Investigations on the ethical practices and information security variance perceptions between academic and administrative staff were confirmed in Public Universities in Uganda. Four data collection phases included: testing the impact of ethical practices on information security among administrative staff; their ranking of factors likely to improve loyalty; academic staffs’ perception on the highly ranked factors that impact loyalty and, key informant interviews to substantiate key findings. Results confirmed loyalty as a stronger predictor of information security among administrative staff, which finding was considered inconsequential in matters of examination security by the academic staff. Whereas job satisfaction, high salaries, training and development were reported to increase loyalty among administrative staff, academic staff ranked personal integrity and commitment to excellence as most important. The varying perceptions could be attributed to divergent personal values, different technical and or professional backgrounds and corporate cultures. Findings provide new information security policy interventions, highlight the departure from conventional approaches of fighting examination security vices and call for innovations that address diverse stakeholders’ work dynamics. Key recommendations include stringent recruitment practices, rapid re-skilling and regular sensitisation, improved remuneration, and high scores on examination security attributes in performance agreements for all staff handling examinations. Undertaking a single study to investigate the different perceptions of both administrative and academic staff using a four step procedural interrelated approach is a major methodological contribution to research quality. The conceptualised ethical practices’ dimensions could stimulate current debate in Universities.
Keywords: Information security, Ethical practices, Loyalty, Personal integrity, Higher education institutions, Fraud triangle.
DOI: 10.55284/gjss.v8i1.640
Citation | Mary Basaasa Muhenda; Abraham Kule (2022). Perception Variances between Administrative and Academic Staff on Ethical Practices and Information Security: The Question of Students Examination Records in Public Universities in Uganda. Global Journal of Social Sciences Studies, 8(1): 19-26.
Copyright: © 2022 by the authors. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Funding : This study received no specific financial support.
Competing Interests: The authors declare that they have no competing interests.
History : Received: 3 March 2022 / Revised: 18 April 2021 / Accepted: 6 May 2022 / Published: 24 May 2022.
Publisher: Online Science Publishing
Highlights of this paper
|
The use of computers in Universities is not a recent undertaking because the use of information and Communication Technology (ICT) globally has become a driving force for most Organisations, nor is the challenge of handling digital information a rare occurrence. Computers are now more widely used to capture data, manage, and disseminate information relating to students, and or academic matters in Universities, though the extent of computerisation differs from one Higher Education Institution (HEI) to another. One of the key challenges in information security management, is an understanding of the interplay among the various underlying factors that underpin employee ethical practices (Hu, Dinev, Hart, & Cooke, 2012). With many information security breaches being reported in HEI (Kisakye, 2012; Nweze, 2009) worldwide, the few studies that investigated the impact of cyber-attacks on student’s records in Uganda, alluded to the issue of internal staff being the biggest culprits (Muhenda.. & Lwanga, 2016; Muhenda... 2020a). Hence, the need to investigate the relationship between ethical practices and information security further. Ethical practices can be compared to principles of conduct that are considered correct, especially those of a given profession or group. Ethical issues in this milieu have to do with being decent, fair, good, honest, just, moral, noble, principled, righteous, upright, and or virtuous (Collins, 2020) in the management of examination digital records in HEI. Some Scholars however contemplate that organisations have not been quick to act for fear of reputation damage, possibility of living in denial or some organisations may not simply be aware of the extent of the problem (Cole, 2008; Colwill, 2009).
Data and information generated by computers that require ICT devices to read such information, pose unique challenges of ensuring their confidentiality, integrity and availability and are therefore prone to security breaches (Muhenda... 2020a). As more computer generated information is created, stored and utilised by HEIs, the concerns for information security are also being reported that threaten the integrity and or credibility of academic awards, and institutional reputations. The issues as to why higher education remains a primary threat target are that: There is a large amount of potentially valuable examination information, which is attractive to malicious actors arising out of unethical practices; inability to adhere to policies and procedures relating to examination processes; the proliferation of connected devices on campuses that make it harder to secure and protect all potential entry points; campuses that have a large and diverse population of users who may not be vigilant on potential dangers; ignorance of approved policies and procedures on the part of staff handling examination records-in addition to unethical practices (Group, 2018). The need for examination records security, is even greater for those records that are electronic in nature that encompass those born digital, and- or re-born digital because they are more prone to destruction at the time of their creation, during their life time and even long after they have been retired as archives (AIMS Work Group, 2012; Routhier, 2014).
These factors not with-standing, the question of ethical practices and its impact on information security, has attracted little research, partly because HEI are uncomfortable with disclosing such information since it touches their core mandate and survival. Basing on findings regarding internal staff, unethical practices in HEI in Uganda as reported by Muhenda. and Lwanga (2014) and Muhenda.. and Lwanga (2016), it was important that the issue of examination records and information protection against unauthorised access disclosure, alteration, destruction and distortion was investigated further. After all, information security lapse incidents resulting from internal employees’ actions are more hazardous than those committed by outsiders (Cole., 2013; Muhenda & Lwanga, 2012). The increased usage of ICTs in handling students’ examination results has triggered controversy on matters of information systems’ integrity and credibility of awards in the higher education sector, and the justification to investigate the relationship between employees’ ethical practices and information security.
In the past few years, the Government of Uganda (GOU) has tried its best to introduce a number of ICT institutional reforms, to stabilize and rehabilitate the information cyber security in many sensitive Departments of HEI, so as to curb the recurring issues of information mismanagement (Mugyenyi, 2017). Furthermore, GOU has severally enacted laws governing information security which include but are not limited to; the Computer Misuse Act 2010, Electronic Transactions Act 2011, the Electronic Signatures Act, 2011, among others. It is however unfortunate that these laws have not succeeded in ensuring the quality service delivery related to effective information management. Security governance policy was drawn to guide all activities required to manage information, personnel and physical security using Plan-Do-Check-Act (PDCA). This has to some extent ensured better handling of the information of the universities’ clients, and in a faster manner but not investigated the issue of ethical practices.
The relationship between ethics as a moral principle or a set of moral values held by an individual or group (Collins, 2020) and security of examination records has been researched on before. Succinctly put, ethics is a set of principles that govern good human conduct and considered as laid down guidelines, principles, codes of conduct, rules and regulations guiding behaviour of a group or an organization Alutu and Aluede (2005).
According to Nweze (2009), examinations occupy a strategic position in our lives and society today. In a situation where the moral principles, rules and regulations for conducting examinations are truncated by either the teacher or the learner, the validity and reliability of the examination and certification are at risk. If earlier observations are upheld (Nweze, 2009), investigating information security in general, and management of digital examination results in particular become imperative. Some Universities in Uganda reported instances of information security breaches and cyber-attacks, in relation to examination records (Muhenda & Lwanga, 2016). In addition, inconsistencies of awarding marks, alterations, inaccuracies in records, and changes in grades and awards by internal staff triggered by sex, money and or other favours have been constantly reported inseveral media reports (Muhenda & Lwanga, 2016). For instance, according to studies (Muhenda & Lwanga, 2012; Muhenda 2020b), there are low levels of information security readiness; characterised by inadequate information security policies, disaster unpreparedness and ethical decadence in Uganda.
Fraud Triangle assumptions of perceived pressure resulting in both financial and work pressure; perceived opportunity arising from weak internal controls, ineffective monetary controls and fraud tendencies in addition to staff rationalising their actions to justify unethical acts (Burke and Sanney (2018). Absence of professionalism and ethical standards lived and practiced by the staff and students, could also be aggravating factors, all of which tantamount to what (Burke & Sanney, 2018), termed as cheating in the academy. The abundance of unethical staff and students, coupled with inadequate ethical principle guidelines, in the management of digital examination processes, have compounded the problem further. Even the guidelines provided by the Inter-University Council of East Africa (2010) and the (National Council for Higher Education, 2014) in the management of examination processes, are unsatisfactory for some Institutions. Adherence to quality assurance, quality control, quality audits and any other quality mechanisms that take into consideration information security matters, and ethical practices are vividly absent.
A study conducted by Kisakye (2012) investigated the information security practices put in place by Research and Enterprise Network Uganda (RENU) to safe guard institutional data and systems from both internal and external security threats. Security readiness of these institutions to avert any security related incidences, was also investigated and reported that; sixty six percent (66%) of the Institutions had not implemented any strategy to monitor their networks, or to detect unauthorized use or rogue access points and only 33% had an information security function, within the ICT department. These findings are a confirmation of low priority, accorded to matters pertaining to information security, which justify further investigations. The question that this study attempted to answer was; whether staff ethical practices affect information security, and which ethical practice had more impact on information security, and; whether both academic and administrative staff had similar perceptions.
The study was undertaken among academic and administrative staff of three purposively selected Public Universities in Uganda, that process students’ examination results, using the Electronic Students Information Management System operationalized in 2019. The study was based on a sample size of 98 randomly selected respondents, comprising both academic and administration staff, responsible for processing student’s examination records. The study employed a four-step procedure, where administrative staff responded to two instruments to collect data, which was analysed, and whose findings were used to design another online survey instrument; to solicit academic staff views in order to gauge the varying perspectives.
In the first step, forty three (43) administrative staff out of fifty two (55) responded to a self-administered instrument that tested the impact of ethical practices (loyalty, integrity, concern for others, organisational reputation, commitment to excellency) on information security. The second step saw the development of an online survey instrument, which requested all the forty three (43) administrative staff who responded to the self-administered questionnaire, to rank factors that could improve staff loyalty. The third step involved the developed of an online survey instrument based on findings from the survey, conducted on administrative staff requesting academic staff to rank their perceptions on : loyalty, integrity, concern for others, organisational reputation and commitment to excellency on a scale of one to five, five being the most important factor. The fourth step involved conducting interviews that targeted randomly selected University Officers who included; one Vice Chancellor, three deputy Vice Chancellors in charge of Academic affairs, and two Academic Registrars, whose responses complemented quantitative data. Factor analysis was used to test the validity of the instrument, and to identify dominant factors of ethical practices, and information security. The principle component factor method, was used to examine the total variance among original variables. Varimax rotation was used to maximise the loading of each variable, on the extracted factors to help in the interpretation of factors. Three dominant factors were retained namely, loyalty, commitment to excellence and concern for other stakeholders. The measure of sampling adequacy (KMO) was .81 for ethical practices and (KMO) of .74 for information security whilst the Bartlett’s test of sphericity was significant, confirming the sufficiency of significant inter-correlation. We used regression analysis to test the influence of ethical practices of information security, and to determine which of the three predictor variables had a stronger influence.
In our hypothesis generation, we postulated relationships between ethical practices, and information security, and proceeded to test the relationships and below are the results;
Table 1. Model summary.
Model |
R |
R Square |
Adjusted R Square |
Durbin-Watson |
|
R Square Change |
Sig. F Change |
||||
1 |
0.392a |
0.154 |
0.077 |
0.154 |
0.133 |
2 |
0.819b |
0.671 |
0.606 |
0.518 |
0.000 |
Note:
|
Table 1 presents a model summary of the regression equation. The regression results model explains 60% of the variation in information security, as shown in the results of the model summary above. Variations in information security explained 60%, of the predictor variables effect.
Table 2. Regression results.
| Ethical Practices | Coefficient Beta |
Significance |
Remarks |
| Commitment to Excellence | -0.106 |
0.43 |
Rejected |
| Loyalty | 0.829 |
0.00* |
Supported |
| Concern for Other Stakeholders | -0.043 |
0.73 |
Rejected |
| Model Summary | 0.82 |
||
| R | 0.67 |
||
| R Square Adjusted | 0.60 |
| Note: * Significant at 10% level. |
Table 2 presents multiple regression results which determined the variance of the effect of the ethical practices on examination security. According to the coefficient results above, loyalty was positively and significantly related to information security at 99% level of confidence, and a beta value of .829 in the survey conducted among administrative staff. However, commitment to excellence and concern for other stakeholders were negatively related to information security, and neither were they significant in registering beta values of (-0.106 and -0.043) respectively, which may be contrary to conventional perceptions. The quantitative findings were supported by responses, obtained from key informants who included administrative and academic staff involved in examination processes; including Academic Registrars, Quality assurance officers and ICT Managers. Responses from randomly selected non-teaching staff and key respondents supported loyalty as a major contributor in ensuring information security with one University Registrar, commenting as follows;
“It does not matter how much money is paid to staff and what other incentives are given as long as their ethical behaviour is wanting tampering with examination results will be a persistent occurrence.”
Another Vice Chancellor admitted that “It is extremely difficult to teach old people new values because those who are not morally upright may remain corrupt because morals are not taught.”
The significant and positive effect of loyalty and information security were supported by earlier findings, who reported high employee loyalty contribution in organisations’ success (Al Qudah, Yang, Alsaidan, Shah, & Shah, 2018; Pan, 2018). Although this research has both academic and practical implications, which greatly contribute towards staff performance within organisations, it could be generalised to explain improvements in examination results processes.
Having confirmed the effect of loyalty on information security, administrative staff were requested to rank seven (7) factors that are likely to affect their loyalty at work. The factors included; job satisfaction, rated at seventy six per cent (76.8%); salary enhancement was rated at seventy three point five per cent 73.5%, training and development rated at 69.2% followed by promotional opportunity rated at 62.5% and management support rated at 61.5%. Other less significant factors like organisation and treatment of staff were rated at (53.7%) Incentives and rewards rated at 53.5%, respectively. The results confirm 3 important factors where management needs to intensify its efforts namely; job satisfaction, salary enhancement and training and development in order to increase loyalty among administrative staff handling student’s examination results.
In the third stage of data collection procedure as articulated in the section on methodology, academic staff were asked; whether loyalty was considered significant in matters of information security, when handling students’ examination results. Seventy five per cent (75%) of the academic staff answered in the affirmative, making loyalty the fourth important factor. Integrity was ranked as the most important factor for academic staff in the process of handling digital examinations results (97%), followed by commitment to excellence which scored eighty one per cent (81%). Organisational commitment was scored as the third important factor at 76.5%, whereas concern for other stake holders attracted a score of only 61.2% being the least important factor in handling digital examination results.
Although loyalty registered a high significant positive influence on the security of information among administrative staff, academic staffs’ perception considered loyalty as inconsequential. Academic staff ranked integrity and commitment to excellence as very important ethical practices in information security matters, in comparison to loyalty. The contrary results led us to hold interviews with randomly selected Deans and Heads of Departments to try and ascertain why academic staff could have down played loyalty, as a strong predictor of information security, while handling examination results- contrary to findings relating to administrative staff perceptions.
Below are some responses from key informants that could throw some light on the varying perspectives:
Respondent 1
The academic staffs may not want to be portrayed as being compromised because their supervisors or other colleagues who deal with them could be conflicted. There could also be a possibility that academic staff perceive integrity as the driving factor when handling examinations which value could lead to overall organisational performance. If one choses loyalty as opposed to integrity and commitment to excellence, it means that such an individual could easily be compromised by the unethical supervisor.
Respondent 2
If you’re an academic staff and you don’t put integrity and commitment to excellency at the forefront of your work, then you’re likely to mess because most of the academic staff are supervised by Deans, Deputy Vice Chancellor Academics, and Registrar. These are roles which are temporary or given for a certain period of time to individuals. So if you take loyalty to them as being the most important when handling the examinations, you are missing the point and it is better if you leave the profession of lecturing if you cannot be driven by personal integrity and self-desire to be committed to excellence.
Respondent 3
We simply don’t want to be compromised by anybody when it comes to handling examinations. Loyal people sometimes are taken by the whims of their bosses and this is not good and not practical for professionals. Anyone who lacks integrity and is not committed to organizational reputation and excellence should not become an academician because these are key values upon which the entire mandates of Higher Education Institutions thrive.
Respondent 4
You should be happy that majority of academic staff ranked integrity and commitment to excellence higher than the rest of the factors. It means that academic staffs are reliable, and can work on their own with minimum supervision. In summary, they are professional. Those who chose loyalty are seekers of favours in the back of their mind and in long run can make the University fail yet examination management is one of the key areas which shows the quality of products of that university.
When the respondents were asked further as to how the three value attributes could be improved, one respondent reiterated that staff must be helped to unlearn bad habits by constantly being motivated, and rewarded among other efforts. Another respondent said, HEIs need a robust overhaul of their culture, and professional aspirations... in order to improve security of examination handling processes.
Our findings confirm the paradoxes that exist among administrative, and academic staff in handling examination results, and confirm different perceptions on factors that impact information security. Whereas administrative staff value loyalty as a high predictor of information security, academic staff find loyalty inconsequential, in the process of examination processing. The difference in perceptions are difficult to explain though this study makes the following assumptions: Administrative staff being secondary beneficiaries, may not appreciate the issue of integrity, and commitment to excellence at the same level like academic staff. For administrative staff, being loyal to their supervisors is what matters most in their world of work, in comparison to academic staff, who value personal integrity and commitment to excellence, as the likely factors to impact examinations management processes. Since academic staff are direct beneficiaries of the entire examination process, their strong perceptions on personal integrity and commitment to excellence, could be underpinned by that fact.
Major recommendations hinge on elaborate recruitment procedures, and vetting of identified candidates in order to select and recruit credible staff. There ought to be rapid re-skilling and regular sensitisation of staff, improved remuneration, and separation of roles and responsibilities between examiners and students. Other recommendations include: Consistent sharing of the vision and mission of the Universities, improved incentives in addition to putting in place strong Examination Committees, and emphasis on performance contracts that rate examination integrity, and commitment to excellence, as high performance indicators. Undertaking a single study to investigate the different perceptions of both administrative and academic staff using a four step procedural interrelated approach is a major methodological contribution in quality control processes.
Since the study covered only Public Universities, future research could investigate the impact of ethical practices-on overall staff performance in HEI including private Universities.
AIMS Work Group. (2012). AIMS born-digital collections: An inter-institutional model for stewardship. Retrieved from: https://dcs.library.virginia.edu/files/2013/02/AIMS_final_text.pdf.
Al Qudah, N. F., Yang, Y., Alsaidan, S., Shah, S. A. A., & Shah, S. J. (2018). The impact of transformational training programs on employee loyalty: A structural equation modelling (Lecture Notes in Electrical Engineering). Paper presented at the International Conference on Mobile and Wireless Technology.
Alutu, A. N., & Aluede, O. (2005). The role of counselling in dealing with examination malpractices and ethics. Revista Española de Orientación y Psicopedagogía, 16(2), 189-198.
Burke, D. D., & Sanney, K. J. (2018). Applying the fraud triangle to higher education: Ethical implications. Journal of Legal Studies Education, 35(1), 5-43.Available at: https://doi.org/10.1111/jlse.12068.
Cole, K. C. (2008). Cybersecurity in Africa: An assessment. Atlanta: Georgia Institute of Technology.
Cole., E. (2013). Advanced persistent threat: Understanding the danger and how to protect your organization. Waltham, MA, USA: Elsevier, Inc.
Collins. (2020). Collins concise dictionary. Retrieved from: https://www.collinsdictionary.com/dictionary/english/ethics.
Colwill, C. (2009). Human factors in information security: The insider threat – Who can you trust these days? Information Security Technical Report, 14(4), 186–196.
Group, V. T. (2018). Should we worry about information security in higher education? Retrieved from: https://www.vantagetcg.com/should-we-worry-about-information-security-in-higher-education.
Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615-660.Available at: https://doi.org/10.1111/j.1540-5915.2012.00361.x.
Inter-University Council of East Africa. (2010). A road map to quality, handbook for quality assurance in higher education. Arusha: The Inter-University Council for East Africa/DAAD 2010.
Kisakye, A. (2012). An investigation into information security practices implemented by Research and Educational Network of Uganda (RENU) member institutions. Grahamstown: Rhodes University.
Mugyenyi, R. (2017). Analysing information systems security in higher learning institutions of Uganda. International Journal of Scientific & Technology Research, 6(10), 385-392.
Muhenda, M. B., & Lwanga, E. K. (2012). Managing records in higher education institution in Uganda: Can human resource policies savage the situation. World Journal of Social Sciences, 2(2), 74-83.
Muhenda., M. B., & Lwanga, E. (2014). Knowledge hoarding among academic staff in higher education institutions in Uganda: Risk or strategy? World Review of Business Research Journal, 4(2), 279-290.
Muhenda.., M. B., & Lwanga, E. (2016). Does organizational culture influence ICT adoption?: The case of public higher education institutions in Uganda. [Unpublished Paper] Kampala, Uganda.
Muhenda..., M. B. (2020a). Managing institutional memory in higher education institutions: A practical guide for managers, knowledge management champions, information and records management staff. Kampala: Law Development Centre Publishers.
Muhenda...., M. B. (2020b). Managing students’ academic information. Ugandan Journal of Management and Public Policy Studies, 18(1), 24-37.
National Council for Higher Education. (2014). Quality assurance framework for universities and licensing progress for higher education institutions. Kampala: National Council for Higher Education.
Nweze, T. (2009). Management of examinations: Ethical issues. Edo Journal of Counselling, 2(1), 90-102.
Pan, Y. (2018). On the influencing factors and strategies of employee loyalty. Fudan Journal of the Humanities and Social Sciences, 11(4), 553-572.Available at: https://doi.org/10.1007/s40647-018-0215-1.
Routhier, P. S. (2014). Digitization and digital preservation: A review of the literature. School of Information Student Research Journal, 4(1), 12.Available at: https://doi.org/10.31979/2575-2499.040104.
Online Science Publishing is not responsible or answerable for any loss, damage or liability, etc. caused in relation to/arising out of the use of the content. Any queries should be directed to the corresponding author of the article. |