9. Virtuous IT governance: IT governors can't be virtuous!

Richard Lucas
University of Canberra

It is not that IT1 cannot (or ought not) be governed,2 but it is rather that, as a field of endeavour, IT governors have nothing against which to measure their virtue: nothing against which to measure their governance efforts.

Why should this be so? Well it turns out that the problem is not with IT governance as such, but in being able to measure governance efforts within a virtuous framework. To be virtuous there must be an ideal against which governance efforts can be measured. I will now shift my discussion from governance particularly to professionalism generally. I do this because the problem I address is not limited to simply governance: The problem is common to all aspects of being a professional. That is, if virtuous governance is not possible then, I claim, virtuous professionalism is not possible because they share a common malady. Conversely and more powerfully (but more straightforwardly), if virtuous professionalism is not possible then virtuous governance is not possible, if for no other reason than governance is a proper subset of being a professional. So, to make my claim that IT governors cannot be virtuous, all I need show is that IT professionals generally, cannot be virtuous.

But I get ahead of myself; before I get to far into this discussion I need to cover the basics of virtue and the basics of governance. That is, it seems best to look at what virtues are and what governance is before I say why virtuous IT governance is not possible. What are we talking about when we talk about virtues? What does it mean to engage in governance?

A brief outline of virtue

As most IT professionals are not versed in the details of any particular ethical theory especially virtue (they, mostly, just know what is right) I will now give a primer of what I mean by virtue.

Firstly, a definition of virtue:

A virtue is a character trait that contributes to human flourishing.3, 4

Some examples of virtues are:

1. 1. autonomy
2. 2. beneficence
3. 3. benevolence
4. 4. caring
5. 5. compassion
6. 6. courage
7. 7. empathy
8. 8. fairness
9. 9. forgiveness
10. 10. friendship
11. 11. integrity
12. 12. judgement
13. 13. justice
14. 14. liberality
15. 15. loyalty
16. 16. knowledge
17. 17. good temper
18. 18. negligence
19. 19. openness
20. 20. perception
21. 21. prudence
22. 22. reflection
23. 23. respect
24. 24. self-control
25. 25. selflessness
26. 26. proper shame
27. 27. trustworthiness
28. 28. temperance

Now, the reader might have a problem with believing that some in the above list are virtues. Try viewing a virtue as the mean sitting between two vices and relative to some situation or action. To understand what 'sitting between two vices' means I will give two examples: good temper and courage.

Firstly, good temper, (which, if you lose it, leads to anger). There are times when it is appropriate to be angry and times when it is not. Here the excess of (unjustified) anger makes for an irascible person and the deficiency of (justified) anger makes for an inirascible (that is, excessively peaceful) person. According to Aristotle to be either irascible or inirascible is to be morally deficient.

Courage is another example: courage is the mean between two fears; too much and too little. To have too much fear is to be a coward, to fear too little is to be reckless or foolhardy, a madman. To be courageous is to overcome unjustified fear; it is also courageous to heed justified fear.

It is obvious that not all virtues apply in all circumstances and not all virtues are equal across all professions/occupations. So, which virtues apply to a particular profession and in which circumstance? Before I can answer this question I need to explain a bit more about virtues.

What is it that virtues are relative to? In many professions, there is something against which (to be relative to) to measure the virtues and vices; there is an ideal. So, what are these ideals?

According to Justin Oakley and Dean Cocking:

what counts as acting well in the context of a professional role is in our view importantly determined by how well that role functions in serving the goals of the profession, and by how those goals are connected with characteristic human activities. That is, good professional roles must be part of a good profession, and a good profession, ... is one which involves a commitment to a key human good, a good which plays a crucial role in enabling us to live a humanly flourishing life. (2001, 74)

To understand virtue in a professional context it is probably best to start with an easy example, to see how it works for something that all might agree is a profession. Take medicine, for example. For medicine the main goal is to serve the health of people. It is clear that health is central to human flourishing and so this qualifies medicine as a good profession.

The virtuous medical professional has:

1. 1. autonomy
2. 2. beneficence
3. 3. compassion
4. 4. courage
5. 5. honesty
6. 6. humility
7. 7. integrity
8. 8. non-maleficence
9. 9. trustworthiness
10. 10. truthfulness

Just so that you do not think that I have picked an exceptional example, consider architecture (Yoch, 1978). For architecture, the main goal is to design aesthetic and functional housing for people. It is clear that housing is central to human flourishing (ask the homeless about flourishing) and this qualifies architecture as a good profession.

The virtuous architect has:

1. 1. beneficence
2. 2. compassion
3. 3. courage
4. 4. honesty
5. 5. humility
6. 6. justice
7. 7. trustworthiness
8. 8. truthfulness

So, we have two examples, what difference does this make to my claim that IT workers cannot be virtuous? To answer this question I must first return to my claim that IT professionals cannot be virtuous because there is nothing against which to measure their virtue.

For each of my examples above, I started with a main goal, showed that this goal contributed to human flourishing, and then gave a list of virtues that I claimed were consistent with the main goal. To do this for IT, it is necessary to begin with some definitions.

A brief outline of governance

At its most general governance is: ‘the exercise of power overall’ (Távora, 2007,) or, more particularly,

‘European governance' refers to the rules, processes and behaviour that affect the way in which powers are exercised at European level, particularly as regards openness, participation, accountability, effectiveness and coherence. These five `principles of good governance' reinforce those of subsidiarity and proportionality. (European Commission, nd)

As I used medicine to highlight virtue, I now do the same for governance; that is, I use medical governance as a way of examining IT governance. Again, for medicine the main goal is to serve the health of people. It is clear that the health of people is central to human flourishing: this qualifies medicine as a good profession that ought to be able to have virtuous medical governance.

Medical governance

So, good governance (for medicine) means ensuring that the management of medicine embraces openness, participation, accountability, effectiveness and coherence. Combining the values of good medical governance with the virtues of a medical professional provides a coherent notion of what is necessary for an IT professional to carry out good governance.

In general, IT governance means:

specifying the decision rights and accountability framework to encourage desirable behavior in using IT. ... IT governance reflects broader corporate governance principles while focusing on the management and use of IT to achieve corporate performance goals. (Weill & Ross, 2004: 2)

and,

The goal of an IT governance program is to establish chains of responsibility, authority, and communication to empower people in support of the overall enterprise goals and strategy. (Ambler & Kroll 2007)

Notice that there is no reference to anything that might resemble ethics, never mind virtue or human flourishing. Even organisations such as the IT Governance Institute5 make no reference to the ends, moral or otherwise, of IT. Indeed, the closest they get is to mention some sort of IT–business alignment. It is not my purpose here to examine the merits of these definitions, rather to point out the omission of any mention of ethics in the standard literature on ICT governance. This is because, for IT, there is no main or direct goal that contributes to human flourishing! According to my claim, it is not surprising that the two definitions given above do not contain anything relating to virtuous governance: such a claim simply could not be included.6 Now, this seems to leave no room to move, nothing more to say on the matter.

There may, however, be something in the indirect references to loyalty and human welfare in the code of ethics of Australia's IT professional group, the Australian Computer Society (ACS). In the ACS code of ethics (2012), section 4.1(b) refers to loyally serving the community; while, section 4.1(d) advises members to use their special knowledge and skill for the advancement of human welfare.

While there is nothing in the detail of the code that spells out what it means to advance human welfare, the notion does approach ideas of human flourishing and, perhaps, there is something here — in the general sentiment of advancing human welfare — that can be used to create a specific goal for IT. In practice, this would be a goal that promotes human flourishing and is, therefore, a goal against which virtues can be measured.

I propose that the following be the main goal of IT:

Build and maintain information technology for the good of both society and individuals.

Unfortunately, there is nothing in the IT literature which states, promotes, or explains in detail how to carry out this main goal; that is, what is the good that I refer to? Recall that I established that both medicine and architecture met the criteria for being a profession that addressed human flourishing. With this in mind, we can now refocus the goal of IT to being in the service of human flourishing professions. So, now the main goal of IT (according to me) becomes:

Build and maintain [insert name of qualifying profession, for example, ‘medicine’ or ‘architecture’] information technology for the good of both society and individuals.

The process is now to match the lists of virtues for these professions (medicine and architecture) with these new ideals. For example, the virtuous medical IT professional has:

1. 1. autonomy
2. 2. beneficence
3. 3. compassion
4. 4. courage
5. 5. honesty
6. 6. humility
7. 7. integrity
8. 8. non-maleficence
9. 9. trustworthiness
10. 10. truthfulness

The virtuous architectural IT professional has:

1. 1. beneficence
2. 2. compassion
3. 3. courage
4. 4. honesty
5. 5. humility
6. 6. justice
7. 7. trustworthiness
8. 8. truthfulness

For IT, however, there is a problem of implementation. In a 2008 study of ethics in the IT profession in Australia, John Weckert and I asked IT professionals for whom they did their IT work. Their responses were revealing: 64.7 per cent of the respondents listed ICT, their own group, as the end purpose of their work. That is, they did not see their work as contributing to any other goal (Lucas & Weckert, 2008: appendix 69). Now, this cannot be right. As we have seen for medicine and architecture, to be a good profession, the goal of that profession ought to be some higher ideal: the health of people in medicine's case. In the raw data, the respondents described themselves as being affiliated with some 41 different industry groups. As some of them made too fine a distinction between industry spheres, some of the responses were combined. For example health, medical and hospital were combined in a single health group. This combining of spheres resulted in a reduced set of 19 identifiable industry groups and one unspecified group. Here are the combined results.

Table 1: Responses by industry group

Source: Based on Weckert and Lucas, 2008

This clearly shows that the majority of IT professionals have no clear idea that they are in the service of another profession nor of the goal or purpose of their work in relation to that qualifying profession. In spite of this difficulty I will now give some concrete examples of how the IT professional can be measured against virtue criteria. The way to do this ought to be clear: pick an area of work that can clearly be seen to be contributing to human flourishing, a ‘qualifying’ profession.

The significant areas listed in the study by IT professionals who had an awareness of the end goal of their work listed identified were the following:

Table 2: Responses by service category

Source: Based on Weckert and Lucas, 2008

While I have taken some liberties with this list (especially by including the service category), others will, no doubt, criticise my choices of those spheres that are either included or excluded from the list. A detailed analysis of all 41 distinct response groups would be necessary to arrive at a list of work areas that might count as contributing to human flourishing, but that is beyond the scope of this chapter. Also, it is not my purpose here to show how IT professionals might carry out their work so that it counts as ethical.7

My point here is to show that the set of work areas identified by IT professionals while small, is not empty. There is some work by IT professionals that can clearly count as, if done for the right purpose or goal and done in the right sort of way, contributing to human flourishing.

What is the relationship of this to governance?

It seems that I have gotten a long way away from governance in writing about IT professionals generally. It serves the purpose, however, of setting the virtuous context for IT governance. The next step is to restate my requirement of the virtuous IT professional:

Create and enact [insert name of qualifying profession] information technology governance that contributes to human flourishing.

Examples

Because respondents to the research listed health as a work area, I will now give some examples of how the IT professional working in that field uses virtues to measure IT governance. Recall that some of the virtues of the medical IT professional are:

1. 1. autonomy
2. 2. compassion
3. 3. courage
4. 4. honesty
5. 5. integrity
6. 6. justice
7. 7. non-maleficence
8. 8. trustworthiness
9. 9. truthfulness

The four principles that are most commonly referred to in medical governance literature,8 and how they might be modified to fit IT, are:

Autonomy, in medical IT governance, means asking the following simple questions —does the IT being proposed (or used — when already in place) enhance the autonomy of those charged with making medical governance decisions?; and, do the resulting IT governance procedures enhance the autonomy of those affected by subsequent governance decisions?

Beneficence, in medical IT governance, means asking the following simple questions: does the IT being proposed (or used, when already in place) enhance the beneficence of those charged with making medical governance decisions?; and, do the resulting IT governance procedures allow for greater beneficence to be shown towards those affected by subsequent governance decisions?

Non-maleficence, in medical IT governance, means asking the following simple questions: does the IT being proposed (or used — when already in place) enhance the non-maleficence of those making medical governance decisions?; and, do the resulting IT governance procedures minimise harm towards those affected by subsequent governance decisions?

Justice, in medical IT governance, means asking the following simple questions: does the IT being proposed (or used — when already in place) ensure the equitable decision-making of those making medical governance decisions?; and, do the resulting IT governance procedures enhance justice towards all vulnerable groups affected by subsequent governance decisions?

Of course, getting clear and unambiguous answers to these questions is difficult. In the case of proposed systems developments it is imperative that they be answered before any work begin on said systems. This will in turn add to the economic cost and project timeline of these projects.

Conclusion

Surely, there is some work that IT governance professionals do that is morally worthy but does not fall into the category of virtuous? Surely, there are things that IT governance professionals do that are morally worthy but do not contribute to human flourishing? Well, one could be anthropometric about this and claim that all things humans do either adds to, or diminishes, human flourishing. Unfortunately, this stance does not get us to the heart of the problem that I am trying to address. Claiming anthropocentricism trivialises the issue. My claim here is not that all IT professional governance activity can be evaluated in terms of virtue ethics but rather that, for those that can, it is not IT itself that the activity ought to be measured against: it is the end goal of the IT work that ought to be the yardstick.

For the issues of IT governance and professionalism to reach a point at which they can be seriously considered, each IT system needs to be considered in light of the following two fundamental questions:

Does the IT system that was built contribute to human flourishing (in each particular field such as medicine and architecture)?

Do the governance activities that IT professionals engage in, in constructing IT systems that do contribute to human flourishing, themselves contribute to human flourishing?

References

Ambler, SW & Kroll, P, 2007, ‘Best practices for lean development governance. Part I: principles and organization’, The Rational Edge, 15 June, <http://www.ibm.com/developerworks/rational/library/jun07/kroll/index.html>

Australian Computer Society (ACS) 2012, ‘Code of ethics’, June, <https://www.acs.org.au/__data/assets/pdf_file/0005/7835/Code-of-Ethics_Final_12.6.12.pdf>

Baines, P, 2008, ‘Medical ethics for children: applying the four principles to paediatrics’, Journal of Medical Ethics, vol 34, pp 141–45.

European Commission, nd, ‘Governance in the EU: a white paper’, <http://ec.europa.eu/governance/index_en.htm>

Gillon, R, 2003, ‘Ethics needs principles — four can encompass the rest — and respect for autonomy should be “first among equals”’, Journal of Medical Ethics, vol 29, pp 307–12.

Hussein, G, 2010, ‘When ethics survives where people do not’, Public Health Ethics, vol 3 no 1, pp 72–77.

Lucas, R & Weckert, J, 2008, Ethics and regulation in the ICT industry, report for the Australian Computer Society, Centre for Applied Philosophy and Public Ethics, Charles Sturt University, Canberra.

Oakley, J & Cocking, D, 2001, Virtue ethics and professional roles, Cambridge University Press.

Távora, F, 2007, ‘Globalisation and governance’, Pós-Graduado em International Economics.

Weill, P & Ross, J, 2004, IT governance, Harvard Business School Press.

Yoch, JJ, 1978, ‘Architecture as virtue: the luminous palace from Homeric dream to Stuart propaganda’, Studies in Philology, vol 75, no 4, Autumn, pp 403–29, <http://www.jstor.org/stable/4173981>