Monthly Archives: July 2014

July 31, 2014 · 10:48 am

Kink in the pipeline

What happens if the technology that you rely on to perform a key business function suddenly stops?  You’re effectively out of business.

“Technical Glitch Clogs Up U.S. Visa System,” Wall Street Journal, July 31, 2014 A3 Visa system suffers string of “outages” in July, attributed to “‘a combination of software optimization and hardware compatibility issues.'”

If you put all your eggs in one basket, watch that basket.  What’s your Business Continuity Plan if that fails?  Or are BCP’s only for businesses, not governments?

Leave a comment

Filed under Business Case, Business Continuity, Controls, Duty of Care, Governance, Interconnections, IT, Oversight, Protect, Protect assets, Protect information assets, Risk

July 30, 2014 · 4:03 pm

Logistics?

How important is communication with your suppliers? What if lack of communication with your suppliers leads to shipping problems?  And makes it impossible to communicate with your customers about those delays?  And you thought you weren’t an information company.

“UPS Boosts Investments as Profit Dips,” Wall Street Journal, July 30, 2014 B4  Apparently, a big problem when, right before Christmas last year, a bunch of shippers unloaded a large number of packages (filling on-line orders) for shipment at the last moment.  UPS couldn’t provide tracking numbers until the packages had been scanned in.  Customers were upset.  Logistics?  Shares fell nearly 4%.

Could there be a chokepoint in your ability to meet customers’ expectations?  Do you need to integrate with people up-dip from you in the cycle?

Leave a comment

Filed under Business Case, Business Continuity, Communications, Definition, Information, Interconnections, IT, Ownership, Risk, Value

July 29, 2014 · 10:04 am

Order matters

Did you know that some banks take all the checks in receives on any given day and processes them by paying the largest one first, then the next-largest one, and so forth.  Not a problem if you have a large enough balance that they all clear.  But if you overdraw, this process results in a lot more overdraft fees.

“Payments Puzzle Persists at Banks,” Wall Street Journal, July 29, 2014 C1  Most banks processes checks in the order received.  Could this be an effort to maximize the income from overdraft fees?

Is this information governance?  Certainly, if the banks are making a conscious decision to use the information they have (daily number of checks written and the rank order from largest to smaller) to make more money, then it is.  Customer service?  Maybe less so.  Would it be more defensible to process all checks received on a given day based on the check numbers? Or based on when the checks were received? Or in some other profit-neutral fashion?

Do you use your customers’ information to benefit the customers or to benefit you?  What does it look like?

Leave a comment

Filed under Controls, Internal controls, Use, Value

July 28, 2014 · 11:07 pm

Telematics

You probably know where your car is.  But where are all your company’s vehicles, and do you need to buy more?  If you don’t know that, is your vehicle manufacturer tracking it for you?  Seems like a helpful service.

“Heavy-Machinery Makers Push Tracking Tools,” Wall Street Journal, July 29, 2014 B3 

But if this is such a good thing, why do less than 20% of the customers of the heavy-machinery makers (Caterpillar, Komatsu) take advantage?

What if a software maker (or computer manufacturer) offered a free service that would tell users (or their employers) where their documents were?  Not really free, but “included.”  Is this really an add-on?

Leave a comment

Filed under Collection, Information, Interconnections, IT, New Implications, Ownership, Use, Value

July 26, 2014 · 12:55 pm

Psychosis

Not since Nuremberg have such documents been seen.  Is the compelling need to keep records, even of atrocities, part of the psychosis?

“Bashar al-Assad’s Grim Catalog of Death,” Wall Street Journal, July 26, 2014 A1  A photographer for the Assad regime in Syria escapes, bringing with him a huge collection of photographs of bodies of alleged anti-government activists.  Together with evidence of a detailed method of keeping track of the circumstances of the deaths.

I guess the people collecting and keeping the data didn’t think they were doing anything wrong.  That’s one explanation.  What was this information used for?

What must be the cultural context where such things happen, both the deaths and the documentation?  Should you assume that everything you write will one day be published, above the fold, on page one in the Wall Street Journal? [Ed.: actually, this was below the fold, page 1.]

Leave a comment

Filed under Collect, Content, Controls, Culture, Internal controls, Oversight, Risk, Use

July 26, 2014 · 12:11 am

Assumptions

Reading the paper or watching the news over the past month might lead one to conclude that air travel is more dangerous now than usual.  Three crashes in seven days.

But that might be misleading.

“Data Shows Safety of Flying Despite Spate of Crashes,” Wall Street Journal, July 25, 2014 A7  The statistics show a positive trend.  And how much of your conclusion is driven by the volume (and amount) of news coverage?

How much of the information you rely on in business is perception rather than reality?  And is that information viewed differently depending on which side of the counter your find yourself?

Leave a comment

Filed under Definition, Information

July 24, 2014 · 5:57 pm

Use = Value

Information governance speaks a lot about compliance, and protection, and ediscovery.  But little about use.  How do you make money from information?  You use it.

Case in point.  “Planning a Meal Around Data,” Wall Street Journal, July 24, 2014 B6  A company using advanced software to gauge demand and arrange delivery of ready-to-cook meals.  Over the web.

Think they pay attention to the details?  Attempting to limit spoilage to 1%.

In your business, what information do you use to make money? How do you manage that information?  How do you source it, validate it, organize it, share it, and protect it?

Leave a comment

Filed under Collect, Controls, Definition, Interconnections, Internal controls, Protect, Use, Value

July 23, 2014 · 1:44 pm

Oxymoronic German process

If you’re in business, and you need to keep the market informed about your operations, so that they can make educated choices about investments, it’s important that your communications are accurate, complete, and reliable.  So you take steps to make sure that you have processes and procedures that provide a level of assurance that the information you report is correct.  And if problems arise, you address them promptly.  Before the regulators step in and require it.  Twelve years later, in December 2013.  And cause a 3% drop in share value.

“Fed Raps Deutsche Bank For Shoddy Reporting,” Wall Street Journal, July 23, 2014 A1  Bank repeatedly warned over the years about weakness of processes and unreliability of financial information.

It’s good to aspire to be best in class.  But it’s not good to be worst.

What would a similar report do to your company’s reputation?

 

Leave a comment

Filed under Board, Collect, Communications, Compliance, Compliance, Compliance, Compliance Verification, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Protect, Protect assets, Protect information assets, Risk, Value

July 22, 2014 · 10:44 pm

Photos on your phone

Most of my postings are about what people write and what they say.  Clearly that’s information, and if written or said in the course of a company’s business, a proper subject for information governance.

But what about photos?  Are there risks of your employees taking pictures (or video) of your information or the information of your clients?  Do your controls capture that?

“Johns Hopkins to Pay Out Millions for Secret Photos,” Wall Street Journal, July 22, 2014 A2  An egregious violation of patients’ rights leads to a settlement of nearly $200 million for 7,000+ plaintiffs.  Surprisingly low.

Can photos and videos be a way for your information to leak?  Or for your company to be out of compliance with privacy, copyright, trade secret, or HIPAA requirements?  Do your controls address this, when everyone has a smartphone?

Leave a comment

Filed under Collection, Controls, Definition, Duty of Care, Internal controls, Privacy, Protect information assets, Risk, Security

July 21, 2014 · 11:59 pm

Barclays, again

Barclays is in the news again.  And that’s not a good thing.

Scandals have dogged Barclays for years.  The most recent one has a couple of different facets, which should be familiar.

First, Barclays lied to its clients, despite the issues having been raised to senior management.  It fell back on the time-worn defense of emails being taken out of context.  When did that work?  Would you prefer to trust your broker?

Second, a key employee behind the recent problems had been fired from Goldman for being somewhat lax about his documentation of trades.

“Barclays Pool Drew Fast-Trade Alarms,” Wall Street Journal, July 21, 2014 C1

I guess they must have thought people had forgotten.  Or that they will forget.  Seems to me, the culture is fatally flawed.  Certainly, the governance model needs work.

 

Leave a comment

Filed under Uncategorized