30 questions to get your digital ethics governance right the first time
- Posted on February 18, 2020
- Estimated reading time 4 minutes
The subject of digital ethics is getting its long-awaited time in the spotlight. In response to concerns about privacy, surveillance, cyberbullying, discrimination, misinformation, and a host of other issues, developers and users alike are advocating for a serious turn toward ethical responsibility.
For the past several years, Avanade has been developing capabilities and guiding principles for digital ethics to effectively embed this responsibility into technology development and adoption. We invested in a cross-function digital ethics steering committee and recently hired a global lead for digital ethics. The aim is to make sure our employees practice good ethical principles when building and interacting with technology, and we are bringing this perspective to our clients to help them establish good practices as well.
While digital ethics will be on every boardroom agenda soon, it’s not enough for companies to have the best intentions. Taking action means establishing guiding principles, creating playbooks, providing training, and engaging in public discussion. Above all, this means establishing a governance model and body within your company. Governance is key to addressing ethical questions consistently across any heterogenous organization.
Digital ethics governance should reflect your organization
You won’t find an industry standard that explains how best to instill digital ethics. You’ll have to build a program on the foundation of culture, structure, and governance that already exists in your organization. Avanade has identified a number of effective governance models, including options for different types of governing body, authority of such a body, decision criteria, policy regime, and audit rights. Below you’ll find 30 questions in 6 focus areas that will help you structure a model that would work best for you.
1) General details about the company set the proper context. Because digital ethics practices should be a reflection of how your organization operates, take stock of basic characteristics first:
- What are the core values of your organization?
- How important is public opinion of your organization?
- How are issues usually identified, escalated, and resolved within your organization?
- Who or what structure is best suited to set a tone of good digital ethics?
- What is your organization’s appetite for risks related to digital ethics?
2) The structure of your governance body will determine its influence. Some organizations have a single IT organization with centralized oversight, others have technology projects distributed across many functions and teams. It’s important to ask how your governance body should align to the rest of your organization:
- Should digital ethics issues be handled internally or by external subject-matter experts?
- To whom does this role/body report? (e.g., executive committee, audit committee, board of directors)
- Can you leverage existing structures for identifying, escalating and resolving digital ethics issues?
- Who determines the ethical boundaries of the organization? How?
- How do you assure a governing body with sufficiently diverse expertise and background?
3) The authority for digital ethics decisions will have to prioritize their involvement. Ultimately, your goal is to have employees at all levels of the organization make more responsible decisions as they work to meet their business objectives. To accomplish this, you’ll have to be clear about when they should get governance authorities involved:
- What degree of authority should your digital ethics governance body have?
- How does your organization enable employees to address or escalate ethical issues?
- Are there certain issues that require mandatory consultation with the governance body?
- Should your organization have an ethics impact assessment for certain opportunities?
- What accountabilities and responsibilities lie in different functions of the organization?
4) Guidance on decision criteria will help enforce responsibility without detriment to performance. Some ethical decisions will be more straightforward than others. When an individual or team has sufficient training and a supportive culture, they should be able to make good choices themselves. The key is to determine when they need to slow down and get others involved:
- What types of decisions does your digital ethics governing body make? How?
- How does your organization prioritize business opportunities versus ethical concerns?
- Should the digital ethics governance body make a recommendation or a binding decision?
- Should someone outside of the governing body review and approve decisions?
- What are the criteria for escalation and/or appealing a decision?
5) The policy regime translates guiding principles into expectations of behavior. Your governance structure will establish objectives and authority, but without policies, your employees will be left to make decisions based on their own values or perceived values of the company. Instead, figure out the best way to augment your current compliance program to include digital ethics:
- How do we measure adherence to our ethical values and principles?
- To which products and processes do these values apply?
- Should digital ethics become part of the existing code of conduct?
- How does the organization assure consistent application of digital ethics fundamentals?
- What mechanisms do we have for raising concerns and updating policies?
6) The audit function can assure that digital ethics expectations are being met. Just like any other aspect of your internal control framework, digital ethics principles can benefit from independent review. To include digital ethics within the scope of an audit, you’ll have to answer a few key questions:
- What ethics processes and controls might be subject to an audit?
- How does the organization apply traditional audit concepts like materiality, risk, and effectiveness to ethics?
- What skills are necessary for the audit team to assess ethics?
- Does the audit committee have ultimate accountability for ethics lapses?
- Do ethics weaknesses and gaps hold the same level of priority for corrective action as financial or security control gaps?
Pulling it all together
Answering these 30 questions will require a number of stakeholders to take a serious look at the organization’s strategy and values. Even if employees on the front lines of your company are already practicing good digital ethics, you’ll need a governance structure to give them guidance and make sure their efforts have the desired effect. Starting with the questions above will help you decide exactly what kind of governance structure is best for you.
For an outline of potential governance structures (including pros and cons), to talk more about how these structures will determine key processes (like issue management and escalations), or to discuss your digital ethics efforts more generally, please feel free to reach out any time.