ethics and professional conduct; quality assurance in information systems development cse1204 -...

Ethics and Professional Conduct;Ethics and Professional Conduct;

Quality Assurance in Information Systems Quality Assurance in Information Systems DevelopmentDevelopment

CSE1204 - Information CSE1204 - Information Systems 1Systems 1

Design principleDesign principle

BossBosswhat order you do your work inwhat order you do your work in

what jobs you dowhat jobs you do

wow you schedule taskswow you schedule tasks

““Making the User Boss”Making the User Boss”

1.1. Access to all functionsAccess to all functions

2.2. Don’t stipulate order/sequenceDon’t stipulate order/sequence

3.3. Self education (online help/ user Self education (online help/ user manual)manual)

4.4. Increase skillsIncrease skills

““Making the User Boss”Making the User Boss”

Monash University, SIMS, Semester One, 2005Monash University, SIMS, Semester One, 2005 44

EthicsEthicsEthicsEthics – values and beliefs that direct – values and beliefs that direct

how we behave in our (working?) liveshow we behave in our (working?) livescf. morality (imposed by culture/ social peers)cf. morality (imposed by culture/ social peers)

cf. laws (proscriptive/ penalised)cf. laws (proscriptive/ penalised)

Ethics is a personal character trait in which an Ethics is a personal character trait in which an individual understands the difference between individual understands the difference between “right” and “wrong” and acts accordingly“right” and “wrong” and acts accordingly

Whitten et al (2001) p. 27Whitten et al (2001) p. 27

Why EthicsWhy EthicsThe exercise of power always raises ethical issuesThe exercise of power always raises ethical issues

strong vs. weakstrong vs. weakknowledgeable vs. ignorantknowledgeable vs. ignorantdoctor vs. patient doctor vs. patient teacher vs. studentteacher vs. student just like: analyst vs. clientjust like: analyst vs. client

Ethical issues arise for IS professionals Ethical issues arise for IS professionals because of their specialized knowledge/ role in because of their specialized knowledge/ role in the production and distribution of informationthe production and distribution of information


Ethical theories (1)Ethical theories (1)Utilitarianism:Utilitarianism: look to the expected consequences of an act to look to the expected consequences of an act to

determine whether or not that act is ethically determine whether or not that act is ethically permissible permissible

eg. “slaves” in a developing country are used to produce eg. “slaves” in a developing country are used to produce something of benefit/value to many other people in the worldsomething of benefit/value to many other people in the world

Benthem, MillBenthem, Mill

Deontology:Deontology: duty/ obligation (to self or God) serves as the duty/ obligation (to self or God) serves as the

foundation for ethical behaviourfoundation for ethical behaviour eg. “the Bible expressly forbids this”eg. “the Bible expressly forbids this” Descartes, KantDescartes, Kant


Ethical theories (2)Ethical theories (2)Social-contract:Social-contract: while free to act individually people must surrender while free to act individually people must surrender

some freedoms to serve the common good and some freedoms to serve the common good and protect the weak from harm protect the weak from harm

eg. conservation of the environmenteg. conservation of the environment HobbesHobbes

Virtue (Virtue (Character-based EthicsCharacter-based Ethics):): Living well – moral development as an integral part of Living well – moral development as an integral part of

living the best life you canliving the best life you can eg. Socrates and the hemlockeg. Socrates and the hemlock PlatoPlato


Moral principlesMoral principlesGrounds for justifying moral principles:Grounds for justifying moral principles: religion – obedience to divine authorityreligion – obedience to divine authority law – obedience to a legal systemlaw – obedience to a legal system

Evaluating issues of moral principle:Evaluating issues of moral principle: social utility – eg. “conserve sparce energy social utility – eg. “conserve sparce energy

resources”resources” duty - eg. “protect privacy”duty - eg. “protect privacy” obligation – eg. “tell my client the truth”obligation – eg. “tell my client the truth”

Basic moral principles:Basic moral principles: ““Golden” ruleGolden” rule respect elderly/ infirmrespect elderly/ infirm protect the weak/ youngprotect the weak/ young

Monash University, SIMS, Semester One, 2005

9

Ethics as Standards

Etiquette Laws ProfessionalCodes

Ethics

The continuum of standards:


Ethical standardsEthical standards

Behaviour can have serious Behaviour can have serious consequences for human welfare, either consequences for human welfare, either to profoundly injure or benefit peopleto profoundly injure or benefit peoplecritical system failurecritical system failure

Covers areas were no rules currently Covers areas were no rules currently apply apply digital cameras at the beachdigital cameras at the beach


Work ownershipWork ownershipwhose property are the system designs: whose property are the system designs:

intellectual property rightsintellectual property rightsSelling on a previous solutionSelling on a previous solution

should you sell it to others?should you sell it to others?

Professional issues in SDLCProfessional issues in SDLC


Issues in system design:Issues in system design:Privacy: security and confidentiality Privacy: security and confidentiality

for the client AND the customerfor the client AND the customer

Accuracy: preserve and protectAccuracy: preserve and protectfor the client AND the customerfor the client AND the customer

Property: data ownership respectedProperty: data ownership respectedfor the client AND the customerfor the client AND the customer

Accessibility: available to proprietors ONLYAccessibility: available to proprietors ONLYany restrictions policedany restrictions policed

Professional issues in SDLC (2)Professional issues in SDLC (2)


Other considerationsOther considerations your personal/ business reputationyour personal/ business reputation your client's interestsyour client's interests confidentialityconfidentiality

your client’s confidentialityyour client’s confidentialityany associated party’s confidentiality (eg. any associated party’s confidentiality (eg.

customers)customers) impartialityimpartiality honesty (your professionalism)honesty (your professionalism) integrity (ethical-ness)integrity (ethical-ness)


The ethical dilemmaThe ethical dilemma New fields (eg. e-commerce, data privacy)New fields (eg. e-commerce, data privacy) Professional duties and responsibilities Professional duties and responsibilities

(sometimes) conflict with organisational goals (sometimes) conflict with organisational goals and outcomes.and outcomes.

Ethical behaviour can conflict with legal statutes Ethical behaviour can conflict with legal statutes and/or contractual obligationsand/or contractual obligations

The professional needs knowledge and skills to The professional needs knowledge and skills to resolve these conflicts by themselves as the resolve these conflicts by themselves as the situations arise in particular contexts.situations arise in particular contexts.


Characteristics of ethical Characteristics of ethical standardsstandards

Long term viewpoint – not just the Long term viewpoint – not just the presentpresentHow will your system be used in the future?How will your system be used in the future?

Broad view – not just this instanceBroad view – not just this instanceThis is how the system will be used in This is how the system will be used in

Australia, but how will it be used in Australia, but how will it be used in Colombia?Colombia?

Takes priority over other standards – Takes priority over other standards – etiquette, laws (“higher good”)etiquette, laws (“higher good”)


Professional CodesProfessional Codes

Rules that govern the conduct of membersRules that govern the conduct of membersMembers assume a moral obligation to Members assume a moral obligation to

conformconformConformity is a condition of membershipConformity is a condition of membershipViolation can result in exclusionViolation can result in exclusionAre incomplete and inadequate as a guide Are incomplete and inadequate as a guide

for individual ethical behaviourfor individual ethical behaviour


Professional codes of ethicsProfessional codes of ethics

Australian Computer Society (ACS)Australian Computer Society (ACS)ACS web site:ACS web site: www.acs.org.auwww.acs.org.au

Association for Computing Machinery Association for Computing Machinery (ACM)(ACM)


Ten “commandments” of Computer Ethics:Ten “commandments” of Computer Ethics: Do not use computers to cause harm to othersDo not use computers to cause harm to others Do not interfere with others’ computer workDo not interfere with others’ computer work Do not access others’ files without permissionDo not access others’ files without permission Do not use a computer to stealDo not use a computer to steal Do not use a computer to lieDo not use a computer to lie Do not use illegal copies of proprietary software Do not use illegal copies of proprietary software Do not use others’ computer resources without compensationDo not use others’ computer resources without compensation Do not appropriate others’ intellectual outputDo not appropriate others’ intellectual output Do think about the social consequences of the system or software you are Do think about the social consequences of the system or software you are

producingproducing Always show consideration and respect for others in your use of computersAlways show consideration and respect for others in your use of computers

Whitten et al (2001) p. 28Whitten et al (2001) p. 28

Professional ethics: Professional ethics: the Computer the Computer Ethics InstituteEthics Institute


The public interestThe public interest IntegrityIntegrity ConfidentialityConfidentiality Objectivity and independenceObjectivity and independence CompetenceCompetence Keeping up-to-dateKeeping up-to-date SubordinatesSubordinates Responsibility to your clientResponsibility to your client Promoting information technologyPromoting information technology The image of the profession and the SocietyThe image of the profession and the Society

ACS Code of Professional Conduct and ACS Code of Professional Conduct and Professional PracticeProfessional Practice


QualityQuality


Definitions of QualityDefinitions of Quality

Degree of excellence (Oxford)Degree of excellence (Oxford) Fitness for purpose (AS1057)Fitness for purpose (AS1057)

includes quality of design, the degree of includes quality of design, the degree of conformance to design, and it may include such conformance to design, and it may include such factors as economic or perceived valuesfactors as economic or perceived values

Ability to satisfy stated/implied needs (ISO8402)Ability to satisfy stated/implied needs (ISO8402) Conformance to requirements (Crosby, Conformance to requirements (Crosby,

Horch)Horch)


Determining Quality ..Determining Quality ..

when having a meal in a restaurantwhen having a meal in a restaurant when purchasing a carwhen purchasing a car when buying a computerwhen buying a computer

The requirements vary immensely, and some of the The requirements vary immensely, and some of the success measures are very hard to quantify...success measures are very hard to quantify...

Quality means different things to different people .. Quality means different things to different people .. and it varies in different situationsand it varies in different situations


Why should it concern us?Why should it concern us?

Customers’ expectations and demands are Customers’ expectations and demands are increasingincreasing

Competitors provide itCompetitors provide it Substantial savings demonstratedSubstantial savings demonstrated

QUALITY

EFFICIENCY

PRODUCTIVITYCOMPETITIVE POSITION

COST SAVINGS


Information systems: Information systems: quality issuesquality issues

The system:The system: does not meet the client’s business or processing does not meet the client’s business or processing

needsneeds does not support the client’s working methodsdoes not support the client’s working methods is unstable and unreliableis unstable and unreliable does not improve productivitydoes not improve productivity is difficult to use or requires excessive training to is difficult to use or requires excessive training to

useuse is expensive to maintainis expensive to maintain


The system:The system: is incompleteis incomplete is expensive to operateis expensive to operate has a short life spanhas a short life span is delivered lateis delivered late costs more than budgetcosts more than budget cannot grow with the organisation cannot grow with the organisation does not produce a return on investmentdoes not produce a return on investment

Information systems: Information systems: quality issuesquality issues


““Effort spent on software maintenance is greater Effort spent on software maintenance is greater than that spent on software development.”than that spent on software development.”

““An error is typically 100 times more expensive An error is typically 100 times more expensive to correct in the maintenance phase on large to correct in the maintenance phase on large projects, than in the requirements phase.”projects, than in the requirements phase.”

Boehm, B. (1981) Software Engineering EconomicsBoehm, B. (1981) Software Engineering Economics

Error detection in systemsError detection in systems


27

Error Detection

* The cost of detecting and correcting errors rises greatly during

the systems development cycle.

In addition to this is the cost to the organisation of having an incorrect system

Initiation Analysis Design Implementation

$


28

Quality Costs

Review,Inspection,

Re-do,

User complaints, Downtime,Loss of sales, Re-testing,

Re-documenting, Re-training,Overtime, Customer complaints,

Financial losses, Employee turnover

The tip of the Iceberg

The hidden costsof not having quality

systems

Obvious upfront coststo the organisation


29

Quality in Systems Development

(must be embedded in the process)Initiation

Analysis

Design

Implementation

Review

MaintenanceQuality

Documentation

Ethics

ProjectManagement

Analysts Role


Quality dimensionsQuality dimensions

Correctness - Does it accurately do what Correctness - Does it accurately do what is intended?is intended?

Reliability - Reliability - Does it do it right every Does it do it right every time?time?

Efficiency- Efficiency- Does it run as well as it Does it run as well as it could?could?

Integrity - Integrity - Is it precise and Is it precise and unambiguous?unambiguous?Usability - Usability - Is it easy to use?Is it easy to use?


Quality dimensionsQuality dimensions

Maintainability Maintainability - Is it easy to fix?- Is it easy to fix? Testability Testability - Is correctness easy to check and - Is correctness easy to check and

verify? verify? Flexibility Flexibility - Is it easy to adapt and - Is it easy to adapt and

extend?extend? Portability Portability - Can it be easily converted?- Can it be easily converted? Reusability Reusability - Does it consist of general - Does it consist of general

purpose modules? purpose modules? Interoperability - Will it integrate easily with Interoperability - Will it integrate easily with

other systems? other systems?


CorrectnessCorrectness

Does it accurately do what is intended? Does it accurately do what is intended? meets the specificationmeets the specification fulfils the user’s objectivesfulfils the user’s objectives Note that these may be contradictory requirements given Note that these may be contradictory requirements given

variations in:variations in: the quality of the analysis process,the quality of the analysis process, the speed of environmental change in the system’s the speed of environmental change in the system’s

domain of operation. domain of operation.

E.g. a good specification can produce the wrong system E.g. a good specification can produce the wrong system if development is slow and the environment changes if development is slow and the environment changes quicklyquickly


ReliabilityReliability

Does it do it right every time?Does it do it right every time?The system doesn’t malfunction or fail (in The system doesn’t malfunction or fail (in

normal use).normal use).The system performance is not diminished too The system performance is not diminished too

much during periods of heavy use.much during periods of heavy use.When the system fails (and it will), recovery is When the system fails (and it will), recovery is

both possible and rapid, with no loss of data.both possible and rapid, with no loss of data.


Efficiency and integrityEfficiency and integrity

Does it run as well as it could?Does it run as well as it could? The system makes good use of :The system makes good use of :

machine resourcesmachine resources

human resources.human resources. The amount of resources needed to perform a function.The amount of resources needed to perform a function.

Is it precise and unambiguous? Is it precise and unambiguous? Terminology is consistent Terminology is consistent The design is consistent.The design is consistent. Programming practices are consistentProgramming practices are consistent..


Usability and MaintainabilityUsability and Maintainability Is it easy to use? ....Is it easy to use? ....

learnlearn operateoperate prepare input forprepare input for interpret output frominterpret output from

Is it easy to fix?Is it easy to fix? can areas requiring change be located easily?can areas requiring change be located easily? can changes to be made easily?can changes to be made easily? can documentation be updated easily?can documentation be updated easily?

The system must be structured so changes are limited in scope (have The system must be structured so changes are limited in scope (have minimal impact beyond the area being changed)minimal impact beyond the area being changed)


Testability and flexibilityTestability and flexibility

Is correctness easy to check and verify?Is correctness easy to check and verify? Test strategy part of design process.Test strategy part of design process. System-specific test data generator available to developers System-specific test data generator available to developers

and maintainers.and maintainers. System structured to support module testing and integration System structured to support module testing and integration

testingtesting Is it easy to adapt and extend?Is it easy to adapt and extend?

The system is designed to be changed as the environment The system is designed to be changed as the environment changeschanges

Performance is sacrificed for flexibility, Performance is sacrificed for flexibility,

eg., small parameter tables are used rather than hardwired eg., small parameter tables are used rather than hardwired codecode


Portability and reusabilityPortability and reusability Can it be easily converted?Can it be easily converted?

Limited (and explicitly detailed) use of hardware-specific Limited (and explicitly detailed) use of hardware-specific features.features.

Limited (and explicitly detailed) use of proprietary software Limited (and explicitly detailed) use of proprietary software features.features.

Hardware and software performance tuning makes minimal use Hardware and software performance tuning makes minimal use of such features.of such features.

Does it consist of general purpose modules?Does it consist of general purpose modules?– Highly modular black box design. Highly modular black box design. – Mechanisms in place to reward developers for writing for Mechanisms in place to reward developers for writing for

reuse and reusing existing modules.reuse and reusing existing modules.– Tools, techniques and standards necessary to describe, Tools, techniques and standards necessary to describe,

catalogue and retrieve modules from an organisation wide catalogue and retrieve modules from an organisation wide library. library.

– Not just reuse of codeNot just reuse of code


InteroperabilityInteroperability

Will it integrate easily with other systems? Will it integrate easily with other systems? Accept from the beginning that the system will have to Accept from the beginning that the system will have to

integrate with other systems (data, presentation, control, integrate with other systems (data, presentation, control, and platform integration)and platform integration)

Standard formats and protocols for integration built into Standard formats and protocols for integration built into systemsystem

For example, facilities for data exchange part of initial For example, facilities for data exchange part of initial design. Such facilities must be included in the specification, design. Such facilities must be included in the specification, even when not asked for in the initial user specification.even when not asked for in the initial user specification.


The Quality ProcessThe Quality Process

The quality process involves the functions The quality process involves the functions of:of:Quality controlQuality control - monitoring a process and - monitoring a process and

eliminating causes of unsatisfactory eliminating causes of unsatisfactory performanceperformance

Quality assuranceQuality assurance - planning and controlling - planning and controlling functions required to ensure a quality product functions required to ensure a quality product or processor process


Implementing a Quality Implementing a Quality SystemSystem

Quality must start at the top - Executive sponsorship is vital.Quality must start at the top - Executive sponsorship is vital. Everyone must be involved and motivated to realise that Everyone must be involved and motivated to realise that

they have a responsibility towards the final product, its use, they have a responsibility towards the final product, its use, and its quality.and its quality.

Improve job processes by using standards, and preparing Improve job processes by using standards, and preparing better documentation (using project control methodologies). better documentation (using project control methodologies).

Use a QA group.Use a QA group. Use reviews.Use reviews.


StandardsStandards Levels of standardsLevels of standards

Industry / National / InternationalIndustry / National / InternationalOrganisationalOrganisational

IndustryIndustryCapability Maturity Model (Humphrey 1989)Capability Maturity Model (Humphrey 1989)

See Whittten et al (2001) pp 76-77See Whittten et al (2001) pp 76-77 National / InternationalNational / International

Standards Australia (AS 3563)Standards Australia (AS 3563)International Standards Organisation (ISO 9000)International Standards Organisation (ISO 9000)

OrganisationalOrganisationalThe organisation may adopt or tailor industry, national The organisation may adopt or tailor industry, national

or international standards.or international standards.


Standards - ExamplesStandards - Examples

• Document template (form eg template for these slides)Document template (form eg template for these slides)• Acceptance test sign off form (form)Acceptance test sign off form (form)• Screen standards (standard - mandatory practice)Screen standards (standard - mandatory practice)• Unit test process (standard - mandatory practice)Unit test process (standard - mandatory practice)• COBOL II standards (standard - mandatory practice)COBOL II standards (standard - mandatory practice)• Post implementation review procedure (advisory practice)Post implementation review procedure (advisory practice)

Note: different organisations and projects will have different Note: different organisations and projects will have different views about whether a standard is mandatory or advisable.views about whether a standard is mandatory or advisable.


Quality reviewsQuality reviews

Reviews are used in the quality control Reviews are used in the quality control and quality assurance functions. There are and quality assurance functions. There are two main forms of review:two main forms of review:

Quality Assurance:Quality Assurance:management reviewsmanagement reviews

Quality ControlQuality Control technical reviewstechnical reviews


Management or Project ReviewManagement or Project Review

Management must check the baseline for a Management must check the baseline for a deliverable to see that it meets the quality assurance deliverable to see that it meets the quality assurance requirements. requirements.

This may involve simply noting that a technical This may involve simply noting that a technical review has passed a particular deliverable. The review has passed a particular deliverable. The manager can then be assured of quality(given that manager can then be assured of quality(given that the manager has actively taken part in the the manager has actively taken part in the development of the quality system) development of the quality system)

The manager can then alter the project plan if The manager can then alter the project plan if necessary to allow for delays or early completion.necessary to allow for delays or early completion.


TechnicalTechnical ReviewsReviews

A technical review (from here on abbreviated to review) is a A technical review (from here on abbreviated to review) is a structured meeting where a piece of work, which has previously structured meeting where a piece of work, which has previously been distributed to participants, is checked for errors, omissions, been distributed to participants, is checked for errors, omissions, and conformance to standards.and conformance to standards.

All deliverables need review, otherwise how do you control quality? All deliverables need review, otherwise how do you control quality? The review is part of quality control and must produce a report so The review is part of quality control and must produce a report so

that the quality assurance function can be satisfied. that the quality assurance function can be satisfied. The report may be a checklist which indicates that the deliverable The report may be a checklist which indicates that the deliverable

passes/fails the quality requirements for that type of deliverable. passes/fails the quality requirements for that type of deliverable. This report is part of the baseline for the deliverable.This report is part of the baseline for the deliverable.


Technical ReviewsTechnical Reviews A technical review:A technical review:

is a formal meeting of a team which is guided by an agenda is a formal meeting of a team which is guided by an agenda and standardsand standards

allows input from many peopleallows input from many people produces a report which is made publicproduces a report which is made public requires committed participants to be responsible and requires committed participants to be responsible and

accountable for their workaccountable for their work is educational as it clarifies standards, and highlights is educational as it clarifies standards, and highlights

strengths and weaknesses of the team’s skills and strengths and weaknesses of the team’s skills and knowledgeknowledge

expects all participants to be responsible for the resulting expects all participants to be responsible for the resulting quality of the artefactquality of the artefact


TAVANI, H.T. (2004) Ethics & TechnologyTAVANI, H.T. (2004) Ethics & Technology: Ethical Issues in an : Ethical Issues in an Age of Information and Communication Technology. John Age of Information and Communication Technology. John Wiley and Sons, Inc. New Jersey, USA.Wiley and Sons, Inc. New Jersey, USA.

DWYER, J. (1997) The Business Communication Handbook (4th DWYER, J. (1997) The Business Communication Handbook (4th edition) Prentice-Hall, New York, N.Y. edition) Prentice-Hall, New York, N.Y.

ReferencesReferences

ethics and professional conduct; quality assurance in information systems development cse1204 -...

Documents

kant slide

ethics ethics values

user boss slide

ethical theories

ethical issues strong

client ethical issues

monash university

hemlock plato plato