Monthly Archives: October 2016

The road not taken

A company does something sleazy, and pays $465 million in settlement.  But the company’s senior executives don’t get a salary hit.

“EpiPen Pact Unlikely to Affect Pay,” The Wall Street Journal, October 28, 2016 B2.  Mylan execs won’t suffer because their compensation is determined based on adjusted earnings that exclude the cost of settlements, such as the one the company is paying to the US Gov following allegations of Medicaid overcharges for the EpiPen.

Too bad the returns to the shareholders can’t be computed the same way.  What about the Board that agreed to this formula?  Didn’t directors use to have a fiduciary duty?


Leave a comment

Filed under Board, Controls, Directors, Duty, Duty of Care, Governance, Internal controls, Investor relations, Oversight, Oversight, Policy, Protect assets

Who owns it?

Who owns your information?

“FCC Moves To Tighten Marketing Of Data,” The Wall Street Journal, October 28, 2016 A3.  Finally, consumers get some limited privacy protection.  Internet providers need to secure the customers’ ok before marketing their consumers’ sensitive information like search history.

Leaving aside that a customer’s right to privacy is somewhat shadowy and ill-defined, created as it was (sort of) by the Supreme Court, and that the FCC doesn’t have the charter to protect privacy, per se, this seems like a step in the right direction.  But are we just going to get another click-through we don’t read?

But nice to know that we have some rights with respect to our data.

Leave a comment

Filed under Access, Analytics, Business Case, Controls, Corporation, Definition, Duty, Governance, Information, New Implications, Ownership, Third parties, Uncategorized

Who does the governing?

One aspect of information governance is who’s in charge?  Who “governs,” and how?

“Scrutiny Of Voting Procedures Set to Soar,” The Wall Street Journal, October 27, 2016 A4.  We could guess that a lot of folks would want to observe the US election process to make sure everything’s kosher.  You’d guess a bunch of state authorities, the Department of Justice, and the various political parties and their respective surrogates. But the Organization of American States (40) and the Organization for Security and Cooperation in Europe (500+ observers) were invited by the State Department.

Why?  What role do they have?  Do they own the process?  Do they report to someone who owns the process? (“They” could mean the OAS, the OSCE, or the State Department).

Leave a comment

Filed under Compliance, Governance, Ownership

Information delayed is information denied

What do you do when the governor doesn’t follow the rules?

“NIH Unit Delayed Report Of 2 Deaths From Study,” The Wall Street Journal, October 22, 2016 A3.  National Institutes of Health is a year late in  reporting the two deaths (aka “severe adverse events”) to the FDA, as required by law.

What do you do when employees fail to follow federal reporting requirements?  Do you fire the employees?  Penalize their bosses?  Convene a committee to study?

Leave a comment

Filed under Compliance, Compliance, Controls, Duty, Employees, Governance, Government, Internal controls, Legal, Management, Oversight, Protect assets, Requirements, To report


Three blurbs today.

“Flawed Theranos Tests Hurt Patients,” The Wall Street Journal, October 21, 2016 A1.  Company that marketed a cheaper, better blood test faces problems after testing methodology was faulty.  Is your business selling information analytics?  Is this a risk you have identified, quantified, and protected against?

“Mining Executives Charged,” The Wall Street Journal, October 21, 2016 B5.  In November 2015, a dam collapsed, releasing sludge into a nearby river and killing 19 people.  The federal government filed criminal charges against current and former chief executive officers and other employees and consultants who inspected the dam.  In Brazil.  Compare and contrast the collapse of a dam in the US caused by an employee of the EPA, where no charges were filed.

“Louisville Gets Charges Over Escort Scandal,” The Wall Street Journal, October 21, 2016 D6.  The NCAA charged several staff members with for the University of Louisville men’s basketball team in a sex scandal. The current coach was accused of failing “to demonstrate that he monitored a member of his staff.”  Apparently,  a higher standard of behavior applies to managers of basketball than management in corporations or governments.


Leave a comment

Filed under Analytics, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Management, Oversight, Value


Analytics are one way through massive collections of information.  But do they taint the results?

“Algorithms Aren’t Biased, Coders May Be,” The Wall Street Journal, October 15, 2016 A2.  Coders may include hidden or unconscious biases in the metrics they select, which affect the reliability of the “decisions” algorithms make for you.

Can you rely on a black box too much?  Do you understand the devices you use and how they work?  Does somebody?  Can you provide oversight of a process you don’t understand?

Leave a comment

Filed under Accuracy, Analytics, Controls, Governance, Internal controls, Management, Oversight, Reliance, Use

Does information governance include “crisis management”?

If “information governance” is how you go about managing the receipt, creation, use, storage, transfer, transmission, and disposal of all non-public information received or created in the course of a company’s business, then by definition the term touches upon how your company handles information in a crisis.

“Wells Fargo’s Botched Crisis Management,” The Wall Street Journal, October 14, 2016 A1.  Company and its senior management were excoriated for how they handled the account-shoving scandal.  Sure, over the years (3) they fired 5,300 employees, but the board didn’t know how many employees were fired until the outside regulators reported it.

How did senior management learn of the problem?  What did they do and when did they do it? How did they manage their receipt of that information?  How did they handle communications with the board, inside the bank, and the regulators?  And the press? Not well, one might surmise.  What impact on their brand?

I am not suggesting that the person (vel non) who “owns” information governance also “owns” crisis management, but certainly a poor crisis management response is one of the risks of poor information governance.  The consequences can be huge.  Did the board effectively oversee the operations?


Leave a comment

Filed under Board, Business Case, Collect, Communicate, Communications, Corporation, Culture, Definition, Directors, Duty, Duty of Care, Employees, Governance, Inform shareholders, Information, Investor relations, Management, Oversight, Oversight, Risk, Use, Value