Implementing Ethical and Legal Issues in an ABET Accredited IS Program Daniel Farkas dfarkas@pace.edu Information Systems, Pace University Pleasantville, NY 10570 John C. Molluzzo jmolluzzo@pace.edu Information Systems, Pace University New York, NY 10038 Abstract In response to academic, professional and accreditation demands and requirements, it is clear that IS program curricula must address issues related to professional practice. (AACSB, 2006; ABET, 2007; IS 2002, 2007) These include management, ethics and values, written and oral communication, professional responsibility and an understanding of legal issues. The difficulty for IS programs (and other technical disciplines), is that these “soft” subjects are not emphasized by the required course load or educational material and textbooks that support them. In some sense, it requires rethinking the curriculum to insure that IS program graduates learn these educational objectives and outcomes. This paper describes how this can be accomplished (and was accomplished) as a result of preparing for ABET program accreditation for Information Systems. Keywords: Accreditation, ABET, AASCB, Ethics, Legal Issues 1. INTRODUCTION A study by Cappel and Windsor (1998) comparing professionals and IS students demonstrated that participants showed little consensus regarding different ethical scenarios. They concluded that ethical training or instruction would be of benefit to both audiences. A report of the ITiCSE’97 working group on social and ethical issues in computing curricula (Granger et al., 1997) gives insight into using information technology to integrate these issues in the computing curricula. The report defines different types of ethical issues (e.g. individual responsibility, professional responsibility, access and equity, quality, intellectual property, privacy, use of power) and then gives several sample exercises that can be given to students to illustrate these issues. Martin and Weltz (1999) after a discussion of the theoretical underpinnings of both ethics and social responsibility, give a methodology for its inclusion across the Computer Science curriculum. The basic tenets of this methodology are that students should follow a progression from awareness to evaluation and ultimately action. Within the curriculum, pedagogical principles include early introduction, discussion in most courses, integration into the courses, and maximum coverage with minimum overlap. Professional computer societies such as ACM and IEEE Computer Society have codes of ethics that they require their members to follow. However, these organizations have no way to enforce its members’ compliance with the codes. Linderman and Schiano (2001) argue that this leaves a responsibility vacuum when IT practitioners need to make ethical decisions. Dreher, Cummings, and Harris(2006) note that a firm’s IT policy provides guidance to its IT staff for ethical and legal decisions about data stored on its systems. Therefore, IT educators must provide a firm foundation in ethical and legal issues surrounding the use of information technologies and their impact on society. Consequently, professional organizations such as ACM (2006) have included coverage of ethical, legal, and social issues in their curriculum guidelines. In addition, accrediting organizations such as AACSB and ABET require coverage of ethical, legal, and social issues in all CS and IS programs applying for accreditation. 2. ABET AND AACSB ABET (Accreditation Board for Engineering and Technology) is the accrediting body for undergraduate programs in computing, including information systems and computer science. AACSB (Association to Advance Collegiate Schools of Business) is the accrediting body for graduate and undergraduate programs in business. In the event an information systems program is in a business school, it will be accredited as part of the AACSB process. Pace University has Information Systems programs in the school of computing and in the business school. Therefore, the IS program must be accredited by AACSB and ABET. ABET (2007) has adopted a set of ten program outcomes, labeled (a) though (j), that information systems programs must meet for accreditation. Two of these outcomes address ethical, legal, and social issues. * (e) An understanding of professional, ethical, legal, security, and social issues and responsibilities; * (g) An ability to analyze the local and global impact of computing on individuals, organizations and society, including ethical, legal, security and global policy issues; The ethical, legal, and social requirements of AASCB (2006) are a little less formal in their description, giving the guidelines of what a general management degree should support. These guidelines include the following: * Environmental, political, economic, legal, and regulatory context for business. * Individual ethical behavior and community responsibilities in organizations and society. * Management responsiveness to ethnic, cultural, and gender diversity. Inclusion of the above topics in several of information systems courses at Pace proved sufficient for AACSB re-accreditation of the business information systems program in 2006. ABET began by accrediting engineering programs and thus applies engineering curriculum type standards to computer science and information systems. Therefore, the more specific requirements of ABET and their insistence on strong assessment of their program outcomes proved to be difficult. For a comparison of ABET and AACSB standards see Klein, Molluzzo and Farkas (2006). 3. BACKGROUND Pace University is a private institution with 5 undergraduate colleges (computing, business, arts and sciences, nursing, and education) in the New York metropolitan area. It has two main campuses: New York City and suburban Westchester County, one hour to the north. The Seidenberg School of Computer Science and Information Systems has two Information Systems departments, one on each campus. These departments support BA, BS and MS degrees in the computing school and the BBA and MBA information systems concentrations in the business school. The undergraduate BS program was the first to be accredited by ABET in 2001 and was revisited in the fall of 2006. The BBA and MBA programs were re-accredited by AACSB in 2006. With two Information Systems departments, it is essential that issues of consistency across sections and campuses be coordinated. This is done by a cross-campus Information Systems Curriculum Committee (ISCC), which consists of the chairs and faculty from both campuses. The ISCC also instituted a system of course coordinators to manage sections, gather documents for accreditation, assure consistency, and report to the ISCC. 4. IMPLEMENTATION To specifically address ABET and AACSB criteria as listed above, there are two basic approaches. One is to require a course that covers all aspects of these issues. At Pace university, the Computer Science department has taken this approach. The ISCC, however, decided that, given the already limited number of courses required for the major, in particular the business major, a better approach in IS would be to integrate the material in a number of courses much along the lines described by Martin and Weltz (1999). The first two steps in implementing ethics, social and legal issues into the information systems curriculum were: * Covering the topics * Developing measurements to assess student outcomes Coverage: Covering the relevant topics was done by incorporating them into all sections of two courses (IS 351 - Global Data Communications and IS 481 - Database Management Systems) and including common homework/exercises and common final exam questions. This insured that all students in the major would be exposed to the same material and provides for common assessment instruments (see the Assessment section). For example, the course textbooks did not adequately address issues related to ethics and legal issues. Therefore, case study exercises that framed the issues and that required students to reflect on them were introduced into the two courses. To illustrate, consider a case study on legal and ethical issues that was used in the two IS courses. This case is adapted from the Bihari v. Gross case discussed in Tavani (2007, p.271). Company A was denigrated on websites that had names similar to the original, www.company-a.com. Company A sued the person responsible, Mr. B. When the court required Mr. B to give up the offending domain names, he created new websites with embedded Meta tags that would return these sites to the search engine during searches for Company A. Again, Company A sued Mr. B. This case looked at issues associated with the Anti-cybersquatting Consumer Protection Act of 1999 (ACPA) and the Trademark (Lanham) Act of 1946. In the second suit, the court found in favor of Mr. B and ruled that the likelihood of irreparable harm to Company A was required to prove Company A’s case, which the company did not do. The students had to respond to the following questions: * Was Mr. B within his rights to construct such a site? Why? * Was Mr. B right to include the metatags in the site’s HTML code? * Should there be regulations about what metatags are used by a Web site? If so what should the regulations be? * What advantages and disadvantages would there be to such regulation? * What was the purpose of the ACPA? * A different point of view regarding free speech and privacy is supported by the Electronic Frontier Foundation. See http://www.eff.org/Censorship/. After reading it, do you think ACPA is fair? Does the EFF make a good point? For other sources for ethics cases in information technology, see Spinello (2003) and Kallman and Grillo (1995). See also Sherman (2007) for suggestions on how to introduce and develop cases based on situations students normally face at work and at internships. Charlesworth and Sewry (2002) discuss how case studies from several sources fit into the Computing Curricula 2001 courses suggested by the IEEE. Measurements: Frequently, faculty in the computing disciplines have some difficulty grading “soft” exercises such as the above. See Moskal, Miller, and King (2002). To help faculty grade such exercises and to ensure that students knew how they would be evaluated, a standard grading rubric was adopted. See Sevens and Levi (2005) for an excellent introduction to rubrics . In addition, the rubric also insured consistent evaluation across different instructors and sections, which is required by the ABET standards. The rubric used, which was adapted from Moskal, Miller, and King (2002), is shown in Appendix 2. A grading rubric is not the only way to evaluate student work. Howard (2006) discusses another way, the “7 Cs” method of Sanders, to evaluate student papers and discussions. Botting (2005) discusses “active learning and holistic” grading techniques used in an ethics and professionalism course at California State University. 5. ASSESSMENT The next steps in implementing ethics, and legal issues into the information systems curriculum involved the assessment process. The assessment process is illustrated in Figure 1 (see Appendix 1), which is based on a figure of Alan Stix and Andreea Cortoranu, who derived it from a figure designed by Gloria Rogers. The assessment process for ABET required several steps: 1. Content: Outcomes (e) and (g) need to be covered in several courses in the curriculum. As indicated earlier, this was accomplished by adding material to two courses and including common exercises across all sections. Consistency and adherence to the curriculum was managed by course coordinators. 2. Measurement: Student performance needs to be measurably assessed. This could be via exams, presentations, or written homework. In addition to the class assignments (e.g. case studies), the course coordinator developed a set of common final exam questions that covered the ABET outcome criteria. All assignments associated with program outcomes within a course are tracked using an individual course matrix, which is illustrated in Appendix 3. The ten ABET program outcomes are listed in the left column. The program outcomes satisfied by the course are indicated by an x in the next column. The instructor includes each assessment in the remaining columns with the class average for that assessment in the appropriate row. Averages for the common final exam questions and the final outcome average are also indicated. 3. Consistency: The material must be consistent across different sections of the course and different cohorts of students. This is done in several ways. a. Common homework assignments are included in each section. b. The common final exam includes questions on the topics. c. A summative exam given to graduating students in a senior-level class assesses the outcomes on a program basis. This exam contains questions assessing all the program outcomes including (e) and (g). d. A course coordinator is responsible for implementing the above and reporting to the ISCC. 4. Analysis: Results of the homework, common final exam and summative exam need to be analyzed. The course coordinators collect analysis information from the common homework exercises, common final exam questions and summative exam. As required by ABET, a priori acceptance levels for all assessments needed to be established. The ISCC set a base standard of 70% for in-class assignments and common final exam questions. Course coordinators are responsible for analyzing the results of these assessments to ensure consistency of topic coverage across sections. The ISCC set a standard of 50% for each individual question on the summative exam. The 50% cutoff for summative exam questions was adopted because the exam is cumulative over four years of coursework, and the students are not given formal review or preparation for the exam. The course coordinators report to the ISCC on the semester results using a form that highlights special situations (e.g. underperformance), and with recommendations for curricular changes. Appendix 4 has an example coordinator form. 5. Reflection, modification and tracking: The analysis is used to improve student learning of the topics on a continuing basis. It is required to not only make suggestions, but to have firm implementation plans and then track curricular modifications by another cycle of assessment. This is known as closing the assessment loop. Refer again to Figure 1. ABET requires this to be a continuous process. The ISCC collects assessment data on a semester basis. Because enrollments in required courses are low, the ISCC decided to implement curricular changes on an academic-year basis. To keep track of this process an Assessment Tracking Form was used, an excerpt of which is illustrated in Appendix 5. The form lists in the second column the assessment mechanisms and their dates – the dates are omitted in this illustration. The third column contains reflections on the results. Note that the ABET objectives pertinent to the reflection are also listed. For example in row number 2 (the first row shown in the excerpt), it is noted that managerial aspects of data communications seem to be more difficult for students to grasp than are technical concepts. The fourth column contains recommendations based on the assessment results. The recommendation for row number 2 is to introduce additional social and professional impact material in the course. It is also recommended to explore the possibility of adding another week of coverage of these concepts. The fifth column contains the implementation plan for the corresponding recommendation. The plan details what will be done in the next assessment cycle to make improvements if any are necessary. For row 2, the plan is to have faculty research appropriate readings in the Summer of 2007 and have instructors assign the readings in their fall classes. The next three columns are to be filled in during the next year. Therefore, the recommendations implemented in the current year will be assessed, completing the assessment cycle. These columns would be brought forward to the 2007/2008 tracking form. The ISCC has not yet completed a full assessment cycle using these mechanisms. A complete review of the process will be reported in a future paper. 6. CONCLUSION Assessment is becoming a way of life in most institutions, whether for university accreditation (e.g. Middle States), or professional accreditation such as ABET or AACSB. Technical disciplines find it relatively straight forward to incorporate an assessment cycle into their processes when the subjects are concrete. Technical skills can be measured with relative accuracy. The difficulty arises when it is necessary to not only cover topics that may seem somewhat foreign to the technical area, but are also difficult to measure precisely and consistently. Difficulties during the assessment process involved finding a natural context for ethics, legal issues, and social and professional responsibility. Furthermore, we had to: * Develop strategies, such as case studies, to incorporate the material in a meaningful way. * Develop consistent measurement instruments in the form of rubrics and common exam questions. * Reflect on the results of the assessment cycle in one academic year and develop an implementation (and assessable) implementation plan for the next. Although the results of the full assessment cycle will not be available until early summer of 2008, given the mechanisms it developed, the ISCC is confident of success. 7. REFERENCES AACSB (2006) AACSB: Eligibility Procedures and Accreditation Standards for Business Accreditation, AACSB International, January, 2006. ABET (2007) Criteria for Accrediting Computing Programs, March, 2007. ACM (2002) ACM Curriculum Recommendations from http://www.acm.org/education/curricula.html#IS2002. Botting, R.J. (2005) Teaching and Learning Ethics in Computer Science: Walking the Walk. Proceedings of the 36th SIGCSE Technical Symposium on Computer Science Education. 342-346. Cappel, J. J., J. C. Windsor (1998). A comparative investigation of ethical decision making: information systems professionals versus students. ACM SIGMIS Database (29)2, 20-32. Charlesworth, M. and Sewry, D. (2002) A Ethical Issues in Enabling Information Technologies. Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology. 163-171. Dreher, F., Cummings, M., and Harris, J. (2006) The Role of IT Policies in the CS/IS Curricula. Journal of Computing Sciences in Colleges 22(2) 267–273 Final Report of the Joint ACM/IEEE-CS Task Force on Computing Curricula 2001 for Computer Science (2007), Retrieved June 26, 2007 from http://www.acm.org/education/curricula.html Granger, M. J., Little, J., Adams, E., Bjorkman, C., Gotterbarn, D., Juettner, D., Martin, D., Youhg, F. (1997). Using information technology to integrate social and ethical issues into the computer science and information systems curriculum (report of the ITiCSE '97 working group on social and ethical issue in computing curricula). Paper presented at the Annual Joint Conference Integrating Technology into Computer Science Education, 38-50, Uppsala, Sweden. Howard, E. V. (2006) Facing the Challenges of Teaching IT Ethics. Proceedings of the Seventh Conference on Information Technology Education, 95-98. IS 2002 Curriculum Guidelines for Undergraduate Degree Programs in Information Systems. Retrieved June 26, 2007 from http://www.acm.org/education/curricula.html. Kallman, E.A. and Grillo, J.P. (1995) Ethical Decision Making and Information Technology, 2nd ed. McGraw-Hill/Irwin, New York. Klein, S, Molluzzo, J. C. Farkas, D. (2006) AACSB/ABET Standards: Learning Goals, Objectives and Outcomes Assessment Strategies Used to Improve Student Learning and Curriculum Development.  The Proceedings of ISECON 2006, Dallas, TX Linderman, J. L. and Schiano, W. T. (2001) Information Ethics in a Responsibility Vacuum. ACM SIGMIS Database 32(1) 70–74. Martin, C. D., Weltz, E., (1999). From awareness to action: integrating ethics and social responsibility into the computer science curriculum. ACM SIGCAS Computers and Society, 29(2) 6-14. Moskal, Miller, and King (2002). Grading Essays in Computer Ethics: Rubrics Considered Helpful,SIGCSE’02 Proceedings, 101-105. SE 2004 - Curriculum Guidelines for Undergraduate Degree Programs in Software Engineering, 2004. Retrieved June 26, 2007 from http://www.acm.org/education/curricula.html. Sherman, C.A. (2007) Ethics: Making It Real for Information Technology Students, Journal of Computer Sciences in Colleges, 22(3) 168-174. Spinello, R.A. (2003) Case Studies in Information Technology Ethics, 2nd ed. Prentice Hall, Upper Saddle River, NJ. Stevens, D. D., Levi, A. J. (2005). Introduction to Rubrics. Stylus Publishing, Sterling, VA. Tavani, H. T. (2007). Ethics and Technology, 2nd ed. John Wiley & Sons, New York. Appendices Appendix 1 Figure 1 – The Assessment Cycle or “Loop” Appendix 2 – Grading Rubric Value Content Excellent (100%) Adequate (70%) Needs Improvement (70%) Inadequate (0%) 10% Directions Specifies who is impacted and how. Clearly explains values at stake and why significant. Specifies who and how impacted. Attempts to explain values at stake, but omits important points Specifies who is how impacted, but not both. Attempts to explain values at stake, but misses the mark Does not identify who is impacted or how. Does not explain values at stake. 20% Stakeholders Specifies who and how impacted. Clearly explains important values at stake and why they are significant. Specifies who and how impacted. Attempts to explain values at stake, but leaves out important points. Specifies who or how impacted, but not both. Attempts to explain values at stake, but misses the mark. Does not identify who or how impacted. Does not explain values at stake. 20% Analysis – Use of theory or analogy to support position Includes original or revealing analysis. Includes adequate analysis. Mentions concepts and ideas, but they are not well used. Does not pick a position. 20% Conclusion – Take and justify a position Provides persuasive argument clearly supporting a position. Even a reader who disagrees would think more about the issue. Picks and tries to justify a position. Argument is not convincing or convincing justification is given having nothing to do with stated analysis. Picks a position but does not justify it. None discernable. 10% Follow-up Question(s) Includes thought-provoking question(s) related to conclusion and analysis. Includes adequate question related to the conclusion and analysis. Includes a question only somewhat related to the conclusion and analysis. None – or a question that is not related to the issue. Appendix 3 – Individual Course Matrix Appendix 4. Course Coordinator Summary Document Spring 2007 Results from Common Final Exam Questions Reflections, and Assessment-based Course Improvements Course __IS351_______________ Course Coordinator ___XXXX_________________ Instructional Staff (including Course Coordinator): ______YYYYY______ ___________________________ _________________________ Date submitting this form: ____June 1, 2007_______________________ Results of the Common Final Exam questions: A Priori Target Achievement Level: 50% Question ABET Program Outcome New York ( n =) Pleasantville (n =) Total (n = ) Average 17 b 33.3 33.3 18 b 66.7 66.7 50.0 19 e,g (ethics, legal) 83.3 83.3 20 e,g (ethics, legal) 50.0 50.0 66.7 15 e,g (social) 83.3 83.3 16 e,g (social) 33.3 33.3 58.3 Coordinator’s summary of the individual faculty’s reflections: While students performed well on homework assignments, including review question sets and case studies, they did not do well on the final exam common questions. One reason might be that the common questions were not appropriate for assessing what students learned during the semester. Students might also have a difficulty in understanding some questions. We may have to make up the common questions carefully in the future, which are more appropriate and easier to interpret. Problems identified and suggestions for improvement: Outcome b (computing requirements) Students do well on learning the hardware and software of data communications. However, they may have to learn more on the use of technologies for business operations and practical implications of data communications theories and models. Outcomes e and g It seems to me that students do well on short answer (or essay) questions included in homework assignments. They did not do well on the common questions, which are multiple choice questions. The course should focus more on basic concepts and background of legal, ethical, social, and organizational issues. It may have to have more lectures focusing on such issues and use separate homework assignments for them. Appendix 5. Assessment tracking form - IS351 - Excerpt ASSESSMENT TRACKING FORM – IS351 Information Systems Academic Fall 2006 – Spring 2007 Assessment Mechanism and dates Reflections 2006/2007 Recommendations Implementation Assessment 2007 -2008 Reflections 2007-2008 Com-ments 2. * Cases on legal, ethical, professional and social responsibility * Final exam common questions Managerial aspects of data communications are more difficult for students to grasp than the technical ones ABET G, H Introduce additional content on social and professional impacts. Explore adding additional week on these concepts. * Summer 07 – Faculty will research and select appropriate readings * Fall 07 – instructor will assign readings, add to weekly assignment and then incorporate the case study 3. * Ethics Case * Final exam common questions Performance on Legal/Ethical questions on the final exam was not uniformly good ABET G, H Cover more of the basic background of ethics when introducing a case study * Summer 07 – Faculty will research and select appropriate readings * Fall 07 – instructor will assign readings, add to weekly assignment and then incorporate the case study 4. * Globalization Case * Final exam common questions Global issues involved in international governance were difficult for the students to appreciate ABET G, H Add discussion on international governance, sovereignty before assigning a case study * Summer 07 – Faculty will research and select appropriate readings * Fall 07 – instructor will assign readings, followed by case study instructor will assign readings, add to weekly assignment and then incorporate the case study 5. * Results of student work on cases and the final exam common questions Students would benefit from introductions to the non technical topics of this course (security, social impact, ethics and globalization) ABET G, H Use one reading, a partial lecture, or a discussion question on Blackboard as an introduction to these topics * Summer 07 – Faculty will research and select appropriate readings * Fall 07 – instructor will assign readings, followed by case study instructor will assign readings, add to weekly assignment and then incorporate the case study