How rule-abiding the employees in a company are is geared to the company’s culture, which has an impact on how information is collected, shared, used, stored and disposed of. Are rules followed or are corners rounded? Who and what gets rewarded, and why?
Another factor in how information is used and controlled is the company’s structure. Who reports to whom and who’s responsible for what? How does reporting happen?
“‘Corrosive Culture’ Found at VA,” Wall Street Journal, June 28, 2014 A4 http://on.wsj.com/USNOTy The first paragraph reads,” A White House review of the VA points to a culture that degraded the timely delivery of care and requires a restructuring to improve transparency and accountability.”
Is your company’s culture corrosive when it comes to compliance topics? Are you structured correctly to manage your company’s information?
Interesting debate over definition(s) of Information Governance.
For what it's worth...
Some concepts are extremely difficult to articulate succinctly. Not because we don’t understand them, but because they are just too complex. I believe H.L. Mencken said: “For every problem, there is a solution that is simple, elegant and wrong”.
Take the example of Enterprise Content Management. A 25-year old industry and a multi-million software market. Every few months, we will invariably have another debate on what the correct definition should be, what it encompasses, if the name should be changed, how it overlaps with other terms, etc. etc. Yet, most people understand pretty well what it is.
Enter… Information Governance
If you haven’t yet, please read Barclay T. Blair’s ebook: “Making the Case for Information Governance”. It is an excellent summary of some of the reasons why Information Governance (IG) is important to an organisation. The ebook focuses more on the rationale behind its existence, and much less…
View original post 381 more words
Part of an risk strategy is to have a mitigation strategy if the controls you put in place to prevent the hazard from occurring don’t work. How do you minimize the impact?
How about a confession seminar?
“Prison-Bound KPMG Ex-Partner Remorseful for Insider Tips,” Wall Street Journal, June 26, 2014 C3 http://on.wsj.com/1o8xvvO Convicted felon makes a few bucks before going to prison (for 14 months) following conviction for insider trading. He’s giving seminars as part of the CLE for CPAs.
What’s your mitigation strategy?
Consider Lois Lerner and her email saying, “Looked like they were inappropriately offering to pay for his wife [‘s travel]. Perhaps we should refer to Exam?” This was in connection with an invitation to Senator Grassley to attend a meeting of some unnamed group.
Some has said that this was an attempt to start an audit of a powerful Republican senator. Strict construction would suggest she was saying the inviting group should be examined further (although there is nothing wrong with making the offer).
“GOP: Lerner Sought Audit Of Senator,” Wall Street Journal, June 26, 2014 A4 http://on.wsj.com/1lT8hRN
Would we want to instruct those who work with us and for us to avoid ambiguity when suggesting starting tax audits of sitting Senators? Do you agree controlling the content of business communications is a part of Information Governance? What about the 69 words GM lawyers said not to use?
Information Governance is normally viewed as a collection of Compliance, IT Security, Privacy, and Ediscovery stuff. I submit that IG, viewed properly, is much broader.
Take, for example, today’s WSJ article. “Middle East Media Outlets Use Crisis to Shape Opinion,” Wall Street Journal, June 25, 2014 A9 http://on.wsj.com/1sFHHB8 Deals with the press in various Middle East countries slanting their reporting of the recent events around ISIS in Iraq according to local political leaders.
Information Governance includes communications, and shaping of opinion, both internally and externally; this applies both to governments and to companies. Who’s your audience?
“U.S. House Sought Immunity for Aide,” Wall Street Journal, June 24, 2014 C2 http://on.wsj.com/1v3uT37 I guess it’s good, if you’re accused of a crime, to work for the people who make the rules. But that would be imperial.
The SEC is suing to force a House aide to turn over documents. The House wants to cut him a break. I guess the SEC budget negotiations were doing too well. Of course the rules only apply to the muggles. Not to us on the Hill.
Interesting that the front section of today’s Wall Street Journal had not one (1) article on the missing IRS emails. I guess the hearing was too late to make press time.
Risk Management requires identifying the risks to which you are exposed, and then establishing controls to prevent those risks significant enough to be controlled. But you can’t stop there. You really need to have mitigations in place in case a risk occurs anyway, despite your controls.
“VA’s Watchdog Is Slammed,” Wall Street Journal, June 24, 2014 A3 http://on.wsj.com/T4GRxg. You have an internal watchdog to make sure you learn of operating problems (a control for a risk). But then the watchdog undercuts the reports of wrongdoing. Oops. And what about the impact on the organization’s culture (notwithstanding the watchdog’s career path)?
I checked. Congressman Trey Gowdy does NOT subscribe to this blog. He wouldn’t need to have read my post on Inferences on Saturday (http://bit.ly/UYV4O9), apparently. Inferences from the history of the non-production of the IRS emails. Federal Records Act. Spoliation. Bad optics.
Information Governance lives on. Especially when your hard drive (and six others) crashes ten days after the letter comes in initiating the investigation. And then you fire your backup service.
“Republicans Grill IRS Chief Over Lost Emails,” Wall Street Journal, June 21, 2014 A1 http://on.wsj.com/1iWlJjD Perhaps this is just an unfortunate hard drive failure, but the context raises lots of questions.
“Suspects in Florida Tracked By Cellphone ‘Stingray’ Tool,” Wall Street Journal, June 21, 2014 A5 http://on.wsj.com/1uPkE2w Warrantless “searches”? A device that “mimics” a cellphone tower described as “a confidential source.”
3. Electronic Politics
“Severe Cyberattacks Seek to Disrupt Hong Kong Poll,” Wall Street Journal, June 21, 2014 A8 http://on.wsj.com/1nUIkl3 Risks in even informal electronic polling. Attacks on politically sensitive polling in Hong Kong.
Filed under Board, Compliance, Compliance, Compliance, Compliance Verification, Controls, Culture, Duty of Care, Governance, Inform shareholders, Internal controls, Investor relations, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Security, Third parties