Beruflich Dokumente
Kultur Dokumente
ETHICAL ISSUES
FOR IT AUDITORS
Chapter 2
CODE OF ETHICS
Why do organizations
develop ethical codes?
Do not people know how to
act ethically under all
circumstances without a
written guidance?
CODE OF ETHICS
• Not all people will act ethically under all circumstances,
as social economic, political and other pressures can
drive “good” people to do “bad” things.
Illegal Act
• represents a willful violation of law.
• Consideration
Statement of what the offeror expects in return from the
offeree.
• Acceptance
Identify offeree
Signed and dated by offeree and offeror
Employment Contracts
Confidentiality Agreements
• Employee agrees not to divulge confidential information
Should describe nature of protected information
Non-Compete Agreements
• Employee agrees to not work for competing employer (including self) for
• Specified time (must be reasonable)
• Specified geography
• Prevents employee from working for other companies in connection with the
design or sale of a competitive product.
• Monetary remedy may be awarded to company for violation
Sample Non Compete Agreement
• Document Title
• Unique Number
• Effective Date
• Expiration Date
• Seller & Buyer Name / Address
• Document Purpose
• Authorized Signatures
• Goods/Services Description, Quantity &
Price
• Payment Terms
• Delivery & Shipping
• Disclosures
• Intended Use
• Warranty
• Liability
• Compliance with Laws
• Export Control
• Information Confidentiality
• Force Majeure
• Penalty / Cancellation Terms Resolution
Remedy;
Computer Crime
• There are no sheriffs on the Information Superhighway
waiting to zap potential offenders.
What is Computer Crime?
1. Industrial Property
• Patents, trademarks
2. Individual Property
• Copyrights of literary and artistic works.
Patents
• Patent protects invention 20 years from date of
application.
• Criteria for a patent are that an invention must be:
• Novel
• Useful
• Not of obvious nature
Patents
• Covers
• Distinctive images
• Symbols
• Pictures
• Words
• Distinctive & unique packaging
• Color Combinations
• Building Designs
• Product Styles
• Overall Presentations
• Offers protection from creation of work until the end of authors life
plus 50 years.
CCIPS
• Computer Crime & Intellectual Property Section
CHIP
• Computer Hacking and Intellectual Property
• Established by the Justice Department
Congressional Actions
• Computer Fraud and Abuse Act (1986)
• Clarified definitions of criminal fraud &abuse
• Removed legal ambiguities
• Electronic Communications Privacy Act (ECPA)(1986)
• Addressed privacy issues
• National Information Infrastructure Protection Act (1996)
• Amended Computer Fraud & Abuse Act
• Digital Millennium Copyright (1998)
• Protect electronic intellectual property rights
Title 18 of the U.S.C.
• Most encompassing legal guidance from the Federal
Government
Privacy
Privacy Laws & Regulations
• The Privacy Act of 1974 Title 5, United States Code, Section 552(a)
• Provides safeguards against an invasion of privacy through the misuse of records by Federal
Agencies.
• Right to Financial Privacy Act of 1978 Title12, United States Code, Sections 3401-3413
• Prohibits financial institutions from providing copies or access to the information contained in the
financial records of any customer to government agencies for law enforcement purposes unless the
government has received consent or provided notice and an opportunity for the customer to object.
• Federal Trade Commission Act Title 15, United States Code, Sections 41-58 (as amended)
• Empowers the Commission to prevent unfair competition methods, and unfair or deceptive acts or
practices that may affect commerce, which includes the misuse of private information for such
purposes.
• Cable Communications Policy Act ("CCPA”)Title 15, United States Code, Sections 521-
551
• Protects cable television subscriber information from unauthorized disclosure to third parties.
Privacy Laws & Regulations
• Identity Theft Assumption and Deterrence ActTitle 18, United States Code, Section 1028 (note)
• Designates the Federal Trade Commission as a central clearinghouse for identity theft complaints.
• Fair Credit Reporting Act (ECPA)Title 15, United States Code, Section 1681
• Protects the privacy of information collected by consumer reporting agencies such as credit bureaus,
medical information companies, and tenant screening services: Requires consumer reporting agencies to
develop reasonable measures to store consumers’ information in a confidential and accurate manner.
• The Children's Online Privacy Protection Act ("COPPA")Title 15, United States Code, Section
6501
• Protects children’s privacy by giving parents the tools to control what information is collected while
children are online.
• Gramm-Leach_Bliley ActTo be codified in Title 15, Unites States Code, Sections 6801-6809
• Ensures that financial institutions protect the privacy of consumers' “nonpublic personal financial
information.”
Privacy Laws & Regulations
• The Electronic Communications Privacy Act (ECPA) Title 18, United States Code, Section
2501
• Prohibits unlawful access and certain disclosures of communication contents and prevents government
entities from requiring disclosure of electronic communications from a provider without proper
procedure.
1. Notice: Organizations must notify individuals about the purposes for which they collect and use
information about them.
2. Choice: Organizations must give individuals the opportunity to choose (opt out) whether their
personal information will be disclosed to a third party or used for a purpose incompatible with the
purpose for which it was originally collected or subsequently authorized by the individual.
3. Onward Transfer (Transfers to Third Parties): To disclose information to a third party,
organizations must apply the notice and choice principles.
4. Access: Individuals must have access to personal information about them that an organization holds
and be able to correct, amend, or delete that information where it is inaccurate, except where the
burden or expense of providing access would be disproportionate to the risks to the individual's
privacy in the case in question, or where the rights of persons other than the individual would be
violated.
7 Safe Harbor Rules
Role of Accounting
Profession
• Managers are obligated to institute the internal controls
necessary to protect the confidentiality of personal
information collected in the course of business.
• AICPA believes that independent accountants are qualified
to conduct privacy engagements
• Ensures privacy related controls are in place and operating
effectively
IT Auditor’s Role in
Privacy
End of Chapter 2