Monthly Archives: October 2013

Visa by fraud

As a general rule, it’s a felony to lie in a government submission, if that lie was to influence the government’s action.  See 18 USC 1519.

Now, assume you want to get a visa for a foreign worker to come to the US.  If you do it one way, it costs $5,000 and takes months.  If you can fit it under another provision, it costs $160 and takes days. If fitting it under the second provision, requires playing a bit fast and loose with the truth,  there’s a price premium for that: $34 million.

“In Visa Case, U.S. Accuses Infosys of ‘Fraud and Abuse’,” Wall Street Journal, October 31, 2013 B1

The US originally pursued criminal charges (a conviction apparently affects your business reputation and your ability to get visas, which, if you’re an outsourcing company, is a big deal).

Lesson learned? What culture and internal pressures led to this? What controls would have prevented it?

Leave a comment

Filed under Business Case, Business Continuity, Compliance, Content, Controls, Culture, Governance, Information, Internal controls, Operations, Requirements, Risk, Value

A potpourri of headlines

“Expert Glitch Cued Talk, No Action, Wall Street Journal, October 31, 2013 C1 What if you have information of a problem, but do nothing but talk.  NASDAQ outage.

“J.P. Morgan Legal Woes Extend Into Oil Patch,” Wall Street Journal, October 31, 2013 C1 Do you have controls to keep you from leasing (or selling) the same asset to two different people? Oil lease in Texas.

“Big 4 Accountant to Buy Booz & Co.,” Wall Street Journal, October 31, 2013 C3 Build or buy? PwC buys Booz’s management consulting business. What value was put on Booz’s knowledge inventory and personnel inventory?

“Oil Prices Sink as Glut Grows,” Wall Street Journal, October 31, 2013 C4 Linkage between information on amount of crude oil in storage v. price.

Leave a comment

Filed under Business Case, Business Continuity, Controls, Information, Internal controls, Knowledge Management, Operations, Ownership, Risk, Use, Value

Where are my ‘Shrooms?

Wouldn’t normally be quick to link mushrooms in Estonia and information governance/management.

But I was struck by today’s article about the steps people go to to avoid disclosing where their mushrooms patch is.  Even to the point of implicitly insulting people (including close friends) who ask.

How do you keep secrets?  Is it more important to keep the secret than it is to avoid insulting friends or your daughters? Is it jealousy? How do you deal with these realities in the workplace? Are these akin to trade secrets, which, if not adequately protected, are lost? Passed down through generations.

Food for thought.

“Estonians Will Tell You Anything, Except Where the Mushrooms Are,” Wall Street Journal, October 31, 2013 A1

Leave a comment

Filed under Uncategorized

MOOC at 15% of cost

The front page of today’s Wall Street Journal has three articles that could have been the subject of this post: “Europeans Shared Spy Data With US,” “SAC Set To Admit Insider Trading,” and “Canceled Policies Heat Up Health Fight.”  Wall Street Journal, October 30, 2013 A1

But that’s not what I am going to highlight today.

“First-of-Its-Kind Online Master’s Draws Wave of Applicants,” Wall Street Journal, October 30, 2013 A7,

Georgia Tech’s MOOC (Massive Open Online Course) for a Master’s in computer science degree draws twice as many applicants in three weeks as the residential Master’s program does in a year.  Cost: 85% less than the $44,000 for the residential program. 79% of applicants were US citizens, versus 9% for the residential program.

Universities are clearly in the information (or perhaps knowledge) delivery business.  Does is surprise anyone that online delivery costs less?  Will the degree be equal in value? What controls does the university need to put in place to prevent gaming the system? Does this put a focus on testing rather than class participation? What are the plusses, minuses and interesting aspects of this?

Leave a comment

Filed under Business Case, Controls, Information, IT, Knowledge Management, New Implications, Security, Use, Value

Has the Cookie Monster left the building?

“Web Giants Threaten End to Cookie Tracking, Wall Street Journal, October 29, 2013, B5

As best I understand this, presently third-party data brokers analyze the cookie-tracking data generated by your trips to websites. Microsoft, Google, and Facebook are cutting out the middle-man and providing advertisers a different path to mining and using the data created by our trips.

Now, if you’re in the information business of analyzing cookie-generated data, this may come as a blow.  What’s worse, the Big Three (remember when that referred to car companies) can also analyze data from mobile smart phones, where cookies don’t work.


Leave a comment

Filed under Data quality, Information, Knowledge Management, Risk, Use, Value

Guys and Dolls

One money laundering control is the $10,000 deposit rule.  One problem with dodgy large-scale sports betting is that large sums of cash change hands.

“Cantor’s Bet on Gambling Proves Risky,” Wall Street Journal, October 29, 2013, A1

Cantor Fitzgerald has a sports betting business.  Its “chief bookmaker” pled guilty to accepting illegal bets.  Cantor’s gaming business now being investigated by, among others, the New York City Police Department, the US Postal Inspection Service, the US Treasury Department’s Financial Crimes Enforcement Network, the Federal Reserve Board, and the Nevada Gaming Control Board.

Were you to enter such a business, would you establish rigorous controls to make sure bags of cash weren’t flowing around and that people were not using your business to launder money? Would this be on your list of risks? What information-related controls would you set up?

Leave a comment

Filed under Compliance, Controls, Culture, Governance, Internal controls, Requirements, Risk, Third parties, Use

Cost of mishandling info?

Okay.  So somebody sees something important and reports it up the line in your organization.  Not a lot of paper, but also not a lot of demonstrable action on the information anywhere up the line.  What does it cost?

“Penn State to Pay $59.7 Million Over Sandusky Claims,” Wall Street Journal, October 28, 2013 (sorry no page number; delivery problem)

Is this in part (even a large part) an information governance or information management issue?  Or mostly a compliance & ethics issue? Or crisis management?

How much of this was attributable to culture?  And how much to a failure of controls? What if someone had created a paper trail early on of who knew what when and did what? (read that slowly).

Leave a comment

Filed under Business Continuity, Compliance, Controls, Culture, Definition, Governance, Internal controls, Operations, Policy, Risk, Value

A lesser or greater duty at nonprofits

Are the rules different for non-profits?

“Inside the hidden world of thefts, scams and phantom purchases at the nation’s nonprofits,” The Washington Post, October 26, 2013 Reports from nonprofits on the quantum of embezzlement and theft of assets.

Clearly, the nonprofits didn’t or don’t have sufficient controls to detect and prevent such fraud. Were these for-profit companies, one would expect the officers and directors to take some blame.  But is there a higher duty to protect the corpus when you’re the director of a nonprofit? Should there be? Do the nonprofits not have compliance and ethics programs like their for-profit counterparts?  If not, why not? If so, does this report raise serious questions about whether the programs are reasonably effective?

Leave a comment

Filed under Compliance, Controls, Duty of Care, Governance, Internal controls, Protect assets, Requirements, Third parties

We’re all in it together

“New Campaigns for Obama’s Voter-Data Team,” Wall Street Journal, October 26-27, 2013 A4

Story is about the people who helped the Obama campaigns to identify (through analytics) and mobilize (by optimizing ads and outreach and messaging) voters are now assisting other candidates.  The Republicans are using analytics to do the same thing for their audience.

Some people know they’re in an information business. But aren’t most businesses in that business as well, or at least dependent upon that business?  In addition to the compliance (with law and policy) aspects, how can you operate without understanding the role information plays in your business?  From educating and monitoring employees to capturing operational and financial information, we all do it.  Some better than others.  Which may be a competitive advantage.  What business doesn’t rely on information? Does this need to be (and to be recognized as) a core competency?

Leave a comment

Filed under Compliance, Definition, Internal controls, Knowledge Management, Policy, Requirements, Use, Value

Corporate death penalty case

As one looks at the information-related hazards, and the probability of their occurrence and the impact if they do, is revocation of your corporate charter on the list? Where is this on the Board’s radar?

“J.P. Morgan Criminal Case May Trigger OCC Action,” Wall Street Journal, October 25, 2013 C3

If J.P. Morgan is convicted of criminal money-laundering, the Office of the Comptroller of the Currency says it must hold hearings to determine whether to revoke the bank’s charter.  Oh, boy, that’s hard to explain to your former shareholders.  At issue is warnings the bank may or may not have received about Bernie Madoff. Page C3? Does this affect your settlement calculus?


Leave a comment

Filed under Business Case, Business Continuity, Compliance, Governance, Operations, Risk, Value