Monthly Archives: December 2013

Can you govern or manage without understanding the basic technology?

As importance as digital information is in today’s business, can you really manage an enterprise without a basic understanding of the technology in use?  Any millennials in your customer or employee base?

“Bosses Learn Not to Be So #Clueless,” Wall Street Journal, December 18, 2013 B7

I recommended to my boss several years ago that he should hire a high school student with purple hair and piercings to school him on how to use email; I could teach him, but it might be easier for him to have someone he didn’t work with do the teaching.

A growth industry, teaching the Silverbacks what Facebook is, or how to use their iPad.

Leave a comment

Filed under Duty of Care, Governance, Operations, Use

Books and Records

Between SAC’s insider trading, the Obamacare snafus, NSA disclosures, and OTC glitches, one might think it’s hard to pick a winner in the year-end information governance sweepstakes.  But J.P. Morgan is in a class by itself, having paid billions for, among other things, the sub-prime mortgage crisis, hiring practices in China, and Bernie Madoff.

I guess its relationships with the government aren’t yet on the mend.  “J.P. Morgan Sues FDIC Over WaMu,” Wall Street Journal, December 18, 2013 C1

Apparently, in the scrambling to document the deal urged on it by the FDIC, J.P. Morgan didn’t clearly document who’d be responsible for claims attributable to WaMu’s pre-deal actions.  The documents fail to define “Books and Records.” I guess those terms need definition.  I also guess $18 billion in legal fees doesn’t cover definitions.

Do the deal documents you do under time pressure measure up to the task?  Is this an information governance point?  Does J.P. Morgan not sweat the small stuff?  Is there a culture?

Leave a comment

Filed under Business Case, Controls, Definition, Information, Internal controls, Legal, Operations, Risk, Use, Value

Does transparency affect behavior?

“Drug Firms Curb Ties to Doctors,” Wall Street Journal, December 18, 2013 B3

Glaxo changing a key marketing practice: paying doctors to promote certain drugs, including paying “influencers” to speak about (i.e, promote) the drugs.

Why are they stopping? Is it due to last year’s scandal involving Glaxo, alleging illegal promotion and withholding data, resulting in a $3 billion fine?  Is it because of the charges in China that Glaxo was bribing doctors and hospitals to sell more, higher-priced drugs?


Or is it due to another paragraph in the article, pointing out that due to regulatory changes, beginning in 2014 drug companies need to report those payments to the government, which would post the results online?  If you’re doing something that you don’t want others to know about, should you ask yourself why?

Sure, you can keep trade secrets secret, and keep your profit margins confidential (unless you are contracting with the government).  But what about secret payments?


Leave a comment

Filed under Business Case, Definition, Information, Legal, Ownership, Requirements, Risk, Value

Front page three-for

Today’s Wall Street Journal had three information-related articles on the front page.

“Judge Slams NSA Phone Surveillance,” Wall Street Journal, December 17, 2013 A1 A US District Court judge ruled that the wholesale collection of phone records was almost certainly unconstitutional. The ruling is stayed pending appeal. Privacy and warrants and searches.

“Energy Websites Fend Off Assaults,” Wall Street Journal, December 17, 2013 A1 Too many people are asking for too much access to Energy Department economic reports.  2000 users blocked.  Earlier WSJ articles had discussed how some traders were gaining a trading advantage in the markets by getting quicker access. Information value is a function of accuracy + timeliness.

“Firms Aim To Control Internet’s Backbone,” Wall Street Journal, December 17, 2013 A1 Google and Facebook invest in infrastructure, competing with telecoms. Who controls access to all the information on the Web? Is the internet a public utility?  Who runs it?

Leave a comment

Filed under Business Case, Compliance, Definition, Governance, HR, Information, Interconnections, IT, Legal, Operations, Ownership, Privacy, Requirements, Security, Use, Value

Drinking from a fire hose

What’s the main problem with Big Data?  It’s Sooo Big.  So filters are important, to sort the wheat from the chaff.

400 million+ tweets is Big, and some of it is good info about companies and, therefore, companies’ stock value. But which?  How about the tweets from people who’ve successfully picked stocks in the past?

“Investors Seek Tips Via Tweets,” Wall Street Journal, December 16, 2013 R4

The focus turns to the “influencers,” those traders with a good track record.  Is there a chance that this “system” may be gamed?

Leave a comment

Filed under Controls, Data quality, Definition, Information, Value

Apologies, Joni

“Don’t it always seem to go
That you don’t know what you’ve got
‘Til it’s  gone”

— Joni Mitchell, “Big Yellow Taxi” (She just turned 70!)

One of the interesting aspects of information is that you often don’t know what you don’t have any more, because you still have it.

“Officials say U.S. may never know extent of leaks,” Houston Chronicle (by way of the New York Times), December 15, 2013 A4 

The NSA is struggling to determine what, exactly, Edward Snowden made off with.  Part of the problem is that he hid his tracks, and had access to so much information.  Reportedly, the NSA has to wait to learn from reporters what is about to be disclosed, and develop damage containment plans in a hurry. 

So, one control is hiring the right people and contractors; another is doing a security check on people who had administrative access; another is having technology that prevents people from accessing what they shouldn’t be accessing (Nancy Sinatra?); and another is having technology that keeps track of what people actually get access to (even if they use someone else’s ID).  Then at least you can respond somewhat intelligently when the information is compromised and dribbled out in public.

I thought you couldn’t do torture?

Leave a comment

Filed under Business Case, Business Continuity, Controls, Information, Internal controls, IT, Operations, Ownership, Risk, Security, Third parties, Value

3 plus 1

Three blurbs, and a thought piece.

Cost of not getting information right the first time. “Errors Continue to Plague Health Site,” Wall Street Journal, December 14-15, A1 (People may not know they need to refile until after they go to doctor).

Background checks on third party’s contractor matter. “Supposed Translator Said to Have Police Record,” Wall Street Journal, December 14-15, A11 (Translator standing a step from the President reportedly had a violent past).

Vital records debunk conventional wisdom (or “Who really built that?” or “It’s not what you don’t know that kills you; it’s what you do know that just ain’t so.”).  “Country Clubs Dig Up Their Histories,” Wall Street Journal, December 14-15, A16 (Documents in safe establish who designed 100-year-old golf course – why do we keep stuff like that?).

How do we learn?  Yes, there’s teaching, but what if students don’t really listen?  What about a study of the mistakes of others?  Are they the second-most important learning tool?  Investors are asking more questions and demanding more data to confirm that they aren’t dealing with the next Bernie Madoff.  “Post-Madoff, Clients Ask Tough Questions,” Wall Street Journal, December 14-15, B9  And how do you know what information will turn out to be important later? (see prior paragraph – what do you know that just ain’t so?)  The study of mistakes (yours and others’) is the essence of knowledge management.  Trust but verify.

Leave a comment

Filed under Business Case, Controls, Definition, Information, Knowledge Management, Records Management, Risk, Third parties, Value

How do you hide?

You’re a business that is build largely on your reputation for trustworthiness, in an industry built on reducing risk for its customers through better analysis.  Through a series of missteps, you’re in the news a lot following illegally profiting off of misuse of confidential information.  How do you fix it?

Change your name. (even though it’s your founder’s monogram).

“SAC Rethinks Relationships, and Its Name,” Wall Street Journal, December 13, 2013 C1

SAC has been in the news following allegations of insider trading and inducing employees of other companies to disclose confidential information.  So, in addition to paying a bunch of fines and returning money to its clients, why not change your name?  Maybe the Department of Justice will lose you in the shuffle.

What does a name mean, anyway?  Or is it a brand, tied to reputation?  What’s it worth? What are you selling, anyway?  Is your company’s name “information” that you want/need to manage?  Is this a job for the directors?

Leave a comment

Filed under Business Case, Business Continuity, Culture, Definition, Governance, Information, Investor relations, Operations, Protect assets, Risk, Use, Value

Too much content control

Is it possible to control your content too much?

To avoid violations of the US trade sanctions against a bunch of bad actors, companies often train people to be on the watch for “hot words,” words that indicate you may be about to engage in prohibited conduct including, for example, money laundering.  But what if some bright spark came up with the idea of removing those “hot words” from company correspondence, but otherwise continuing with the prohibited conduct?

That appears to have happened to Royal Bank of Scotland. “RBS to Pay Penalty Over U.S. Sanctions,” Wall Street Journal, December 12, 2013 C3  Cost: $100 million in fines.  And terminations for former head of regional banking services and the former head of the money-laundering compliance unit.  Still, no one went to jail.

So, do compliance programs teach people too much?  Is knowledge a dangerous thing?

Leave a comment

Filed under Business Case, Compliance, Content, Controls, Governance, Information, Internal controls, Legal, Requirements, Risk

Same song, different verse

Assuming you rely on the flow of information to run your business, you want to make sure that the flow is uninterrupted. If the flow of information is your business, even more so.  So you have a backup system.

But what happens when the flow stops and the backup doesn’t kick in?

“OTC Exchange Freezes As Glitch Hits System,” Wall Street Journal, December 11, 2013 C4  System out for 65 minutes in the middle of the trading day.  Second time in a month (the other one was five hours, so things are looking up).

So, you have a plan to preserve business continuity following a computer “glitch.” And you have backups. Is that enough?  What more can you do?  A fail-over system?

Leave a comment

Filed under Business Case, Business Continuity, Information, Interconnections, IT, Operations, Risk, Value