Monthly Archives: November 2013

NCIS – Boston edition

What do you do with an employee who is highly self-motivated to be productive and helpful?  Can they be a higher risk than the run-of-the-mill slug who is just working for a paycheck?

Might it be that the slug is more motivated to obey the rules (and keep his/her job) than the overly motivated employee?

“Crime Lab’s Ex-Chemist Is Sentenced,” Wall Street Journal, November 23-24, 2013 A2

A former crime lab chemist in Massachusetts responsible for checking drugs seized at the scene pled guilty to tampering with evidence, obstruction of justice, and fudging her resume.  Was she bribed? Was she bent? No, she just wanted to be more productive.  Apparently, insufficient controls in place until responsibility for the lab was shifted from the health department to the public safety agency.

Leave a comment

Filed under Business Case, Controls, Data quality, Governance, Information, Internal controls, Legal, Operations, Requirements, Risk, Use, Value

Toto? We’re still in Kansas. I think.

Have you ever misplaced your airport?

A Boeing 747 mistakenly lands at wrong airport.

Do you have controls to prevent this?  Are those information controls?  Or something else?

“Boeing 747 Get Lost in Kansas,” Wall Street Journal, November 22, 2013 B1


Leave a comment

Filed under Uncategorized

Did you get the old brakes the shop replaced?

How do you verify that your suppliers actually supply you with what for which they bill you?  Make sure to get your old brake pads.

“Caterpillar Probed for Dumping,” Wall Street Journal, November 22, 2013 B1  Allegations that replaced parts were dumped at sea to avoid discovery.

Oh, and by the way: the Clean Water Act prohibits the unpermitted discharge of a pollutant into the waters of the US.  Did you have a permit?  Does your contractor?  Have you arranged for the illegal disposal?

Where’s the information in this vignette?  Where are the controls?

Leave a comment

Filed under Business Case, Controls, Discovery, Information, Internal controls, Legal, Operations, Requirements, Risk, Third parties, Use, Value


I generally avoid linking to posts on the opinion pages of the Wall Street Journal, to avoid getting embroiled in politics.  But this one is worth a departure.

What if you had an employee who claimed to work for the CIA and needed paid time off to handle CIA matters?  For 23 years?  Long periods of time off the radar screen but still receiving a paycheck?  And submitting expenses for extensive and expensive trips out of town.  Claims of malaria and Vietnam service to justify request for handicapped parking space.  None of these claims were true.

The Inspector General says this was the result of “an absence of even basic internal controls….”  Cost: $900K+.

Could this happen to your company?  What controls do you have in place to prevent it?

“The ‘Spy’ Who Fooled the EPA,” Wall Street Journal, November 22, 2013 A14

Leave a comment

Filed under Business Case, Controls, Definition, Governance, Information, Internal controls, Operations, Protect assets, Risk, Use

A Mixed Grill

Some additional information-related tid-bits from today’s Journal:

Even where an employee is below the numerical exposure threshold established by OSHA, you may still be liable under OSHA’s general provision. “Battle Over Risky Chemicals,” Wall Street Journal, November 21, 2013 B1

Availability of price information eliminates the need for commissioned car salespeople. “Say Goodbye to the Car Salesman,” Wall Street Journal, November 21, 2013 B1

Removing your security tags increases shoplifting.  “Shoplifters Took Toll On Penney Amid Shift In Security,”  Wall Street Journal, November 21, 2013 B1

Getting your employees’ police records a non-no in France.  “French IKEA Unit Is Probed,” Wall Street Journal, November 21, 2013 B3

Searching potential employees’ Facebook profiles can be problematic. “Social Media and Bias in Hiring,” Wall Street Journal, November 21, 2013 B4

Among others.

Leave a comment

Filed under Business Case, Definition, Governance, HR, Information, IT, Legal, Operations, Privacy, Records Management, Requirements, Risk, Security, Use, Value


“[T]he burgeoning business known as political intelligence…”

If you get an early head’s-up on an upcoming government policy change, it is either a crime or it’s not, depending whether an employee at a government agency told you or whether you got it from a congressional aide.

“Insider-Trading Probe Hits Wall in Capitol.” Wall Street Journal, November 21, 2013 A1

Determining whether someone leaked confidential information “is probably the toughest and most challenging issue” says co-chief of SEC enforcement division.  Or is it just better fact-gathering from publicly available information and better analysis?

Trading by congressional officials based on what they learned in their official duties is illegal.  But tipping by them (i.e., telling others) may not be.

So, different rules inside the Beltway. Go figure.

Leave a comment

Filed under Business Case, Communications, Controls, Governance, Information, Internal controls, Legal, Requirements, Risk, Third parties, Value

Ethics are situational

“Attorney on Stand in Chevron Trial,” November 20, 2103 B9

Well, at least, he says, he didn’t bribe the judge.  But ex parte contact with the independent, court-appointed expert and ghost-writing portions of that expert’s opinion – which would have been unethical in the US – was okay by him, although they refused to explain it.

I seem to recall an old legal principle, in the Hazel Atlas case as memory serves, that fraud in the application process – in essence fraud on the governing authority – vitiates a patent.  So what about the $19 billion judgment against Chevron (later cut in half)?

Okay, so where’s the information slant? Ghost-writing has risks? Entries in his diary, emails he sent, and outtakes from a documentary film that some say are “evidence of a conspiracy to defraud Chevron” or, arguably, the court.

Would your information governance/management policies and procedures have prevented “this,” whatever “this” is?  If not, why not?

Leave a comment

Filed under Business Case, Content, Controls, Definition, Discovery, Governance, Information, Legal, Policy, Requirements, Risk

SEC culture

“SEC Staffer Is Charged In Probe Into Holdings,” November 20, 2013 C3

I mentioned this investigation the other week.  But the points bear repeating, where compliance fails and information is hidden.

What’s the culture in an organization in charge of monitoring others, where one of the compliance examiners was charged with three counts of criminal false statements due to his false certification re stock ownership.  Alleged conflict of interest that might “‘appear to compromise his integrity.'” Violated SEC’s internal policies.  Looking at 15 years in jail.

He allegedly transferred to a joint account stock he could no longer hold in his own name when SEC rules changed in 2009.

So, even though there are legal prohibitions on the conduct, you have strict policies against the behavior, you have a process for certification by employees of their compliance, and you try to be selective in hiring compliance officers, an employee still (1) hides stuff and (2) lies.

What do you do?  Change policies? Monitor employees more closely, more often? Or is the root cause (I truly hate that term) a management culture that allows this behavior?  Does his boss face additional scrutiny/penalty? Would the response be different if the misdeed was done by a corporate employee regulated by the SEC?

Leave a comment

Filed under Business Case, Compliance, Controls, Culture, Governance, Information, Internal controls, IT, Legal, Policy, Requirements, Risk, Value

Is a final draft one or the other?

In negotiations, it is common to work through several drafts before you get to the final draft, which is submitted to the higher-ups for final approval.

So the question came up whether you can have 6 weeks of paid family leave. One party’s higher-ups approved a final draft that included a provision including the leave.  The other party’s negotiators says the provision was left in due to clerical error.

Is this an information governance/management problem? If so, what practices and procedures do you follow to prevent it in your dealings? Is it enough to have a provision that says “no deal on anything until there’s approval by the higher-ups of a deal on everything”?  How do you deal with the issue if the negotiations continue?

“Fresh Dispute Mars Bay Area Transit Deal,” Wall Street Journal, November 19, 2013 A6

Leave a comment

Filed under Business Case, Content, Controls, Governance, Legal, Operations, Policy, Protect assets, Risk

Doctors and information

The Journal did a report on information and health care today, in Section R.

Some of the information points covered:

Worth a look.

Leave a comment

Filed under Business Case, Data quality, Definition, Governance, HR, Information, Knowledge Management, Operations, Privacy, Use, Value