required to read and sign the Acknowledgment Statement indicating that they have read and understand the sanctions annually. The sanctions and the Acknowledgment Statement have both been incorporated into the Information Systems Security Handbook. The Handbook requires managers to conduct reviews on a daily, weekly or monthly basis depending on the type of review. The Conformance with the Integrity Response Process system generates various reports to assist and facilitate managers in performing timely reviews. Operations recently provided managers with CIRP training on the integrity review process and Social security Administration is working carefully to address employee systems security violations. There were several cases where an employee's illegal activities were not found for an extended period of time. These cases recommend that the CIRP reviews need to be conducted in a timely and appropriate manner. Therefore, any misconduct or unethical behavior should be addressed and reviewed in order to be corrected as soon as possible because the failure to refer these violations for further investigation to OIG undermine the its ability to deal appropriately with fraud and abuse. Ethical behavior in business might be affected by bribery and corruptions with some employees that commit improper actions. “An organization has many reasons for operating ethically, including avoiding fines and litigation, reducing damage to the firm’s reputation, protecting or increasing capital and shareholder value, direct and indirect cost control, creating a competitive advantage, and avoiding internal corruption. On the other hand, unethical behavior in organizations could result in a lower productivity among highly skilled employees” (Luftig and Ouellette, 2009, p 1). Employers should not allow unethical behavior to become a habit among employees. Any misconduct or unethical behavior should be addressed and reviewed in order to be corrected as soon as possible. The reputation of an organization could be seriously damaged permanently and it could stop the future growth of the business. If these violations are not reported in a timely manner, these individuals who committed serious violations might have escaped the investigation process and have avoided any removal or prosecution. However, these individuals might remain to work for Social Security Administration and they would keep committing more system abuses. In some cases, employees with criminal offenses were allowed to retire or resign before any sanctions were applied at that time, but criminal or civil penalties would have been applied to these individuals if an investigation had been conducted. The Audit Report from Social Security Administration cited that “the employees could be rehired by Social Security Administration since there is no permanent record showing the prior systems security violations; however, criminal and civil prosecution could avoid this outcome. Criminal and civil penalties could be used to provide a strong deterrent to future potential systems security violations” (2004). Indeed, the lack of ethics in business can not only damage the reputation and image of an organization, but it might cost its existence and failure of an organization. Therefore, employers need constantly to support the ethical conduct and behavior at work and employers should keep promoting social responsibility in order to resolve some ethical problems or business misconduct among employees. “By ethically resolving moral problems confronting the business, managers are better able to understand and classify their own moral beliefs and better equipped to develop a critical and reflective personal morality. Moral issues are treated not only as philosophical questions, but also as fundamentally important, practical, business questions for managers” (Cuizon, 2009, p. 9). Therefore, the reputation of an organization could be seriously damaged permanently and it could stop the future growth of the business. Code of ethics should be reinforced as values and the personal integrity of the employee. Honesty, loyalty, commitment and high quality of work are values which are expected from every single employee. The most essential management’s action is to teach the organization’s code of ethics and principles. Employers should not allow unethical behavior to become a habit among employees. Office of Management and Budget (OMB) Circular A-123, Management Accountability and Control states “management controls are the organization, policies, and procedures used to reasonably ensure that programs and resources are protected from waste, fraud, and mismanagement." Social Security Administration does not have an agency-wide centralized system or process to track employee systems security violations. Operations compile a cumulative report of all systems security violations since the Sanctions policy was initiated in 1998. This report does not include detailed information such as the names or Social Security numbers of the individuals sanctioned. According to the Agency's integrity review requirements, the appropriate security staff should be contacted for assistance after the reviewer determines that a potential violation exists. This report also found out the managers did not always contact the appropriate security staff upon discovery of potential security violations among employees. This report is a summary of reports provided by the different regional offices and the Operations components at Headquarters and it is used to analyze the systems violation sanction process. To verify the numbers in the report requires accessing the individual sanctioned case folders maintained at the 10 regional offices and Headquarters. Based on the previous violations that were committed by different employees in the agency, Social Security Administration was still unable to reconcile the cumulative report to the listings of systems security violation cases provided by the regional offices because of the lack of detailed information maintained in the report. The SSA audit report (2008) suggests that corrective action pertaining to this situation is to develop an agency-wide centralized system with the potential violation information included by the appropriate security staff. It might consider expanding the current reporting process used by Operations to the entire Agency and ensure that all necessary information is included. However, the responsibility to protect personally identifiable information applies at all times regardless of whether employees, contractors or personnel with this information are officially on duty or not on duty. This policy applies whether the individuals are on duty at their duty station, another official work location or alternate duty station. Anyone who is not on duty has still the responsibility to secure any personally identifiable information within their control. Employees are required to have locking the file cabinets or desk drawers for storage of confidential material at the alternate duty station. Employees are also required to ensure that all agency records are safeguarded and protected from theft and damage while being transported. According to the Star article, “a business must be effective in its use of company policy, confidentiality agreements, conflicts of interests and non-competition clauses in order to guard against a loss of confidential information. Furthermore, the issue of business and employee ethics must also not be overlooked by a company if it expects to have a workforce that will respect and adhere to its policies and procedures.” It is important to mention that policies and regulations in an organization are very essential during the job performance of the employees. Organizations should provide more ethics training to strengthen the employees' personal ethical behavior. Organizations should invest more resources to ethics training programs to help employees clarify their ethical perceptions and practice self-discipline when making ethical decisions in difficult situations. In addition, Social Security Administration’s main goal is to ensure that individual personal information remains confidential and secure and the public confidence is maintained in the agency. Social Security Administration reinforces the system security standards and procedures all the time. According to Wells & Gill (2007), “all employees who have access to proprietary information should sign nondisclosure agreements. It is easier to sue for breach of a nondisclosure agreement than it is to sue for theft of information. Non disclosure agreements afford companies legal options for the use of nonpublic information, not simply for information that is considered a trade secret” (p. 63). Employers need to reinforce the business’s morality and values and motivate their employees to do the right thing for the good of the organization. Ethics could be ignored during the part of decision making in a business, but employers should lead by example of motivation and loyalty to the organization and employees. Duties and responsibilities should be established as a way to embrace moral standards of behaviors and operating principles. Some employers might be able to reinforce the mission statement of the organization and express the great importance of a good reputation. References Anonymous. (2009). Leaking company secrets highly unethical. The Star. Retrieved December 21, 2009 from Proquest Database. Cuizon, G. (2009). What is business ethics' Ethical principles practice in business. Retrieved December 21, 2009 from http://businessmanagement.suite101.com/article.cfm/what-is-business-ethics Luftig , J. & Ouellette, Steven. (2009). The decline of ethical behavior in business. Quality digest. Retrieved December 21, 2009 from http://www.qualitydigest.com/ magazine/2009/may/article/decline-ethical-behavior-business. Office of the Inspector General. Audit Report. A-14-04-23004. Retrieved December 21, 2009 from http://www.ssaonline.us/oig/ADOBEPDF/audittxt/A-14-04-23004.htm SSA Internal Communication. (2006). Existing Rules of Behavior. Chief Information Officer Message. Retrieved December 21, 2009 from http://co.ba.ssa.gov/ocio/ documents/business Wells, J. T. & Gill, J. D. (2007). Assessing fraud and risk. Journal of Accountancy. 204 (4). p. 63. Retrieved December 21, 2009 from Proquest Database.