Monthly Archives: December 2016

Too much information

Is it possible to allow too much information?

“U.S. Revisits In-Flight Phone Calls,” The Wall Street Journal, December 9, 2016 B1.  Transportation Department considering letting people use their cell phones during airline flights.

Gone is one of the last refuges from overhearing someone else’s yak yak yak.  If you’re the airline, is this a good thing or a bad thing?  If you’re the Transportation Department, is this really what you should be governing?  Shouldn’t it be an airline’s choice?


Leave a comment

Filed under Access, Board, Controls, Duty, Governance, Government, New Implications

Access risk

Do you think about the risk of the failure of a critical information transfer system?

“Bank Lost Its Ability To Process Payments,” The Wall Street Journal, December 8, 2016 B8. The Bank of New York Mellon temporarily lost its access to the SWIFT network, used to process payments within the banking system.  Over nineteen hours.

Does your business have a similar business continuity risk, where a critical information transmission system is unavailable?  Have you identified that risk and quantified its potential impact?  Do you have controls (people, process, or technology, or some combination) to prevent the occurrence, or to limit its impact?  Is this a Board responsibility?  If not the Board, who?

Leave a comment

Filed under Access, Board, Controls, Directors, Duty, Governance, Information, Interconnections, Internal controls, IT, Management, Protect, Risk, Risk Assessment, Risk assessment, Value


A corporation violates a rule and people die.  Who gets pinched?

“Bolivia Detains Head Of Airline Over Crash,” The Wall Street Journal, December 8, 2016 A9. The co-owner of LaMia Corporacion SRL, the charter airline involved in the Bolivian airline crash last week was “detained.”  A bit surprising, as LaMia is a corporation, which is a normally limited liability vehicle, where a shareholder’s financial liability is limited to his or her investment.

What would happen if the major shareholder of a US corporation were “detained” in a similar incident?  How would other corporations then deal with compliance?

Leave a comment

Filed under Business Case, Duty, Risk, Shareholders


One normally relies on auditors.  But if the auditor issues a false audit report and then tries to cover it up, what happens?

“Brazil Arm to Pay $8 Million Penalty,” The Wall Street Journal, December 6, 2016 B8.  Foreign affiliate of Deloitte Touche paid a fine to the Public Company Accounting Oversight Board for such conduct, after also failing to cooperate with the investigation.  Deloitte reportedly replaced management at the affiliate.

Did Deloitte fail to adequately supervise its affiliate?  Who at the parent will get disciplined?  Who’s your auditor?

Leave a comment

Filed under Accuracy, Business Case, Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Risk

Following the rules

The entire area of Governance, Risk, and Compliance deals with assessing the risks of certain behaviors and developing and enforcing controls (people, process, and technology) to prevent the identified hazard from occurring, or mitigating the impact.  Information Governance is a subset of GRC.

“Criminal Complaint Filed in Fatal Crash,” The Wall Street Journal, December 5, 2016 A11.  There are international rules that require planes to have certain amounts of fuel onboard before taking off.  The flight dispatcher who reviewed the flight plan for the recent charter flight that crashed in Columbia allegedly objected to the flight plan as originally filed, which only had enough fuel to reach Medellin, but not enough extra.  The on-board dispatcher, again allegedly, told her not to worry, and she allowed the plane to depart.  It crashed after running out of fuel.

The rules were ignored, the policy not followed.  People died.  Now people are chasing the dispatcher (who has fled the country).  Who else is also accountable?  The airline?  The charter company?

Leave a comment

Filed under Collection, Controls, Duty, Employees, Governance, Government, Internal controls, Management, Operations, Oversight, Third parties, Use, Use