Analytics are one way through massive collections of information.  But do they taint the results?

“Algorithms Aren’t Biased, Coders May Be,” The Wall Street Journal, October 15, 2016 A2.  Coders may include hidden or unconscious biases in the metrics they select, which affect the reliability of the “decisions” algorithms make for you.

Can you rely on a black box too much?  Do you understand the devices you use and how they work?  Does somebody?  Can you provide oversight of a process you don’t understand?

Leave a comment

Filed under Accuracy, Analytics, Controls, Governance, Internal controls, Management, Oversight, Reliance, Use

Does information governance include “crisis management”?

If “information governance” is how you go about managing the receipt, creation, use, storage, transfer, transmission, and disposal of all non-public information received or created in the course of a company’s business, then by definition the term touches upon how your company handles information in a crisis.

“Wells Fargo’s Botched Crisis Management,” The Wall Street Journal, October 14, 2016 A1.  Company and its senior management were excoriated for how they handled the account-shoving scandal.  Sure, over the years (3) they fired 5,300 employees, but the board didn’t know how many employees were fired until the outside regulators reported it.

How did senior management learn of the problem?  What did they do and when did they do it? How did they manage their receipt of that information?  How did they handle communications with the board, inside the bank, and the regulators?  And the press? Not well, one might surmise.  What impact on their brand?

I am not suggesting that the person (vel non) who “owns” information governance also “owns” crisis management, but certainly a poor crisis management response is one of the risks of poor information governance.  The consequences can be huge.  Did the board effectively oversee the operations?


Leave a comment

Filed under Board, Business Case, Collect, Communicate, Communications, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Inform shareholders, Information, Investor relations, Management, Oversight, Oversight, Risk, Use, Value

Tale of Two Cities

Tale one:  The CEO of Wells Fargo quit (or was fired) following the account-shoving scandal.“Wells Chief Quits Under Attack,” The Wall Street Journal, October 13, 2016 A1.  Despite the shareholder returns he oversaw, he gets sacked following illegal actions by his troops.

Tale two: The EPA employee responsible for the huge spill from a gold mine in 2015 won’t be charged with criminal violations of environmental laws. “Charges Not Pursued Over Spill in River,” The Wall Street Journal, October 13, 2016.  Guess he/she had good lawyers.  Hard to see a similar outcome for a corporate employee who caused such a large spill.  Not sure the EPA itself was sued for its employee’s behavior, as a corporation would have been.

Will other CEOs be fired following illegal conduct by corporate employees?  Will other employees skate from criminal charges after having caused huge environmental spills?  Or is it a case of “shareholders pay”?


Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight

Governance without governors?

“Consumer Watchdog Rebuffed by Court,” The Wall Street Journal, October 12, 2016 A1. A federal appeals court rejects the President’s appointment of a bureaucrat who can’t be removed by the President.  The Constitution prohibits that.

A big problem with information governance is that it often isn’t clear who’s responsible and who’s accountable for information governance failures. Yes, the corporation is accountable to the State (or the Fed, or third parties, or some or all of them) for violations of law by the corporation’s agents.  And the employees of the corporation can be fired (and perhaps sued) for violating the law or corporation policy.  And the directors can be removed (and perhaps sued) for breaching their duty to the corporation and the shareholders.  And the shareholders pay the price of corporate failures.

Who’s in charge of information governance at your corporation?  Does your charter establish that?  If not, who?



Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, Protect information assets

Those pesky contractors keep stealing my information!

One of the ways a company loses confidential information is through theft by contractors.  Watch that you are not engaging a recidivist.

“NSA Secrets Back in Spotlight,” The Wall Street Journal, October 6, 2016 A1.  The NSA hired a contractor (Booz Allen Hamilton).  One of the contractor’s employees is accused of stealing some NSA classified materials.

Who else worked for Booz Allen and, derivatively, the NSA?  Edward Snowden.

The good news is (1) there are no allegations of destruction and (2) Booz Allen has gained a lot of great crisis management experience, which it can hawk to its future clients.

The bad news, among other things, is that James Comey is not their friend.


Leave a comment

Filed under Access, Controls, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value, Vendors

Foxes and hen houses

Dodd-Frank says only independent directors can set executive compensation at some companies.  Does the fact that those directors also get paid to lobby for the company mean they are not independent?  Apparently, it is the Board that determines whether it’s directors are sufficiently independent.  And the Board knows that these folks do lobbying for the company, and aren’t concerned that the directors might tend to be more generous to the CEO who effectively pays both their salary and their consultants’ fees.

“Lobbyists Test Post-Crisis Rules For Boards,” The Wall Street Journal, October 5, 2016 A1.

What does it say about a company’s culture that the Board is a bit flexible on the whole “independent” thing?  Having lobbyists is fine, but do the same people really have the proper creds (both credentials and credibility) to be an independent check on CEO pay?



Leave a comment

Filed under Board, Compliance, Controls, Culture, Culture, Directors, Duty, Governance, Internal controls, Legal, Oversight, Oversight, Requirements

Three for all

What do you do when you have information that identifies a high-crime area, but to take action on that information may be viewed as racist? How can you use the information?  “Vegas Pits Data vs. Crime,” The Wall Street Journal, October 4, 2016 A3.

Better to state what your assumption were when answering questions from Congress, who may not understand the difference between operating profit and profit. Clarity of communications is key.  “Mylan Is Asked for More EpiPen Data,” The Wall Street Journal, October 4, 2016 B3.

Will blockchain provide information security?  Sort of like encryption.  Is this the next new information governance technology?  How will ediscovery work, where security is based on a long chain with a lot of math?  “J.P. Morgan’s Blockchain Project,” The Wall Street Journal, October 4, 2016 C1.

Leave a comment

Filed under Analytics, Board, Business Case, Collect, Communications, Controls, Corporation, Data quality, Directors, Duty, Governance, Information, Interconnections, Internal controls, IT, Management, New Implications, Operations, Risk, Security, Third parties, Use, Use, Value