Information Technology and Ethics/Role of Ethics in Risk Management


There are reasons to consider that good ethical practice is an essential part of risk management which includes identifying possible problems, preventing fraud, the preservation of corporate reputation, and mitigating penalties, etc.

Ethics has often been seen as something outside the normal business practice, something which is good to have, but it is often neglected due to the hunger for making higher profits. It is fair to say that good ethics is also good business and treating your employees, customers, shareholders, and stakeholders fairly helps to build a firm’s reputation and brand, while attracting the best employees and business partners. On the other hand, creating the impression that ethical behavior is not important to a firm is incredibly damaging to its reputation and business prospects and hence, it can be said that a business that enforces ethical behavior is the key component of managing enterprise risk efficiently and effectively.

Businesses such as Siemens have faced huge fines due to ethical issues and paid around one billion Euros because of its corruption scandal. FTC had imposed a penalty of $5 billion on Facebook (now Meta) for violating consumers’ privacy and the penalty is almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide.

Risk Management in BusinessEdit

Risk is defined as the probability of a threat of injury, damage, loss, or liability that is caused by external or internal vulnerabilities that may be avoided through preventive action and Risk Management is the process of determining an acceptable level of risk, assessing the current level of risk, taking steps to reduce risk to the acceptable level, and maintaining that level of risk.

Risk management helps businesses to identify and deal with potential risks. The mitigation becomes easy if the risk has been identified, it is said that risk can never be zero as there will always be some residual risk but, the impact and its likelihood can be reduced up to some level by mitigating it by an organization. In addition, risk management helps businesses to do decision-making. For any business, assessment and management of risks are the best way to prepare for inadequate events that may come in the way of progress and growth.

Effective Risk Management begins with understanding the risks appetite of the organization. Depending on risk and its significance to the business, business can therefore choose a method to mitigate that risk.

Risk Mitigation Techniques for BusinessEdit

Risk Avoidance: Risk Avoidance is basically developing an alternative strategy, avoiding a risk often means not performing the risk event, or the act that carries the risk. Risk is generally avoided by the organization when the organization is not ready to accept its risk and prefers to avoid it. For example, the production of a proposed product is canceled because the danger inherent in the manufacturing process creates a risk that outweighs potential profits.

Risk Acceptance: Accepting risk or risk acceptance occurs when a business or individual acknowledges that the potential loss from risk is very minuscule or the effects would be negligible that the risk can be accepted and the business does not need to take any action in order to reduce the risk. Acceptance usually has a very low cost associated with managing the risk (or zero cost), but can have a very high cost in the aftermath of a disruption.

Risk Transfer : Risk transferring is a risk reduction method that transfers the risk to a third party, usually a financial transaction.. The purchase of insurance on certain items is a risk transfer method. The risk is transferred from the organization to the insurance company. A construction project in the Caribbean may purchase hurricane insurance that would cover the cost of a hurricane damaging the construction site.

Risk Reduction: Risk reduction is an investment of funds to reduce the risk of a project. A project manager may hire an expert to review the technical plans or the cost estimate on a project to increase the confidence in that plan and reduce the project risk. Organizations put money on medical care, security guards, and sprinkler alarms to deal with risk by preventing the loss or reducing the chance that will occur.

Risk Management Process for BusinessEdit

Identify Risk: The first step of risk management process  is to identify the risks  which consists of the of reviewing the risk , analyzing the risk and listing the existing risks to the project

Assess Risk: Once risks are identified we  determine the likelihood and consequence of each risk. we try to understand the nature of the risk and its potential to affect project goals and objectives

Control Risk: After this risk scoring activity is executed in the previous step, the management team will be able to prioritize the risks and take decisions over how to  technique to mitigate it

Review Controls: Each of the risks will be monitored and controlled by the organization like which risks can reoccur again or which risk can lead to another major risk.

The rise of Risk Management Plans in Businesses after the PandemicEdit

COVID-19 is proof of how unprepared many businesses were for the unexpected. Lots of businesses faced a financial crisis due to which they had to lay off their employees while some businesses are closed permanently. The effect of impact on one industry was also seen in other industries. The shortage of semiconductor across the world has affected various industries like automobiles, health, technology with chip manufacturers all over the world, and these shortages and financial losses cause inflammation due to which the economy gets affected which eventually affects us.

Pandemic has forced individuals to work from home and changed the way how business was conducted previously. It enforced organizations to prepare their risk management plans more effectively as now new risks are emerging and existing risks are reprioritized in the industry in the teleworking environment. Risk management helps the business to define its future objectives by evaluating the past risks which have already occurred, defining the present risk, and considering the future risks. Any business can lose its direction if its objectives were not defined properly considering risk. After the pandemic, many companies have introduced the risk management departments to their team.

The role of this team is to identify risks, come up with strategies to protect against these risks, execute these strategies, motivate other members of the company to cooperate in these strategies and assess each risk to define its criticality to the business. The risks through which businesses can face adverse effects are categorized as critical risks and they should be treated/mitigated as a priority. The whole goal of risk management is to make sure that the company only takes the risks that will help it achieve its primary objectives while keeping all other risks under control.

Business EthicsEdit

The definition of ethics, also called moral philosophy, is the standard morally right and wrong that prescribes what humans ought to do, which is usually in terms of rights, obligations, benefits to society and fairness. Ethics usually tends to be compared with following one’s feelings, religion, law and society-acceptance, but they are all not the same.

Within every business is the necessity for the facilitation of ethical conduct. Businesses in or related to IT infrastructure and technology rely on the existence of excellent upholding of ethical practices.  Ethics are important within business because of the relationships that are formed over time with customers and related business partners. The extension to which ethical practices are correlated to can also be represented by the means at which a company conducts business within their environment as well as their products' societal implementations. Questions of ethics exist in many scenarios throughout the lifespan of a business. They can become of focus when determining the course of action for profit over employee satisfaction or expedited product development over secure testing and completeness. A business has moral obligations amongst these transactions and it is in their interest to uphold an ethical standard to maintain a congruent relationship for future interactions. Business ethics is a newer topic that has a huge impact on the outlook people may have on a business. General wrongdoings of immoral action can lead to destructive outcomes for a businesses lifespan.  The critical point for many businesses is understanding the line at which a company should act ethically when handling information and conducting business practices. The continuation of a functionally ethical business may come at a cost of profits and product longevity, depending on the societal and internal impacts a businesses decision may have. The importance of not just seeming ethical but acting ethically can also determine the moral scope that a company successfully withholds to. Companies deceiving consumers and employees about their moral intentions will ultimately run into extreme cases of backlash in moments of failure and exposure to the unethical practices performed.

Relationship between Risk Management and EthicsEdit

Risk management and ethics are closely related, especially in the realm of information technology. For example, a business entity can choose to take risks that have a likelihood of negatively impacting stakeholders, which many would consider to be unethical. In order for a business to have integrity, it oftentimes must contribute meaningful resources towards risk management. The line between negative risk and opportunity (positive risk) is important to define when dealing with risk management and ethics. The International Organization for Standardization (ISO) uses certain principles to identify appropriate risk management, stating that the resources expended to mitigate risk should be less than the consequence of inaction.[3]

Another approach for organizations to operate ethically is following three core disciplines: Governance, Risk Management, and Compliance (GRC). In this context, governance is the processes that are reflected in the organization's structure, risk management is the predicting and managing of risks that an organizational entity faces, and compliance is the adherence to legal boundaries as well as voluntary boundaries. [4][5] By addressing these disciplines in depth, a company is able to achieve a holistic approach towards balancing the relationship between risk management and ethics.

The Role of Ethics in Risk ManagementEdit

Ethics is important in many professional fields. In the risk management field, morals can guide one decision for any role within a company including employees, leaders, shareholders and stakeholders and impact them in different ways. A professional in the risk management field would first need to analyze and identify any potential losses. After analyzing and identifying the risk, they will need to take action and it could be based on their ethics. The role of ethics in risk management plays an important part in the decision making process. Based on the decision making of one’s ethical choice, it could lead to a positive or negative impact for the different roles of the company or the company as a whole.[2]

Scholars and researchers analyzed different levels and degrees of ethics like globalization, technology, intangible assets, and talent management. But there are some factors which cause pressures for ethical behavior and intentions like increasing competition, pressure for profits and returns on investment, political corruption, values and morals of younger generations, fast money and profit, and social responsibility. All these ethical factors can cause a risk within the business that could be good or bad for them. [15]

Ethics in the business world can impact the business in two different ways, good ethics is good business or bad ethics is bad business. Treating employees and customers fairly and honestly helps build a strong relationship, reputations and a brand to attract more customers, employees and business partners. On the other hand, creating an impression of bad ethical behavior can damage the business’s reputation and business prospect. Not only it can affect the business as a whole, but it's also applies to the individual the same way. So the business practice of implementing ethical behavior is a key element in effectively managing risk across the business. [16]

Good and Bad of Ethics in Risk ManagementEdit

Ethics in risk management can provide many benefits in a business from customers to business partners. When a business is noticed for how they behave ethically, it will attract customers to purchase their products or services and create a loyal relationship with the business and the customers. It could also boost the business reputation with the customers as it makes them feel ethically better when purchasing from the business. Employees will feel more comfortable and motivated to work for the business when it is behaving ethically. The employees don’t want to feel responsible for any bad ethical behavior the business is causing. In addition, more future employees will be attracted to the business and have current employees to stay in the business. Ethical business will attract business partners and investors as they will know that the business behaves in an ethical way and they will know that their money will be used in a responsible way.[17] Overall ethics in risk management affects society as a whole through the business’s customers, employees, business partners, and investors.

Even though ethics in risk management will have many benefits in impacting society, there are also disadvantages to ethics in risk management. The main disadvantage is ethics will limit the amount of money to maximize profit for the business. It will result in improving working conditions, but it will come with a price to pay. It will also be time consuming to implement ethical practices within a business because every single employee will need to go through ethical training and continue the training especially when the business grows. [17]

Possible Solutions for Ethical Risk Management(ERM)Edit

An ethical risk management approach is concerned with the infrastructure that encourages ethical behavior, i.e., the instructions and supports that control risks connected with unethical acts while also providing incentives to promote ethical behavior. Some possible solutions for ERM are: [11]


The board of directors and senior management should create a positive tone at the top and ensure that corporate compliance and ethics initiatives have enough resources. Corporate governance promotes a reliable, moral, and ethical environment where Transparency,, honesty, and integrity are at the core of corporate governance.


Privacy is so deeply ingrained in risk management practice that the rule of silence can hurt risk managers. However, this concept is worth highlighting since it is critical for public acceptability of risk management. Risk managers should be reminded to address hazards to employee privacy when new sources of risk arise.

Honesty and Transparency:Edit

Risk managers should strive for the maximum degree of honesty and openness possible. Although a duty of honesty is unlikely to be contentious, some may object to a duty of openness because they believe that reporting damage or ongoing hazards ( to employees) might hurt the organization. Nonetheless, risk managers must permit informed decision-making by being upfront about risks and actual damages to respect employees' autonomy.

Avoidance of Suffering:Edit

Prudence necessitates persons to use a level of judgment that does not exacerbate a problem. It relates to actions in which the risk of damage outweighs the benefit. A risk management plan should be built to ensure that pain and suffering must be avoided and mitigated.


When colleagues want to address another professional's unethical behavior or action, there must be ethical and proper guidelines for an employee to report these incidents. Employees should also consider the severity of reporting such issues and how they are reported, to cause less drastic causes of action and provide a meaningful change.

Staff Development and Training:Edit

Promoting an ethical culture is a must, and it is becoming increasingly apparent. Employees and Managers need to be trained in essential topics relevant to their field. These topics must include professional ethics and liability.


Risk management helps businesses to identify and deal with potential risks through identifying risk, assess risk, control risk and reviewing controls. Risk management is rapidly evolving and changing through ethical values, advancing technology, and pandemics like COVID-19. In order to help businesses deal with the rapidly changing of risk management, business ethics have been the course of action to solve the relationship between risk management and ethics. Through the different roles of ethics in risk management, it can impact a business for the good or bad through its employees, customers, business partners, investors and society. There are different possible solutions to help with ethical risk management which includes governance, privacy, honesty and transparency, avoidance of suffering, whistleblowing, and staff development and training.

Risk management in this context addresses the threats posed by unethical decisions in relation to an organization’s stakeholders. An ethical organization is one where ethical conduct is promoted by the organization leaders, where systems and procedures are in place to reward conformance to ethical behavior and discourage unethical practices. Ethical practice has positive outcomes for the organization, contributing to profits, reducing fraud, avoidance of litigation, mitigating legal penalties for lapses in legal compliance, and ensuring a safe and healthy environment.


  1. Velasquez, M., Andre, C., Shanks, T. S. J., & Meyer, M. J. (2010, January 1). What is ethics? Markkula Center for Applied Ethics. Retrieved April 19, 2022, from
  2. IEEE code of Ethics. IEEE. (n.d.). Retrieved April 24, 2022, from
  3. Dimmock, M., & Fisher, A. (2017). Business Ethics. In Ethics for A-Level (1st ed., pp. 143–155). Open Book Publishers. Francis, A. Armstrong. (2003). Ethics as a Risk Management Strategy (Journal of Business Ethics 45: 375–385)
  4. Kurt F. Reding, Paul J. Sobel, Urton L. Anderson, Michael J. Head, Sridhar Ramamoorti, Mark Salamasick, Cris Riddle (2013), "Internal Auditing: Assurance & Advisory Services"
  5. ^ OCEG (2004), "GRC Capability Model"Scott L. Mitchell, OCEG (2004-01-01), GRC Capability Model (Free Open Source)
  6. (2013, August 15). The Importance of Risk Management In An Organization.
  7. Compliance and Ethics in Risk Management. (2011, November 25). The Harvard Law School Forum on Corporate Governance.
  8. Venard, B. (2018, December 13). Lessons from the massive Siemens corruption scandal one decade later. The Conversation.
  9. Doshi, H. (2020). CISA – Certified Information Systems Auditor Study Guide: Aligned with the CISA Review Manual 2019 to help you audit, monitor, and assess information systems. Packt Publishing.
  10. Erohin, S. (2011, September 2). The security risk management guide. The Security Risk Management Guide.
  11. Walmart ends the sale of tobacco products at certain US stores. (2022, March 29). Walmart Ends Sale of Tobacco Products at Certain US Stores.
  12. Role of Ethics and Responsibility in Risk Management. (n.d.). Retrieved April 25, 2022, from
  13. Corporate Finance Institute. (2022b, January 25). Risk Management.
  14. Herrera, B. M., Herrera, M., & Herrera, M. (2022, February 19). Four Types of Risk Mitigation and BCM Governance, Risk and Compliance. MHA Consulting.
  15. FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook. (2022, January 27). Federal Trade Commission.
  16. Grigoropoulos, J. E. (2019). The Role of Ethics in 21st Century Organizations. International Journal of Progressive Education, 15(2), 167–175. Retrieved April 25, 2022, from
  17. Florio, C. di. (2011, November 25). Compliance and ethics in risk management. The Harvard Law School Forum on Corporate Governance. Retrieved April 25, 2022, from
  18. Dominion Editors. (2018, September 4). Advantages and disadvantages of Business Ethics in the real world. Dominion. Retrieved April 25, 2022, from