This conference, held at the Radisson Airport Hotel in Columbus, Ohio on May 9, 2001, covered all areas of employment law, law enforcement, and the roles of policy and technology in liability and risk management.
The following is a statement of position on the topic. The 30-minute talk can basically be summed up thus:
The question of how to manage risks online is not fundamentally different from the question of how to manage risks offline. At the most fundamental level, organizations must trust their employees to some degree. Particularly in an information economy, the value that workers provide their companies is not in how quickly they can pull a lever on an assembly line, but in how well they can use their minds to identify and to address the challenges faced by their organizations.
Management models based on the idea that The Company knows all and requires its workers only to follow The Plan are completely unworkable. Employers who use technology to keep a constant, watchful eye over their employees' proverbial shoulders send an implicit but clear message to their employees: ``you are not to be trusted''. This is detrimental to morale, reduces the quality of work, and makes it difficult or impossible to hire top talent.
Our most successful organizations today are agile and dynamic, where people can and do make a difference at all levels of the organization.
People naturally look after their own interests. Organizations that tie their employees' success to their own and give their employees a sense of ownership motivate their employees to act in the employers' best interests.
Management needs to understand that although it might be ``in charge'', it is by no means ``in control'' of the organization. Control of the organization lies in the hands of the individuals with access to information---the keys to the kingdom in our economy.
Rather than spend precious time and working capital monitoring people in an effort to ensure that employees behave themselves, organizations need to spend their resources managing their systems, ensuring that they articulate their systems' functional and operational requirements, audit their systems for compliance, and ensure that the set of risks that they're managing on a day-to-day basis is the set of risks they've agreed to manage.