Following the exceedingly publicized Enron scandal, legislative reforms, such as the Sarbanes-Oxley Act, have been undertaken as a response to the public uproar over corporate corruption. Even though the Sarbanes-Oxley Act underlines the rules to be followed in the post-Enron era, “it’s still up to the CIO to embrace and champion the new IT and corporate ethics" as Gartner INC. analyst Joe Bace says. According to Lisa Ferri, author of the article in question, IT ethics are not only a necessity – even obligation – but they are also key ingredients in the success and stability of any given enterprise. Ferri goes on by stating that a clear and effective ethics policy enables a CIO to manage and maneuver through difficult situations; such as: justifying actions that go against the chain of command; addressing employee behavior that may hurt the network; or blocking partner companies whose resources may include harmful files. In the first case Stephen Northcutt and Cynthia Madden mentioned in the IT Ethics Handbook that, when deciding upon which course of action to pursue in a systems audit situation, ethics must be utilized. In the second case, was it meant is that a sound ethical policy prevents employees from bringing faulty data into the network or overwhelming the infrastructure. In the third case, allies and partners today may also be rivals, and a defined ethical policy helps to avoid any political conflicts that may arise. However, in some situations, many CIOs make “rookie mistakes”, says Meta Group analyst Maria Schafer, such as: assuming that an ethics policy exists when in fact it does not, or not adhering to or being aware of it. In order to instate an ethics policy and resolve any further confusion, companies should start off by conducting an ethics audit, which entails a clear definition of what is ethical and what is not, as well as a detection of areas of possible malpractice. Steps to follow during this process may include clearly stating what constitutes a “conflict of interest”; making sure that all vendors are aware of a company’s ethics policy, and employees are dealing with information correctly; or, communicating with employees and getting their feedback/input on where weaknesses lie; or, reviewing accounting systems to make sure they meet the terms of the Sarbanes-Oxley Act. Nonetheless, in Joe Bace’s point of view, the most significant element of all in the implementation of an ethics policy has to do with mindset. In other words, companies are obliged to establish a “zero tolerance” culture so as to enforce and ensure ethics. To facilitate this shift of culture, two strategies are offered: The Three Strike Rule and The Whistleblower Environment. The former consists of giving a warning to an employee the first time he/she is caught mishandling information, a reprimand on the second, and firing them on the third. The latter obliges employees, who witness their coworkers behaving in an unethical manner, to confess or report such actions. Ferri ends her article by asserting that freedom is a CIO’s ultimate reward for developing a solid ethics policy. At that point, rules and regulations must be known by the organization and its employees, and they must act accordingly. One way of keeping track of ethical conduct is to use “automated governance tools” which monitor employees’ activity on the network; thus, allowing the CIO to spread responsibility the information environment throughout the company.