☀️ Light
Systems Analysis & Design · Chapter 4

Ethical Issues in
Systems Analysis
& Software Engineering

Everything you need to know — with mnemonics, clear explanations, and quick quizzes.

01

The Two Key Roles

🔍 Systems Analyst (SA)

Business problem-solver who uses IT to find solutions.

  • Needs Technical + Business + People skills
  • Also called: programmer analyst, systems consultant, systems engineer
  • Designs what the system should do

⚙️ Software Engineer (SE)

Code builder who applies engineering principles to software.

  • Designs, develops, maintains, tests, evaluates software
  • Works on how the system is built
  • SA + SE together = complete product (hardware + software)
Mnemonic

SA = "WHAT"  ·  SE = "HOW"

Think of it like a restaurant: the SA is the designer who says "we need a menu with 20 dishes", and the SE is the chef who figures out how to cook them.

02

Problems Faced by SA / SE

There are 6 main problem areas. Use the mnemonic below to remember them all.

Mnemonic — 6 Problems

S·D·P·U·C·I

"Software Developers Please Use Code Integrity"

Software Specification
Design gaps
Pressure (Extreme)
Unauthorized software
Changes in software
Incompetent staff

📋 Software Specification

  • Most errors traced back to incomplete requirements
  • A spec is complete only when it separates wanted from unwanted behaviour

🎨 Design Gaps

  • Domain expert designs the system but hands off to a programmer who isn't a domain expert
  • E.g. brake engineer → programmer → brake software. Communication gap = bugs

🔥 Extreme Pressure

  • "Ship it fast" pressure causes known bugs to be ignored
  • Quality cut under time-to-market demands

🏴‍☠️ Unauthorized Software

  • Using open-source without crediting it
  • Using illegal/pirated tools
  • Hard to maintain systems built on illegal software

🔄 Changes in Software

  • "Small fixes" can cause serious reliability drops
  • Software maintenance ≠ replacing hardware
  • Every change alters the design

👥 Incompetent Staff

  • No project management methodology
  • Bad planning and estimating
  • Not enough senior staff on the team
03

The 3 Unethical Syndromes

Mnemonic

R · S · C

"Really Shady Companies" — Red lies, Sweep-it-under-the-rug, Cancelled vacation

🔴

Red Lies

Telling clients/management something you know is false — e.g., "the project is on schedule" when your team knows it isn't. Named "red" because it's blatant deception.

🧹

Sweep it Under the Rug

Ignoring unforeseen problems hoping they'll disappear. This leads to much bigger failures down the line. Classic short-term thinking.

✈️

Cancelled Vacation Syndrome

Managers pressuring staff to cancel trips or personal time at the last minute for short-term deadlines — sometimes causing real financial loss (non-refundable bookings).

✅ How to Avoid These Problems

04

Safety-Critical Systems

⚠️ What is a Safety-Critical System?

Any system where software failure may cause injury or death.

Examples Antilock brakes · Nuclear reactors · Airplane navigation · Elevators · MRI/CT scanners

Development requires 5 key practices. Mnemonic below:

Mnemonic — Safety-Critical Dev

R·H·T·R·N

"Really Hard To Run Naked" (unusual = memorable!)

Rigorous process
Hazard log
Testing (thorough)
Risk Analysis
N-version programming + Redundancy

Rigorous Process & Documentation

More thorough docs, vigilant checking and re-checking. No shortcuts.

Hazard Log

A logging/monitoring system tracks hazards from project start to finish. The system safety engineer owns this.

Thorough Testing

Decide: how much testing is enough when failure = loss of human life?

Risk Analysis

Formally assess: what can go wrong? How likely? How bad? How to avoid/warn?

Redundancy & N-Version Programming

Multiple interchangeable components for the same function. N independent versions run in parallel; a voting algorithm decides the winner if outputs differ.

🎬

Scenario 1 — Anti-Missile System

Military asks for immediate complex modifications within 1 week. The team agrees. Is this realistic? NO — safety-critical software changes require rigorous process. Rushing = catastrophic risk.

✈️

Scenario 2 — Fighter Jet Software

QA engineer suspects insufficient testing but signs off under employer pressure. Ethical? NO — personal/professional integrity trumps business pressure in safety-critical contexts.

05

IT System Administrator Ethics

🔑
Root Access
to Everything
👁️
Sees All User
Activity
⚖️
Highest Ethical
Responsibility

SysAdmins have privileged access to passwords, emails, databases, and full network activity. This power can be abused deliberately or inadvertently. There are 6 ethical issues:

Mnemonic — 6 SysAdmin Ethical Issues

I · E · S · W · C · F

"In Every System, Whistleblowers Challenge Fees"

Invasion of Privacy
Equality in Reporting
Sensitive Information
Whistleblower
Compromising Security
Fees / Overcharging
Issue Situation Ethical Dilemma
Privacy Invasion of Privacy Monitoring employees' emails/browsing OK if employment contract allows it; still feels invasive
Report Equality in Reporting Deciding what infractions to report Using personal values = unfair, selective enforcement
Info Sensitive Info Moving to a new company with old employer's secrets Check non-disclosure agreements; legal + ethical duty
⚠️ Whistleblower Discovers illegal/unethical company activity Job security vs. legal/moral duty to report
🔒 Compromising Security Client asks to skip recommended security measures Must explain risks; ethically wrong to comply silently
💰 Consultation Fees Fear of attacks = easy upsell Playing on fear to overcharge is unethical
🛝

The Slippery Slope

Starts small — "just scanning emails for fun" — and escalates to altering messages, blackmail, or abuse of power. Each step feels minor; the cumulative harm is severe. One rule: don't start.

🤝 Informed Consent Policy

The ethical foundation for SysAdmin policies:

06

LOPSA Code of Ethics

LOPSA = League of Professional System Administrators (est. early 2000s). 10-point Code of Ethics for SysAdmins.

Mnemonic — 10 LOPSA Principles

PP · PL · CS · ERS · E

"Professional People Please Laws, Communicate Strongly, Educate, Respect Society Ethically"

Professionalism
Personal Integrity
Privacy
Laws & Policies
Communication
System Integrity
Education
Responsibility to Computing Community
Social Responsibility
Ethical Responsibility
01
Professionalism
02
Personal Integrity
03
Privacy
04
Laws & Policies
05
Communication
06
System Integrity
07
Education
08
Responsibility to Computing Community
09
Social Responsibility
10
Ethical Responsibility

📜 User Code of Conduct — Key Questions

🔐 Privileged Access Code of Conduct

🏛️ Building a Security Culture

Security = not just technology. It's a culture. All employees must be security-conscious at all times, supporting the IT team. SysAdmins hold enormous power and must model ethical behaviour.

07

Integrity & Ethical Guidance

🛡️ Analyst Integrity Means…

  • Keep employee & corporate data confidential
  • Follow through on commitments
  • Deal directly with mistakes (no cover-ups)
  • Honest, open communication
  • Know your limits; ask for help; help others

📚 Sources of Ethical Guidance

  • Professional Bodies: codes of conduct (e.g. LOPSA)
  • IS Methodologies: structured frameworks ensure completeness & ethical analysis of IT projects
  • Deontological approach: following rules regardless of consequences
08

Quick Self-Quiz

Test yourself — click to reveal the answers.

What is the difference between a Systems Analyst and a Software Engineer?
SA = business problem-solver (WHAT to build, needs tech + business + people skills). SE = applies engineering principles to build software (HOW to build it). Together: SA designs the system, SE codes it.
Name the 6 problems faced by SA/SE (use the mnemonic).
S·D·P·U·C·I — "Software Developers Please Use Code Integrity": Specification, Design gaps, Pressure, Unauthorized software, Changes in software, Incompetent staff.
What are the 3 unethical syndromes?
R·S·C — "Really Shady Companies": Red Lies (lying to clients/management), Sweep it Under the Rug (ignoring problems), Cancelled Vacation Syndrome (last-minute pressure to sacrifice personal time).
What is N-version programming and why is it used?
N independent teams implement the same requirements separately. All versions run in parallel. If outputs differ, a voting algorithm picks the result. This minimises impact of software errors — multiple versions are unlikely to fail the same way simultaneously.
What is the "slippery slope" in SysAdmin ethics?
Starting with minor ethical violations (e.g. "just scanning emails for fun") and gradually escalating to serious abuses (altering messages, blackmail). Each step feels small; the cumulative harm is severe. Lesson: draw a firm line from the start.
What does LOPSA stand for and what are its 10 principles?
League of Professional System Administrators. Principles (use PP·PL·CS·ERS·E): Professionalism, Personal Integrity, Privacy, Laws & Policies, Communication, System Integrity, Education, Responsibility to Computing Community, Social Responsibility, Ethical Responsibility.
What makes a system "safety-critical"?
Any system where software failure could cause injury or death. Examples: antilock brakes, nuclear reactors, airplane navigation, elevators, medical devices (MRI, CT). Development requires rigorous process, hazard logs, thorough testing, risk analysis, redundancy, and N-version programming.
What is "informed consent" in SysAdmin policy?
Users must (1) know the rules they live under, and (2) know how the system will operate in various situations. Transparency = no grounds for unfair treatment claims.