Monthly Archives: July 2017

The grip on your information

“Apple Eases Its Grip in Chinese Data,” The Wall Street Journal, July 13, 2017 B3.  “To comply with tough new cybersecurity rules, Apple will begin storing all cloud data for its Chinese customers with a government owned company [in China] ….”  Apple “will retain control over encryption keys.”  That makes me much more comfortable.

It might appear that China is exerting its grip on the data stored by Chinese customers on iCloud.  But whose data is it, anyway?  And what if other countries take similar steps with their citizens’ data?  Any opportunity for mischief?

Advertisements

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

Keeping it in the family

“Two Plead Guilty in Insys Cases,” The Wall Street Journal, July 12, 2017 B3.  Insys Therapeutics had an unusual fentanyl problem: bribing doctors to prescribe it.  Two saleswomen took the plea.

Notable:  one of the women is married to the firm’s former CEO, who  was arrested on related charges in December, together with 5 other senior managers.

Does corruption normally run this deep?  Where is (or was) the board?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight

Pesky little documents

“Caterpillar Faces New Questions in Probe,” The Wall Street Journal, July 3, 2017 B1.  During a criminal investigation, required export documentation couldn’t be found. Apparently, there are also inconsistencies between what was submitted to the Department of Commerce and what was turned over in response to subpoenas.

So, a corpration may be charged criminally.  What about officers, directors, and employees?

It is only foolish consistency, not inconsistency, that is the hobgoblin of little minds.

Leave a comment

Filed under Accuracy, Compliance, Compliance Verification, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Oversight, Value

Ransomware Week

“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3.  Motive for recent attacks was not blackmail, but just disruption.  The files that were attacked may not be recoverable.  “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3.  DLA Piper shuts down after its computer systems hit.  “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.

Have the Visigoths gathered at the gate?  If we can’t protect our computers and the information they contain and send, does our civilization survive?  Is IT now more important that all the other functions?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value

Cyberattacks, revisited

It’s Groundhog Day.  Or becoming a dog-bites-man story.

“Cyberattack’s Fallout Fuels Scramble,” The Wall Street Journal, June 29, 2017 B3. A ransomware attack through Microsoft Windows hits Maersk, Merck, WPP, and Rosneft, among others.  Surgeries disrupted at a Pennsylvania hospital.  “Hospital Operator In Pennsylvania Works to Recover,” The Wall Street Journal, June 29, 2017 B3.

Does this become so routine we forget people are supposed to take steps to prevent it?  Do cyberattacks make the board agenda, without the tie to the greater information governance questions?  Is that progress?  Does industry not see the bigger risk?

 

Leave a comment

Filed under Access, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value

Altered metrics

If someone asks you to “alter” or “fudge” a financial metric reported to the market, take pause.  Or hit the big red button.

“Witness: Magnate Knew of Altered Metric,” The Wall Street Journal, June 28, 2017 B9. The chairman of a large company allegedly knew that one of the financial metrics the company reported to the market for the previous quarter was improperly inflated.  Or fudged, as they say in the trade.  By $12 million.

The former chief accounting officer took a plea to fraud (and admitted to lying on other matters) and is cooperating with the government; the former CFO is charged with criminal fraud and is at trial.  The company is “cooperating.”  The chairman hasn’t been charged.  Yet.

Why isn’t the company charged?  At least one of its agents appears to have committed a fraud.  Why isn’t the chairman charged, if he knew?  Is this consistent with the Yates memo?  Is there a civil (derivative) suit against the chairman?

Leave a comment

Filed under Accuracy, Board, Collect, Communicate, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Internal controls, Management, Oversight, Oversight