Monthly Archives: December 2017

Covert units

It’s a bad sign when you establish a covert unit.

“Uber Formed Covert Unit to Steal Trade Secrets, Ex-Employee Says,” The Wall Street Journal, November 29, 2017 A1. According to a former security employee, Uber “had a team dedicated to stealing [competitors’] trade secrets and helped employees dodge regulators’ scrutiny.”

This information was in a letter read to the jury in the Alphabet/Uber trade secret litigation.  Ouch.

What does it say about the company’s commitment to compliance with law (including the rights of others)?  Are RICO charges far behind?

If Uber loses the case, will shareholders sue the directors who allowed this to happen?

 

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight, Supervision

Cyberattacks

“Three From China Indicted in Cyberattacks,” The Wall Street Journal, November 28, 2017 B4.  Allegedly hacked into the email account of an economist at Moody’s and gained access to gigabytes of confidential data of Siemens beginning in 2011.

Who has access to your data?  Is the email account of a third-party vendor a potential source of a major leak?  Even an economist?

Leave a comment

Filed under Access, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value

Was your ride late?

“Chicago Sues Uber For Lag in Reporting Data Hack,” The Wall Street Journal, November 28, 2017 B4.  Following the disclosure of the year-old breach of 57 million accounts, Uber is sued for consumer fraud and deceptive business practices, among other things.

There is the breach.  And then your response to the breach.  And then the regulators’ and the customers’ and the shareholders’ response to the breach.

Leave a comment

Filed under Communications, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Investor relations, IT, Oversight, Protect assets, Security, Supervision, To report, Value

Wells Fargo, continued, again

“Wells Fargo Bankers, Chasing Bonuses, Overcharged Clients,” The Wall Street Journal, November 28, 2017 A1.  Only 35 of 300 companies had been charged only what they had agreed to.  Four foreign-exchange bankers fired.

Who is surprised?  The culture at the company was potentially fatally defective.

Why hasn’t the Board been held liable?  The directors utterly failed in their fiduciary duties.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Protect assets, To report

Cybersecurity

Cybersecurity involves protecting the enterprise from internal or external attack and responding after the enterprise has been attacked.  How do you ensure your business continues to operate if its cybersecurity is breached?  It’s not just sending notices to affected customers and paying for credit watches.

“Banks Create Cyber Doomsday System,” The Wall Street Journal, December 4, 2017 B1.  By requiring banks and credit unions to back up their data so that operations can be restored after a breach.  This also protects confidence in the overall banking system.

Do you have a business continuity plan?  Does it address how you will access your critical information so that you can continue to operate?

What’s surprising is that this is newsworthy.

Leave a comment

Filed under Access, Board, Business Case, Business Continuity, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Operations, Oversight, Protect assets, Protect information assets, Security, Value

Why listen to the court?

“Battle at CFPB Rages On,” The Wall Street Journal, December 4, 2017 B9.  The person who lost in her attempt to seize control of the CFPB despite the appointment of Mick Mulvaney as the head of the agency asks the court to do “a more complete legal assessment of her claims.”

I guess if you don’t like the first decision, you might as well ask again, right?

Governance involves having a clear idea of who governs.  I suspect the court will clarify the matter for her and her lawyer.

Leave a comment

Filed under Compliance, Controls, Duty, Employees, Governance, Ownership, Third parties

More executive firings

“Security Shake-Up At Uber,” The Wall Street Journal, December 4, 2017 B4.  Three members of Uber’s security team resigned.  Voluntarily.  And another is on extended medical leave.

This after Uber recently disclosed a data breach a year ago that exposed 57 million user accounts.  And after reports of a team established to access competitors’ technology.

Culture, anyone?  Or attempts to protect the brand at the expense of employees?

Leave a comment

Filed under Compliance, Controls, Corporation, Culture, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Protect assets, Security

Violating company policy

Who gets fired for violating company policy?  How often is it a senior executive?

“Visa Cites Behavior In Firing Executive,” The Wall Street Journal, December 4, 2017 B3.  We don’t know what the violation was.  Yet.  But he was a high-flyer, handling the Apple and PayPal partnerships.

Does this send a message to the rest of the organization?  Does it depend on the policy he violated?

Does your company publish information on how many people have been disciplined for violations?  If not, why not?

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Oversight, Policy

Collecting personal information

Those of us familiar with the EU are familiar with government agencies placing and enforcing restrictions on the collection of personal information, to protect the privacy rights of its citizens.

“CFPB Curbs Data Collection,” The Wall Street Journal, December 5, 2017 B5. The Consumer Financial Protection Bureau stops collecting personal information (including data on credit cards and mortgages) until adequate cybersecurity protections are in place.

Delicate balance between protecting privacy and protecting your credit?  Or the recognition by the government of their duty to protect our information?

Leave a comment

Filed under Controls, Duty, Duty of Care, Governance, Government, Information, Internal controls, IT, Ownership, Privacy, Protect assets, Security

Another one bites the dust

“Steinhoff’s CEO Resigns Amid Accounting Probe,” The Wall Street Journal December 7, 2017 B3.  Off-balance sheet accounting leads to resignation of CEO of parent company of Sleepy’s (a mattress brand), and a drop of 62% in share value.

Where was the Board?  Where were the auditors?  Trying out the company product?

Who pays the price of management’s failure?

Leave a comment

Filed under Accuracy, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Duty, Employees, Governance, Information, Internal controls, Oversight, Oversight, To report, Value