Monthly Archives: December 2013

Compliance’s long tail

£2.3 million fine for Barclays for failing to properly preserve emails from 2002 – 2012. didn’t take steps to laminate them, to prevent subsequent alterations. And other record keeping stuff. FINRA.

“Barclays fined £2.3m over record-keeping,” the Guardian (online),

How long before people figure out what compliance requires?

Leave a comment

Filed under Business Case, Controls, Internal controls, IT, Records Management, Requirements, Risk, Security

What if the requirements are unclear?

Somewhere on the road between governance and management, someone needs to determine what the requirements are. Then management develops ways to meet those requirements (whether they be legal or corporate), and to test and report how well the company is meeting those requirements.

But how can management do that if the requirements aren’t clearly stated? How can you govern to squishy requirements?

“New Kind of Stress Tests Big-Bank Outlook,” Wall Street Journal, December 30, 2013 (online)

The Federal Reserve is reportedly keeping the “real measures” of the stress tests to themselves, and not letting the banks or the investors know what they are.

Is this a failure of governance, or something else?

Leave a comment

Filed under Communications, Compliance, Controls, Definition, Governance, Information, Requirements

What happens when your brand is damaged?

One risk of poor compliance is jail; another is fines; a third is reputation damage.

A fourth is loss of key employees, who prefer to peddle their papers elsewhere. How much would that hurt?

“SAC Portfolio Managers Moving to Rival,” Wall Street Journal, December 28, 2013

Leave a comment

Filed under Business Case, Business Continuity, Compliance, HR, Operations, Risk

Quality v. Quantity

What happens when the information the regulator relies on is unreliable? Plus or minus 10% in the swaps market. How do you regulate what you can’t measure? What’s $40 trillion between friends?

“Inaccurate Swaps Data Bedevil Regulator” Wall Street Journal, December 27, 2013

Leave a comment

Filed under Business Case, Controls, Data quality, Information, Risk, Value

The Mountain came to NSA

Can you have too much information? how do you filter out what you really need from what you want (I.e., everything)?

NSA Struggles to Make Sense of Data Flood

Leave a comment

Filed under Data quality, Information, IT, New Implications

Unwanted memories?

A bit of a detour.

What about information you no longer want to have? Not of a white T-shirt with a barbecue stain, but of something else?

Researchers are now looking at a way to erase memories. If the memory was relevant to a lawsuit, would you be guilty of obstruction of justice?

“Unwanted Memories Erased in Study,” Wall Street Journal, December 23, 2013 online

Leave a comment

Filed under Controls, Information, Internal controls, New Implications, Ownership

Training your new puppy

How do you train a new puppy not to do something you don’t want him or her to do?

Step 1: Catch him or her in the “prohibited act.” Tell him/her “No” in a strong voice.

Step 2: Catch him or her in the “prohibited act.”  Explain that Daddy/Mommy doesn’t like that.

Step 3: Catch him or her in the “prohibited act” and quickly take him/her outside.

Step 4: Catch him/her in the “prohibited act” and pop him/her with a newspaper across the nose. [This may not be politically correct.]  Repeat as necessary.

“Phishing still hooks energy workers,” Houston Chronicle, December 22, 2013 D1  Companies that have told their workers not to open suspicious emails (Step 1) because of the risk of data compromise (Step 2); the companies then tell the employees that the company sends fake phishing emails to see who, internally, will click anyway (cute cat pictures seems to work), and then counsels those who still click (Step 3). Reduce carpet damage from 56% to 10%.

What do you do with the few who just don’t get the message and continue to open the test emails?

Got a newspaper?

Leave a comment

Filed under Business Case, Communications, Controls, Governance, Internal controls, IT, Policy, Protect assets, Risk, Security