Ethics has obviously become a huge concern in business. New federal regulations on professional service firms require them to have codes of ethics. Am I OK as long as I do my job as a consultant professionally, or do I have to be concerned with the ethics of my clients and colleagues?
Ethics for consultants is increasingly complicated, and one reason why the professional conduct associated with the Certified Management Consultant (CMC) designation is of increasing interest to businesses hiring consultants. Consider the following scenario:
A CMC consultant was contracted by a business security services provider. It is important to note that an NDA (non-disclosure agreement) exists between the consultant and the security provider. The provider had recently uncovered a systems security breach at one of their clients, a publicly traded corporation. During the breach investigation it was discovered a "Bot" had been attached to the Oracle database. A "Bot" is a computer program that is unknowingly installed on a computer system and performs predefined repetitive tasks. These tasks can include espionage activities like stealing competitive information, customer data and even financial information. The Bot had been programmed to copy and send product costing and pricing information to an external web site.
The CMC advised the business security provider that given the type of data involved, the competitive position of their client may have been compromised. This event needed to be reported to executive management due to possible material damage to the company's sales and their competitive position. This being the case, it may need to be disclosed due to Sarbanes-Oxley regulations as well. A meeting was called with the business security service provider's direct customer. In that meeting with the head of IT and the head of security, the CIO demanded that this not be communicated in any way to anyone.Tip:
This could happen to any consultant, not just computer or security consultants, and you would be obliged to respond appropriately. Consider how you would do so. Does the NDA control your actions? Should you go to the CEO, state attorney general, your client, the Board, someone else? Say nothing (since "it's not in your scope of work")? Try to reason with the security provider? Resign from the engagement? Not so clear, is it? Would more information help? This is why ongoing discussions of ethical situations are so important.© 2010 Institute of Management Consultants USA