Questions

Work Evironment Ethical Quagmire

+
0 Votes
Locked

Work Evironment Ethical Quagmire

askbuppa
After serving as the network admin for a small non-profit and general go-to-guy for both software and hardware problems, they have recently hired a new bookkeeper who has demanded and succeeded in removing my access to the network/"his computer".
I don't want to do anything to undermine the success of this organization (I'm on the board), but I have a real reluctance to help this new director and new bookkeeper. An added note. I voted with a minority to not hire this individual because he lacked the necessary qualifications and I have spent hours teaching him the software.
  • +
    0 Votes
    HAL 9000 Moderator

    Firstly if you are the IT support person there you need access or you are unable to do your job and more importantly protect the organisation from incompetency to illegal activity.

    At the very least you need access to backup data & Email as all e-mail now has the same effect as a letter as far as the courts are concerned so you need to be able to at the very least perform regular backup's so that in the event of something going wrong you can reload the data. Currently because you lack access you are unable to do this and as such are not doing your job properly.

    You can point this out to the Board and just accept the problems that arise when the Bookkeepers computer fails and all the data is lost or walk away and find another position. It really depends on how much you like this position and how hard you are willing to fight for it.

    Col

    +
    0 Votes
    jmgarvin

    I'm pretty sure non-profits still have to adhere to SOX. With the bookeepers computer being unauditable and essentially free from the eyes of anyone, you might be in for some real legal trouble.

    Anyway, something like this seems a little fishy. Why would he want this? What doesn't he want the IT guy to see?

    +
    0 Votes

    59%

    Dr Dij

    of computer related theft / hacking is by insiders.

    We had an incident out here where someone insisted they become soccer team treasurer. They then stole thousands.

    +
    0 Votes
    drowningnotwaving

    What I mean is, if you (as Col et al suggested) stick hard and fast to your job spec or (in its absence) your required outcomes / corporate processes for systems integrity and governance (e.g. the email issue) then you remain on solid ground.

    If there is a corporate risk (e.g. no access to a particular set of emails lodged in this person's machine; no access to the full back-up regime for proper accounting governance etc. etc.) then focus on the business reasons / requirements / processes.

    If YOU stick to your guns black-and-white then the only person that can make it an ethical question is the newby.

    Note also that "your reluctance to help" is exactly that. It is your problem. The fact that he was selected means that you have to deal with this particular aspect of the issue yourself.

    So be "vanilla". Respond to (professional) requests for assistance. Raise in a non-personal and non-emotional manner any risks that you perceive. Let the person/manager who is enabled to do so, make the decision on how to resolve those risks.

    If it works out, great. If you don't like it then it's time to think about another environment. g/luck.

    +
    0 Votes
    SWells

    Are you the system administrator? or someone that just "helps" out? If you are the sys admin then you NEED access and if you have the admin password then you CAN have access at any time. If you are just "helping" then do you really require access to do your job?

    Not trying to be mean, but in these sort of circumstances something like a position description comes in really handy. The biggest question is, are you resposible for the network? This is a question for the board.....

  • +
    0 Votes
    HAL 9000 Moderator

    Firstly if you are the IT support person there you need access or you are unable to do your job and more importantly protect the organisation from incompetency to illegal activity.

    At the very least you need access to backup data & Email as all e-mail now has the same effect as a letter as far as the courts are concerned so you need to be able to at the very least perform regular backup's so that in the event of something going wrong you can reload the data. Currently because you lack access you are unable to do this and as such are not doing your job properly.

    You can point this out to the Board and just accept the problems that arise when the Bookkeepers computer fails and all the data is lost or walk away and find another position. It really depends on how much you like this position and how hard you are willing to fight for it.

    Col

    +
    0 Votes
    jmgarvin

    I'm pretty sure non-profits still have to adhere to SOX. With the bookeepers computer being unauditable and essentially free from the eyes of anyone, you might be in for some real legal trouble.

    Anyway, something like this seems a little fishy. Why would he want this? What doesn't he want the IT guy to see?

    +
    0 Votes

    59%

    Dr Dij

    of computer related theft / hacking is by insiders.

    We had an incident out here where someone insisted they become soccer team treasurer. They then stole thousands.

    +
    0 Votes
    drowningnotwaving

    What I mean is, if you (as Col et al suggested) stick hard and fast to your job spec or (in its absence) your required outcomes / corporate processes for systems integrity and governance (e.g. the email issue) then you remain on solid ground.

    If there is a corporate risk (e.g. no access to a particular set of emails lodged in this person's machine; no access to the full back-up regime for proper accounting governance etc. etc.) then focus on the business reasons / requirements / processes.

    If YOU stick to your guns black-and-white then the only person that can make it an ethical question is the newby.

    Note also that "your reluctance to help" is exactly that. It is your problem. The fact that he was selected means that you have to deal with this particular aspect of the issue yourself.

    So be "vanilla". Respond to (professional) requests for assistance. Raise in a non-personal and non-emotional manner any risks that you perceive. Let the person/manager who is enabled to do so, make the decision on how to resolve those risks.

    If it works out, great. If you don't like it then it's time to think about another environment. g/luck.

    +
    0 Votes
    SWells

    Are you the system administrator? or someone that just "helps" out? If you are the sys admin then you NEED access and if you have the admin password then you CAN have access at any time. If you are just "helping" then do you really require access to do your job?

    Not trying to be mean, but in these sort of circumstances something like a position description comes in really handy. The biggest question is, are you resposible for the network? This is a question for the board.....