Monthly Archives: May 2015

The best defense

Of course the firm’s chief information officer knows all the emails are stored forever.  So he wouldn’t write bad stuff in email.

Defense Puts Spotlight on Law Firm’s Emails,” Wall Street Journal, May 28, 2015 B3.  Defense argues that “fake income” is a legitimate accounting term.  But he wouldn’t put anything bad in emails. Bankruptcy of Dewey & LeBoeuf.

If you know of the long-term storage of all emails, does that make it more or less likely that you’ll write bad stuff in emails? Is making people more aware a way to “cleanse” the record in advance?

 

Advertisements

Leave a comment

Filed under Business Case, Compliance, Compliance, Controls, Governance, Internal controls, IT, Management, Oversight, Risk, Security

Broken windows

Your top manager is mildly flawed.  Does that impact the stock’s value?

In a word, yes.

An Executive’s Misdeeds Often Prove to Be Costly,” Wall Street Journal, May 27, 2015 B7. Drunk driving by the top boss costs 1.6%.  If it’s the chief executive, the cost is 4.1%.  About 65% of the execs studied kept their jobs.

What does it say about your culture if your chief executive’s flaws are known? If the CEO is observed jaywalking while walking to a meeting, can your company expect your employees to comply with all applicable laws? Your Code of Conduct does not distinguish between non-compliance with the Foreign Corrupt Practices Act and non-compliance with your record retention schedule.

Is a flawed senior executive a broken window, in the law enforcement context?

Leave a comment

Filed under Board, Business Case, Culture, Culture, Governance, Oversight, Risk

It’s not what you say

An auditor briefs some of company’s directors about an investigation of bribery.  In 2006.  Nobody tells the SEC until 2011.  What are the director’s obligations once they know or have reason to know of criminal wrongdoing?  Why do companies have auditors?

Wal-Mart Auditor Criticized On Probe,” Wall Street Journal, May 26, 2015 B3.

The leader of a price-fixing conspiracy says that people much higher than he was in the bank knew about and indeed participated in the rigging.  If true, what does this say about the culture of the company? If true, what happens to the company’s charter?

Libor Courtroom Drama Is Ready to Begin,” Wall Street Journal, May 26, 2015 C3.

What happens if a company doesn’t meet its duty to comply with the law?  How many people knew?

Leave a comment

Filed under Board, Business Case, Collect, Compliance, Compliance, Controls, Culture, Culture, Governance, Internal controls, Management, Oversight, Risk, Use

Information, broadly defined.

Fingerprints as information.

London Man Convicted of U.S. Soldier’s Murder,” Wall Street Journal, May 22, 2015 A6.  Based on fingerprints on homemade bombs in Iraq, man convicted of murder of a US soldier in Iraq in 2007.

Are fingerprints information?  Who owns them?  How does that evidence survive for 8 years?  Who governs them?

Leave a comment

Filed under Business Case, Collect, Definition, Information, Management, Ownership, Risk, Use, Value

Can your employees have too much access?

Is it a problem if your employees get work-related email outside working hours?  It depends.

Overtime Pay for Answering Late-Night Emails?” Wall Street Journal, May 21, 2015 B1. If you access your employees by email after hours, you may be liable for overtime.

Does your policy address this?  What if they use a company-issued phone for personal business after work?  Or a personal phone to access the company server for either (a) personal business of (b) company business?

 

Leave a comment

Filed under Access, Board, Business Case, Compliance, Compliance, Compliance, Controls, Governance, HR, Interconnections, IT, Legal, Management, Oversight, Oversight, Policy, Privacy, Requirements, Risk

Third time’s the charm?

Hackers got into the data of a major health insurer in June 2014. Perhaps a million customers affected. Breach was just announced, having gone undiscovered for more than 9 months.

Hackers Accessed Data From Insurer CareFirst,” Wall Street Journal, May 21, 2015 B2.  Third health insurer breach reported this year.  This one in the DC area.  Were federal employees affected?  Don’t know.  Yet.  Looks like Chinese hackers.

How quickly would you like to know that your name, email, address, and other information had been hacked?  I assume 11 months is “too long.” The information that was hacked was the information the customers used to access services at the insurer.

Leave a comment

Filed under Access, Board, Business Case, Communications, Compliance, Compliance, Compliance, Controls, Governance, Internal controls, IT, Management, Oversight, Oversight, Privacy, Protect, Protect assets, Protect information assets, Risk, Security

Sharing isn’t always a good thing

Inside a company, sharing knowledge (aka information) can be a good thing.  When you start sharing with other companies, things can get problematic.  Or criminal.

Banks Pay $5.6Billion To Settle U.S. Probe,” Wall Street Journal, May 21, 2015 A1. Banks who shared information in order to maximize profits by price fixing foreign currency rates through use of an online chat room pay a huge fine. And they pled guilty to criminal charges.

So, sharing some information outside the company is bad.  That’s bad with a ‘B.”  Like the “B” in billion.  What does it say when your bank pleads guilty to a crime?  Why does the SEC allow them to continue to operate? Sure lucky they aren’t government contractors.  And what happens in the future if one of them commits another crime?

Civil suits to follow.

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Compliance, Controls, Culture, Culture, Governance, Internal controls, Management, Oversight, Protect assets, Risk, Third parties