Monthly Archives: February 2014

It’s all about networks.

Connectors are critical in a network. Who creates the link between Sally and Sam? But so, too, influencers are important as well. Who sets the styles and the tone?

Employers are looking at their employees and seeing who’s the best-connected, and who people rely on and trust. And the employers are willing to pay more to those who are better connected and more influential.

“The Boss’s Next Demand: Make Lots of Friends,” Wall Street Journal, February 12, 2014 B1

Leave a comment

Filed under Information, Knowledge Management, Value

How many releases?

Yesterday I posted a blurb on Barclays, and the release just a few days before their results.  The release (hereinafter “the second release”) disclosed the earlier release (hereinafter “the first release”) of a bunch of client information, including passport numbers and national insurance numbers (in the UK).  I questioned the timing of the second release about the first release, coming as it did just days before the Tuesday release (hereinafter “the Tuesday release”) of Barclays’ results, scheduled for today, Tuesday.

Well, rolling the tape forward, apparently the numbers that Barclays was going to release on Tuesday leaked over the weekend, so Barclays was forced to release their Tuesday release on Monday.  I guess that’s the Monday release.

How much does this affect their brand?

“Barclays Posts Results A Day Early – Yet Late,” Wall Street Journal, February 11, 2014 C3

I think there’s a pattern developing. Who’s leaking it? How? Why?

Leave a comment

Filed under Business Case, Controls, Governance, Information, Internal controls, IT, Risk, Security, Value

Banking data

I was sorely tempted to pick the dumb starbucks story, and the scope of the parody/fair use exemption.  Can you use parody to sell an otherwise infringing product?  Good luck,  “‘Dumb Starbucks’ Creates a Stir in L.A.,” Wall Street Journal, February 10, 2014 B3

But no.  Instead I picked “Barclays Probes Alleged Leak of Customer Data,” Wall Street Journal, February 10, 2014 C3 Documents from a business Barclays closed in 2011 were given to a newspaper last week.  At issue, documents, such as passports and national insurance numbers, vintage 2008, on up to 27,000 people who asked for financial planning advice.

Lessons Learned:

  • Be careful what you keep.
  • Even if it’s no longer online, it’s still at risk.
  • Banks manage money better than information
  • People love to spill the beans two days before your company is to release financial results.

Does someone have an ax to grind?

Leave a comment

Filed under Business Case, Controls, Duty of Care, Governance, Internal controls, Privacy, Protect assets, Records Management, Risk

Snowden Daily Double

Two blurbs, from page A3 to the Houston Chronicle, February 9, 2014.

First, “Media reveals secrets in error,”  Edward Snowden leaked a bunch of NSA documents to news media.  The news media has been keeping a lid on some of those.  Now, however, several news agencies inadvertently released the names of a intelligence target abroad and the names of several workers at the NSA.  Oops.  Multiple errors.  I guess they can’t keep secrets, either.

Second, in the adjoining column (in the print edition), “Snowden’s low-cost tool foiled NSA,”  Highlighting again the IT security wisdom is that the biggest threats are internal, investigators find that Edward Snowden inserted a web crawler inside the NSA’s systems to automatically check for and copy/download interesting items. This should have been “easily detected.”  I guess our secret squirrels were snoozing.  But it raises the question: do our systems protect us against this?


Leave a comment

Filed under Business Case, Controls, Governance, Information, Internal controls, IT, Protect assets, Risk, Security, Third parties

Constitutional guidelines

So, you have your employees and contractors sign an agreement that they will not disclose certain super secret stuff.  Alas, one of them breaches his contract and discloses it.  To a newspaper reporter, no less.  Is the reporter “an aider, abettor and/or co-conspirator” in that employee’s breach of contract?  Normally, no.

“Guilty Plea in Leak Of Intelligence Files,” Wall Street Journal, February 8, 2014 A3 Employee here is/was Stephen Kim, formerly a State Department contractor.  The reporter is/was James Rosen, whose phone and email accounts were search by the government.

Lesson(s) Learned.

  1. Contracts are not a 100% effective control against dissemination of information.
  2. Privity of contract not required for abetting a breach of contract.
  3. The First and Fourth Amendments are not really rules; they’re apparently more like guidelines.

Governance involves an obligation to follow the applicable rules.


Leave a comment

Filed under Business Case, Controls, Governance, Information, Internal controls, Legal, Ownership, Requirements, Risk, Third parties

Information on parade

  • Insider-Trading conviction for Martoma.  Trader who fudge transcript and got expelled from Harvard Law found guilty. Wall Street Journal, February 7, 2014 A1
  • People lie.  Japanese composer has symphonies ghost-written. And he may not be deaf. Wall Street Journal, February 7, 2014 A1
  • What’s the risk of proceeding on less-than-perfect information? Ask the developer in Miami who starting building before the archaeological work was complete. Wall Street Journal, February 7, 2014 A3
  • It’s not nice to mess with Uncle Sugar. US Investigations Services, accused of defrauding US on review of security clearances, loses a big chunk of business, despite having those involved.  Wall Street Journal, February 7, 2014 A4
  • Tit for Tat. Diplomat swears! “U.S. Blames Russia for Leaking Profane Call,” Wall Street Journal, February 7, 2014 A6
  • Internet=no more good pizza. Without digital orders, Mom and Pop can’t compete. Wall Street Journal, February 7, 2014 B1
  • Open mouth, change feet. AOL CEO has problems communicating with employees. Wall Street Journal, February 7, 2014 B1
  • Saving money by requiring suppliers to bill electronically? Target breach started with breach at a supplier of refrigerators. Wall Street Journal, February 7, 2014 B6
  • Unequal access to information tilts the playing field in the market. Wall Street Journal, February 7, 2014 C1

Leave a comment

Filed under Business Case, Controls, Culture, Definition, Governance, Information, Interconnections, Internal controls, Investor relations, IT, Operations, Risk, Security, Third parties, Use, Value

Flight information

Another piece on information in action.

I am old enough to remember changing flights without a fee.  Maybe the flight was more expensive.  Those days are gone.

Information cuts both ways.  You make your reservation months ahead of time, saving some bucks.  Then the airline changes its schedule for the flight.  You can accept the change, despite its inconvenience and additional costs of such things as rental cars, but that’s not the airlines’ problem.

Could airlines be making these schedule changes to maximize their revenue from change fees?  $2.7 billion in FYE 2013.  They wouldn’t do that, would they?

“You Take This Itinerary and Like It,” Wall Street Journal, February 6, 2014 D1

Leave a comment

Filed under Controls, Definition, Information, Operations, Use, Value

Putting information to work

In the world of Target’s credit card breach, NSA, Neiman Marcus, JP Morgan, and others, it’s easy to lose sight of the role of information in a business.

In my class at Rice, we’ve now moved beyond a basic understanding of compliance, risk, and the applicable laws and policies and on to a discussion of information in action.  “I was gambling in Havana, I took a little risk ….” W. Zevon.  There’s certainly value in meeting the organization’s obligation to comply with law and policy, and manage risk, but there’s more value in getting the right information and using it to your advantage.

Which brings me to Kam Pek, in Macau.  A casino that has focused on the lower end of the market, managing to leverage a lot of small gamblers into a huge monthly revenue (increase from HKD 9million to HKD 100million since 2007).  The casino stripped away some of the glitz (it is Macau, after all), reduced staffing through use of technology, and built an impressive margin.

Where’s the information in all of this? Well, part of it is from exploiting the regulations, which impose a limit on the number of tables but which counts electronic gambling machines as a fraction of an entire table.  Rather than trying to squeeze more revenue from a gambler, they use technology to use one employee to deal to 112 gamblers at machines, rather than to 9 gamblers at a table.  This allows them to reach more gamblers at a lower cost.  Even at a lower minimum bet, they’re able to generate more revenue.

Isn’t business built on exploiting information more efficiently than the competition?

“The Cheapest, Richest Casino in Macau,” Wall Street Journal, February 6, 2014 B1

Leave a comment

Filed under Definition, Information, Legal, Operations, Requirements, Use, Value

Isn’t it obvious?

It’s hard not to blog about the continuing discussion of Target’s credit card breach, given the testimony of Target’s CFO yesterday.

But I will try.

Okay, you’re in the sports business.  Shoes, jerseys, and the like. Your competitor is, too, although he/she doesn’t compete across the entire line of products you offer.

But you both are selling wearable devices to help users monitor their progress on their individual fitness journeys. What happens if your competitor’s approach resembles yours? Just sue it.

“Adidas Sues Rival Under Armour.” Wall Street Journal, February 5, 2014 B9

Adidas alleges Under Armour infringed Adidas’s 10 patents relating to “real-time workout data transmission and automated route mapping” in Adidas’s miCoach system, and that Under Armour’s director of innovation and research (formerly senior innovation engineering manager at Adidas) knew of Adidas’s patents.

What are the risks of hiring the senior innovation engineering manager from your competitor?  Does your Code of Conduct prohibit employees from using proprietary information of their former employers? Is this unfair competition?  Or do you just do it?

Leave a comment

Filed under Business Case, Controls, Definition, Information, Internal controls, Knowledge Management, Ownership, Protect assets, Risk, Third parties, Value

Price of Autonomy

Say you’re getting ready to sell your company.  It would be “better” for you were your operating results for the past couple of years to be higher.  But the auditors would catch that, wouldn’t they?  That’s what they’re there for, right?

You recorded revenue from contracts unlikely to be paid, recorded deals before they were final, and booked deals without a buyer.  In the restated numbers, your revenue for one year was reduced 54%, and your operating profit went down 81%.

Does the buyer of your business have a cause of action, when they say the value of the business bought was $2.2 billion less that what the (now restated) financials would have justified?  Do you have some ‘splaining to do to the government investigators in the UK and the US? Is your defense that the adjustments due to an accounting dispute were too small to worry about?

“H-P Audit Alleges Autonomy Errors,” Wall Street Journal, February 4, 2014 B6

Leave a comment

Filed under Business Case, Controls, Information, Internal controls, Risk, Third parties, Value