Is Big Brother Required for Adequate Internal ControlPosted: April 22, 2013
Google’s latest potential product – Google Glass – has the potential to radically change the way we interface with computing power and the internet. It also has the power to take “big brother” spying on everything we do to a new level. We already live in a world where companies have complete access to our email and internet movements while on our work computers; they can tell when we are in or out of the office through the ID readers to get into the building; they can even tell where we are when we aren’t in the office with the GPS in our phones turned on.
Now with Google Glass they can see and record every move we make during the day. There can be come great uses for this new functionality. Imagine the savings on time and motion studies by being able to record and analyze a sample across dozens of people in a day. But with any technology comes responsibility. I recently read an American Banker article that saw Google Glass as a way to reign in rouge traders. If they are wearing Google Glass then every trade they make can be monitored. I understand the concern. When one rouge trader can bring down a company, you have to consider extraordinary means to prevent that from happening, but somehow having your every move monitored just seems like a little too much to me.
When you review internal control systems in place today, there are two basic tenants to those systems. One, most employees want to do the right thing and two, those employees who don’t will always find a way around the controls. That is why companies set up layers of preventative and detective controls. It is also why it is very important to emphasize the way employees can ask questions or report bad behavior. In one sense, using Google Glass to monitor employee activities is just the next logical step from having the ability for fellow employees to call in suspicions. One the other hand the U.S. has had a long standing tradition that you have the right not to incriminate yourself. At what point do we cross that line between appropriate internal control techniques and violating someone’s right to privacy?
If the world has become so complex that we have to monitor our employees’ every move just to have adequate internal controls, then I think we need to reevaluate what it means to have adequate internal controls. I believe there is a way to have an adequate internal control structure without making work into some Orwellian vision of the future. Before we go too far down the path of what technology can do, it is time to start the discussion on where internal control ends and privacy begins. Just because we can do something with technology, does that mean we must do it to have adequate internal controls? I for one, hope not.