Everybody has a duty

“Former SunEdison Executives File Suit,” The Wall Street Journal, February 25, 23017 B3.  Company allegedly told a different story to investors than it was discussing internally, and managers were instructed to make more optimistic projections.  Two executives took their concerns to the Board, and were then replaced.

Employees have a duty to report concerns upwards.  The company has a duty to its shareholders and to the market to disclose material information.  Directors have a duty to the corporation and its shareholders to provide oversight and to handle reports of wrongdoing appropriately.

Watch this space.  A chance for a Maryland court to look at Caremark, a Delaware case dealing with a director’s duty to provide oversight, and how derivative actions get decided.

 

Leave a comment

Filed under Board, Compliance, Corporation, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Investor relations, Oversight, Supervision, To report

Six months

How long would it take your internet service provider to notify you that a bug on its systems was leaking your data?

“Data Leaked on Web for Months,” The Wall Street Journal, February 25, 2017 B1.  Cloudfare announced it had had a bug since September 2016, affecting its webservers, and leaking data from some of its 6 million customers.  Unclear what was leaked, and to whom.  Cloudfare handles 10% of the world’s web traffic.

Who at Cloudfare knew what, and when, and more importantly, who should have known more, sooner, and disclosed it?

Leave a comment

Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Governance, IT, Managers, Oversight, Protect assets, Protect information assets, Security, To report

Lipstick on a pig

As The Wall Street Journal says, “In these days of alternative facts, some companies are pushing alternative accounting.” “Watch Out for ‘Tailored’ Results,” The Wall Street Journal, February 24, 2017 B12.

When a company departs from the usual way of reporting something (watch for “non-GAAP”), it may not be to provide you deeper insight.  But you knew that.

Leave a comment

Filed under Accuracy, Analytics, Board, Communications, Compliance, Compliance, Corporation, Data quality, Directors, Duty, Governance, Inform market, Inform shareholders, Investor relations, Oversight, Oversight

Making a hash of hash

“Hashing” a document has been a lynch pin of document security for most of the digital age.  It uses an algorithm to create a unique identifier for a digital document.  Useful for things like computer security and ediscovery.  Perhaps time has moved on.

“Google Team Cracks Web Security Shield,” The Wall Street Journal, February 24, 2017 B4. The SHA-1 algorithm was cracked, allowing the creation of two different  documents with the same hash value.

Alternatives in the works.  Watch this space.

Leave a comment

Filed under Access, Accuracy, Business Case, Controls, Duty of Care, Governance, Internal controls, IT, New Implications, Oversight, Protect assets, Risk, Security, Third parties

Trade Secrets

An employee leaves Company A and starts a new one, Company B, which is in turn acquired by Company C, a competitor of Company A.  Company C develops a laser sensor for self-driving cars.  Company A sues, alleging the employee downloaded 14,000 files before departing, including information about laser sensors and supplier lists and manufacturing details.

“Alphabet Sues Uber Over Trade Secrets,” The Wall Street Journal, February 24, 2017 B3.

How do you protect the company’s technology jewels?  How do you limit and track access?  How do you ensure that a new employee isn’t bringing something he or she shouldn’t have?  How did the directors and managers allow this to happen, at both Company A and Company C?  Is this information no longer a trade secret because Company A didn’t protect it well enough?

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Management, Managers, Oversight, Ownership, Protect, Protect assets, Security, Third parties

Exclusion

Is this just politics, or is it information governance?

“Media Outlets Barred at Briefing,” The Wall Street Journal, February 25, 2017 A3.  Journalists from several major media organizations were barred from a press gaggle on Friday.  The event was still attended by the designated TV and radio pool reporters.

The media was outraged, on both wings.

But look at this deeper, through an information governance lens.

Who “owns” the information being produced?  Whose obligation is it to inform the shareholders?  Does the White House have a duty, or is this just how things have always been done?

Does the White House have the power to exclude certain reporters or media outlets?  Apparently. What would happen if all reporters were excluded, and the press briefing and media handouts moved to the internet?  Would anybody but the media notice or care?

 

 

 

Leave a comment

Filed under Governance, Controls, Access, Duty, Government, To report

Housebreaking a puppy

Governance, whether it’s information governance or just plain governance, requires that you punish those who get caught breaking the rules.  Otherwise, the rules are more like guidelines.  And as when housebreaking a puppy, you should apply the “correction” as close as possible in time to the occurrence of the “breach.”  That includes supervisors.

“Wells Fires 4 Senior Managers Over Sales Practices,” The Wall Street Journal, February 22, 2017 B1.  Now-former Wells Employees include the Chief Risk Officer for retail banking, an executive in Arizona retail banking, a consumer-credit executive (formerly a Los Angeles retail banking executive), and a retail banking strategy and finance executive.  This follows the hold-back of 2016 bonuses for the new CEO and the CFO.  And a fine of $185 million and the termination of 5,300 other employees.  The alleged misdeeds at Wells began in 2009 or 2010.

Better late than never.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Management, Managers, Oversight, Oversight, Supervision, To report