Monthly Archives: May 2017

May 30, 2017 · 7:38 pm

British two-step

Gee, how important are computers to your company?  Or, more importantly, the information they contain?

“Big Outage Dogs British Airways,” The Wall Street Journal, May 30, 2017 B3. A power surge apparently takes out BA’s entire IT system.  No flights, no baggage, and no customer communications.  This is partly a business continuity problem, and is a predictable hazard (I was working at Amoco in Chicago in the 90’s when a flood took out the email servers that were then in the basement- Ed.).  But it also highlights how important access to information is to having your business run right.  If you put all your eggs in one basket, watch that basket.

What happens when you have so much information that you can’t read it all? “U.K.’s MI5 Begins Internal Probe,” The Wall Street Journal, May 30, 2017 A9.  Apparently, the suicide bomber in Manchester was on, and then off, the security service’s radar screen.  He was one of 20,000 suspects, but not among the 3,000 most active ones.

Leave a comment

Filed under Access, Accuracy, Business Continuity, Communications, Controls, Duty, Governance, Government, Information, Interconnections, IT, Operations, Oversight, Supervision, Third parties, Value

May 29, 2017 · 6:45 pm

Backlog

Travel-related backlog.

Executives do go to jail.  “Ex-VW Official to Stay in Jail,” The Wall Street Journal, May 26, 2017 B3.  The official was head of the environmental and engineering office.  VW had already pleaded guilty to criminal charges in connection with the diesel emissions scandal.  So the company AND some executives are criminally charged!  Guess Sally Yates meant it.  At least for foreign companies.  But no directors have been sued.  Yet.

“FBI Holds Memos for Now,” The Wall Street Journal, May 26, 2017 A4.  Congress wants the memos that ex-Director Comey wrote, but the existence of the special counsel (also the ex-Director) and Congressional “inquiries” have muddied the waters.  Whose information is it, anyway?  And can’t we all look at them together?  Right after Mr. Comey testifies?  Interesting that the FBI can withhold non-privileged memos, whatever their weight may be.

Chairman doesn’t go to jail.  “Leader of Brazil’s JBS Steps Down,” The Wall Street Journal, May 27, 2017 B1.  The bribing scandal in Brazil’s meat-packing industry removes the chairman and his brother from the Board (although the brother remains as CEO).  The chairman signed a plea bargain in exchange for criminal immunity.  Curious about the culture at the company after the plea deal.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, Management, Oversight, Oversight, Ownership

May 25, 2017 · 6:10 pm

Hacking hackers

“In Cyberwar, Spies May Be Targets,” The Wall Street Journal, May 25, 2017 B4.  In a breach of protocol, the hackers behind the WannaCry ransomware attack may be releasing the names of some of the hackers working for the NSA.  Certainly cuts down on their foreign travel.

If they can’t keep their own secrets secret, what’s a body to do?  Will this shut them down?

How well does your company keep its secrets?  How important is it to your employees?

Leave a comment

Filed under Access, Business Continuity, Controls, Duty, Government, IT, Privacy, Security, Third parties

May 24, 2017 · 5:53 pm

Shameless self-promotion, chapter 2

I did a presentation today to the Houston Chapter of ARMA on the question of “Duty.”  This explores the fundamental dichotomy between autonomy and compliance.  A rough draft of the presentation, together with audio, is available at the following link: http://bit.ly/2qXkD31

Leave a comment

Filed under Uncategorized

May 24, 2017 · 5:45 pm

A handful of stories

  1. Compare

“FCC Won’t Move Against Colbert for Crude Remarks,” The Wall Street Journal, May 24, 2017 A3.  Remarks about Trump don’t draw a fine.  The question remains, what will?  What’s the impact of the regulator not even trying to enforce regulatory standards?

With

“Pakistan Investigates Social-Media Critics of Its Military,” The Wall Street Journal, May 24, 2017 A8.  Twenty-seven critics investigated for “unacceptable” comments criticizing and ridiculing the military and judiciary.  The FCC wasn’t consulted.

2. “U.S. Sues Chrysler Over Emissions Tests,” The Wall Street Journal, May 24, 2017 B1.  Apparently VW wasn’t the only one seeking to game the emissions-testing process.

3.  “Human Still Rule Machines in Insurance,” The Wall Street Journal, May 24, 2017 B1.  Despite the new sources of data, and the ability of computer programs to determine how much an individual insurance policy should cost, humans are still a necessary decision-maker.

4.  “Target Settles Probe Into Its 2013 Hack,” The Wall Street Journal, May 24, 2017 B3. Following the 2013 data breach, Target pays an additional $18.5 million to settle state charges.

5. “High-Ranking Chinese Regulator Faces Probe,” The Wall Street Journal, May 24, 2017 B14.  Assistant chairman of the China Banking Regulatory Commission fired for breaking the rules.  Details not available.

Leave a comment

Filed under Accuracy, Analytics, Compliance, Compliance, Controls, Corporation, Culture, Duty, Employees, Governance, Government, Information, Internal controls, Management, Managers, Oversight, Supervision, Value

May 23, 2017 · 2:10 pm

Reporting, vel non

Does your radar go wild when someone suggests delaying the report of information?

“Sunrun Sales Data Seen as Skewed,” The Wall Street Journal, May 23, 2017 B1.  In the run-up to the company’s IPO, some managers were told by their managers to hold off on reporting a number of canceled contracts.  Reporting this information would have reduced the sales numbers, as the canceled contracts were a large percentage of total orders.

What does it say about a culture where the bosses ask managers to do this type of thing?  And no one says, “No”?  Was no one bright enough to connect the dots?  What else is suspect?  Are employees clueless as to their common law duties to report wrong-doing or deviations from company processes?

 

Leave a comment

Filed under Accuracy, Compliance, Compliance, Controls, Culture, Data quality, Duty, Employees, Governance, Internal controls, Management, Managers, Oversight, Supervision, To report

May 23, 2017 · 1:47 pm

You manage what you measure

If the Board asks how much the company paid for something, “I don’t know” isn’t a good answer.  Neither is “We can’t track that today.”

“Algorithms Help Calpers Tally Fees,” The Wall Street Journal, May 23, 2017 B1. The question was how much the pension plan had paid private-equity managers in performance fees.  It turns out the answer was $3.4 billion, over 25 years, with $490 million last year.  Answer was derived using algorithms.

“It took five years to develop a new data collection system that requires private-equity managers to fill out various templates describing their various fees.”

How comforting – a self-graded exam for $3.4 billion in fees.

What’s information worth?  How can you manage without it?  How did they?

Leave a comment

Filed under Access, Analytics, Board, Collect, Controls, Corporation, Data quality, Directors, Duty, Governance, Information, Internal controls, Management, Operations, Oversight, Oversight, Protect information assets, Third parties, Use, Use, Value, Vendors

May 22, 2017 · 11:16 pm

Texas Administrators

Soon to be signed into law is a bill holding school administrators, superintendents, and principals criminally liable for failing to report teachers who commit “inappropriate acts” with students.  The offending teachers are already potentially liable.

“Texas Measure Targets Improper Teachers, The Wall Street Journal, May 22, 2017 A3.

Surprising it wasn’t the law already.  Mr. Bumble was right:  the law is a ass.

Leave a comment

Filed under Communicate, Communications, Controls, Duty, Employees, Governance, Government, Internal controls, Management, Managers, Oversight, Supervision

May 22, 2017 · 11:09 am

Digging out

I was otherwise engaged last week and missed posting.  Here are some catch-ups.

Leave a comment

Filed under Accuracy, Board, Communications, Compliance, Compliance, Content, Controls, Corporation, Directors, Discovery, Duty, Employees, Governance, Government, Inform market, Inform shareholders, Internal controls, Investor relations, Oversight, Privacy, Protect assets, Protect information assets

May 16, 2017 · 12:43 pm

Where does one start?

Two front-page items today relating to information and governance and compliance, or some combination thereof.

Trump Shared Secrets With Russians,” The Wall Street Journal, May 16, 2016 A1.  President Trump shared  with the Russians “sensitive intelligence” received from an ally.  May have compromised the source.

“Hack Probe Zeroes In on How Virus Invaded Networks,” The Wall Street Journal, May 16, 2016 A1.   WannaCry ransomware infects various networks worldwide.  Similar to an NSA hack, or are you still using XP?

Regardless whether the President shared actual sources and methods, or just enough to figure them out, this bears scrutiny.  What impact (cost) will this have on future intelligence sharing by allies?  Who in your organization has access to secret stuff, and how well do they manage it?

As for WannaCry, are we really only secure as our weakest link?  Lots and lots of links.

 

 

Leave a comment

Filed under Access, Controls, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Protect assets, Security, Third parties, Value