Monthly Archives: February 2017

February 28, 2017 · 10:53 am

Wealth Mismanagement

Yes, the Oscars ceremony had its information mix-up, when Warren Beatty was given the wrong envelope.  But who was (and “was” is probably the operative word) in charge of calculating and communicating the cost basis for stock?

“Morgan Stanley Gave Clients Wrong Data,” The Wall Street Journal, February 28, 2017 B9.  Firm miscalculated the cost basis, and therefore the gain, on sales of stocks by the firm’s wealth-management clients for 5 years.  Anticipated cost: $70 million.

How do you ensure that the right information is getting to the right place (person) at the right time?  What controls do you have in place?  Are those controls people, process, or technology?  While it took PWC a few minutes to correct the error at the Oscars, it took Morgan Stanley five years.  Who had the better process?

Leave a comment

Filed under Accuracy, Collect, Communicate, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Managers, Oversight, Policy, Protect, Protect assets, Use

February 28, 2017 · 10:41 am

Watch who you hire

“Uber Engineer Fired Over Alleged Conduct at Google,” The Wall Street Journal, February 28, 2017 B5. A celebrated new hire at Uber allegedly had sexual harassment issues at his former employer.  Bye bye.

Do you ask prospective employees why they left their prior position?  Do they tell you the entire truth?

 

 

Leave a comment

Filed under Accuracy, Collect, Collection, Controls, Corporation, Duty, Duty of Care, Employees, Governance, HR, Internal controls, Management

February 28, 2017 · 10:35 am

Test reports

Are you in a business that provides test results of your product to your prospective customers?

“Takata Pleads Guilty in Air-Bag Case,” The Wall Street Journal, February 28, 2017 B3.  Pays $25 million criminal fine and $975 million in other penalties, having plead guilty to one (1) count of providing misleading test reports on its air bags.

Having “faulty” information is bad enough.  But transmitting it to others? Priceless.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Data quality, Duty, Governance, Oversight, Oversight, Protect information assets, Supervision, Vendors

February 26, 2017 · 7:02 pm

Everybody has a duty

“Former SunEdison Executives File Suit,” The Wall Street Journal, February 25, 23017 B3.  Company allegedly told a different story to investors than it was discussing internally, and managers were instructed to make more optimistic projections.  Two executives took their concerns to the Board, and were then replaced.

Employees have a duty to report concerns upwards.  The company has a duty to its shareholders and to the market to disclose material information.  Directors have a duty to the corporation and its shareholders to provide oversight and to handle reports of wrongdoing appropriately.

Watch this space.  A chance for a Maryland court to look at Caremark, a Delaware case dealing with a director’s duty to provide oversight, and how derivative actions get decided.

 

Leave a comment

Filed under Board, Compliance, Corporation, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Investor relations, Oversight, Supervision, To report

February 26, 2017 · 6:48 pm

Six months

How long would it take your internet service provider to notify you that a bug on its systems was leaking your data?

“Data Leaked on Web for Months,” The Wall Street Journal, February 25, 2017 B1.  Cloudfare announced it had had a bug since September 2016, affecting its webservers, and leaking data from some of its 6 million customers.  Unclear what was leaked, and to whom.  Cloudfare handles 10% of the world’s web traffic.

Who at Cloudfare knew what, and when, and more importantly, who should have known more, sooner, and disclosed it?

Leave a comment

Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Governance, IT, Managers, Oversight, Protect assets, Protect information assets, Security, To report

February 26, 2017 · 6:25 pm

Lipstick on a pig

As The Wall Street Journal says, “In these days of alternative facts, some companies are pushing alternative accounting.” “Watch Out for ‘Tailored’ Results,” The Wall Street Journal, February 24, 2017 B12.

When a company departs from the usual way of reporting something (watch for “non-GAAP”), it may not be to provide you deeper insight.  But you knew that.

Leave a comment

Filed under Accuracy, Analytics, Board, Communications, Compliance, Compliance, Corporation, Data quality, Directors, Duty, Governance, Inform market, Inform shareholders, Investor relations, Oversight, Oversight

February 26, 2017 · 6:17 pm

Making a hash of hash

“Hashing” a document has been a lynch pin of document security for most of the digital age.  It uses an algorithm to create a unique identifier for a digital document.  Useful for things like computer security and ediscovery.  Perhaps time has moved on.

“Google Team Cracks Web Security Shield,” The Wall Street Journal, February 24, 2017 B4. The SHA-1 algorithm was cracked, allowing the creation of two different  documents with the same hash value.

Alternatives in the works.  Watch this space.

Leave a comment

Filed under Access, Accuracy, Business Case, Controls, Duty of Care, Governance, Internal controls, IT, New Implications, Oversight, Protect assets, Risk, Security, Third parties

February 26, 2017 · 6:07 pm

Trade Secrets

An employee leaves Company A and starts a new one, Company B, which is in turn acquired by Company C, a competitor of Company A.  Company C develops a laser sensor for self-driving cars.  Company A sues, alleging the employee downloaded 14,000 files before departing, including information about laser sensors and supplier lists and manufacturing details.

“Alphabet Sues Uber Over Trade Secrets,” The Wall Street Journal, February 24, 2017 B3.

How do you protect the company’s technology jewels?  How do you limit and track access?  How do you ensure that a new employee isn’t bringing something he or she shouldn’t have?  How did the directors and managers allow this to happen, at both Company A and Company C?  Is this information no longer a trade secret because Company A didn’t protect it well enough?

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Management, Managers, Oversight, Ownership, Protect, Protect assets, Security, Third parties

February 26, 2017 · 5:49 pm

Exclusion

Is this just politics, or is it information governance?

“Media Outlets Barred at Briefing,” The Wall Street Journal, February 25, 2017 A3.  Journalists from several major media organizations were barred from a press gaggle on Friday.  The event was still attended by the designated TV and radio pool reporters.

The media was outraged, on both wings.

But look at this deeper, through an information governance lens.

Who “owns” the information being produced?  Whose obligation is it to inform the shareholders?  Does the White House have a duty, or is this just how things have always been done?

Does the White House have the power to exclude certain reporters or media outlets?  Apparently. What would happen if all reporters were excluded, and the press briefing and media handouts moved to the internet?  Would anybody but the media notice or care?

 

 

 

Leave a comment

Filed under Access, Controls, Duty, Governance, Government, To report

February 22, 2017 · 12:34 pm

Housebreaking a puppy

Governance, whether it’s information governance or just plain governance, requires that you punish those who get caught breaking the rules.  Otherwise, the rules are more like guidelines.  And as when housebreaking a puppy, you should apply the “correction” as close as possible in time to the occurrence of the “breach.”  That includes supervisors.

“Wells Fires 4 Senior Managers Over Sales Practices,” The Wall Street Journal, February 22, 2017 B1.  Now-former Wells Employees include the Chief Risk Officer for retail banking, an executive in Arizona retail banking, a consumer-credit executive (formerly a Los Angeles retail banking executive), and a retail banking strategy and finance executive.  This follows the hold-back of 2016 bonuses for the new CEO and the CFO.  And a fine of $185 million and the termination of 5,300 other employees.  The alleged misdeeds at Wells began in 2009 or 2010.

Better late than never.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Management, Managers, Oversight, Oversight, Supervision, To report