Monthly Archives: January 2018

Willie Sutton?

Willie Sutton (a famous bank robber) was reportedly asked, “Why do you rob banks?” He reportedly said, “Because that’s where the money is.”

“Hackers Plunder Crypto Exchange,” The Wall Street Journal, January 27, 2018 B5. More than $500 million in credits hacked from the Coincheck site in Japan.  One assumes virtual banks are easier to rob than brick and mortar banks.

This is a concrete example of the cost of a cyber breach.  But it also follows on from an earlier post (Law School Exam Question) equating cash money and information, in terms of value.

If businesses (including the Board of Directors) treated information assets as cash, and managing, protecting, and controlling the organization’s information as currency, would that be “information governance”?  Why do they handle information assets differently?  Why should the Board and the officers get a pass on this?  The shareholders certainly don’t.

Leave a comment

Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Ownership, Protect, Protect assets, Protect information assets, Security, Third parties, Value

Fake news

“Fake Public Comments On New Rules Probed,” The Wall Street Journal, January 25, 2018 A3.  Were faked ids used to post comments on proposed federal regs?

When you make comments on a proposed government regulation, do you have to provide your correct name or id?  Is there a special problem when the government tries to limit your free speech?  Is this fraud (and if so, why?)?  Apparently, it is a crime to “knowingly make false, fictitious or fraudulent statements to a US agency.”  Is this 18 USC §1519, or something else?  Can the government criminalize “fictitious” comments to the government?  There’s the 1st Amendment of course, and the right to petition.

For a non-commercial site, how do you stop “spoofing”?

Leave a comment

Filed under Accuracy, Controls, Duty, Government


Stealing an asset from someone else is a crime.  Information is an asset.

“Firm Found Guilty of Tech Theft,” The Wall Street Journal, January 25, 2018 B2.  Chinese company bribes a vendor’s European employee to get software code.  The employee was convicted of the theft in Austria in 2011.  Only now is the company itself convicted in the US.

The cost of the theft was alleged to be $800 million.  The convicted company (which used to be the vendor’s major customer) faces fines of nearly $5 billion.

Is this just part of a trade war with China?

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Value


GE, fresh from the embarrassing disclosure that the Board didn’t know about the two-jet policy, is now being questioned by the SEC over its accounting practices.

“GE Faces An SEC Probe of Accounts,” The Wall Street Journal, January 25, 2018 A1.  Questions arise over how GE accounted for revenue on long-term projects.

How did the Board miss this, too?  The new CEO must be beside himself.  Welcome to the party.


Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Oversight

Leaking government documents

One would think that professionals hold themselves to a higher standard, and would not conspire to take advantage of leaks of information from someone who shouldn’t be leaking it.

Au contraire, mes amis.

“Former KPMG Executives Charged,” The Wall Street Journal, January 23, 2018 B1.  KPMG execs arranged to get a heads up on which KPMG audits were going to be reviewed by the PCAOB.  After things went south and the investigation started, people started deleting emails and texts.  Same song, different verse.

So, working with a federal government agency to get confidential government information.  Consequence: criminal indictments of KPMG partners and civil suits.  They were also fired.  KPMG cooperated “fully” in the investigation.  The leakers at the government were angling for jobs at KPMG.


  1. Auditors commit crimes, too
  2. Confidential government information belongs to the government
  3. Conspiring with government employees to get that information is a crime
  4. Your employer has a lot of incentives to cut you loose if you’ve committed a crime in the course of your business
  5. It’s hard to get a job as an auditor after a criminal conviction
  6. Deleting emails and texts after an investigation started is Bad.  See also 18 USC §1519
  7. If partners in your firm are doing this, what else is going on?
  8. No one at the government has been charged

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Ownership, Third parties

Risk versus cost

“Investors Turn to ‘Drive By’ Home Appraisals, Adding Risk,” The Wall Street Journal, January 22, 2018 A1.  A method that is illegal when used for a single home is used to quickly and cheaply (quick and dirty?) value large collections of houses, which are then used as collateral.

These values are then used as collateral on billions of dollars of bonds.  Isn’t that comforting?  Think of the money they are saving!

For now.

Do you know what information underpins your decisions?  Does the Board?  Does the market?  What could go wrong?

Leave a comment

Filed under Accuracy, Board, Controls, Corporation, Data quality, Duty, Governance, Information, Oversight, Oversight, Protect assets, Value

Process safety

“Hack of Saudi Plant Targeted Safety System,” The Wall Street Journal, January 19, 2018 B4. Cyberattack focused not on the theft of information, but on a critical emergency safety shut-off system.

So, this is more about information security than it is about information governance.  Or is it?  This is the type of attack that keeps the information security folks awake at night.  A big deal in the oil patch.

Who’s responsible?  The vendor of the equipment (and software) that was hacked?  Or the owner of the plant that had the equipment on-line?

Do your company have information that is critical to the safety of your operations?  Who’s responsible for protecting that from outside attack?


Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Interconnections, Internal controls, IT, Security, Vendors

Law school exam question

I was struck by the headline: “CFTC Takes Aim At Crypto Fraud,” The Wall Street Journal, Saturday January 20, 2018 B5.  The article is about the government charging people with fraud in connection with bitcoin futures.

Forget about the article for a second, as that’s not my point.  When the currency has no inherent value, is the information that the bitcoin represents itself something of value?  And that value can change.

I’m not sure the case is different for paper currency, even if backed by the full faith and credit of the government.  Is money something different than information? Why are money assets “governed” differently than information assets?  How is money different from information.  Discuss; limit three pages.

1 Comment

Filed under Definition, Information, Value


How do you know that information provided by someone else is accurate/reliable?  How reliable do others find that source?

“Facebook To Alter Its News Feed,” The Wall Street Journal, January 20, 2018 B1. FB will “start ranking news sources it its feed based on user evaluations of credibility….”

So, your reputation for truth and veracity affects how highly information you provide gets placed.  What ever did we do before Facebook?  Trust newspapers to verify before they published?

Leave a comment

Filed under Accuracy, Controls, Data quality, Information, Internal controls, Third parties, Value

Catching up

I’ve taken a bit of a break; one of the readers of this blog asked if I’d stopped writing it.  Not that there aren’t issues on governance, information, or (and) compliance that come up daily.

Is this blog of value?  Is it worth your time?  Let me know.  How can I improve this?  Let me know by posting a comment.

Some recent stories:

  1. “Subaru Probes if Fuel Data Was Fake,” The Wall Street Journal, December 21, 2017 B1.  Company investigating whether workers fudged the numbers on fuel economy.  Another black eye for the Japanese quality objectives.  Is there/was there a culture problem?  Or did management apply too much pressure?
  2. “Wells Fargo Earns New Ire From Bank’s Overseers,” The Wall Street Journal, January 6, 2018 B10.  Bank regulators marked Wells Fargo down because of its management, and as a result the bank will pay higher insurance and be subjected to higher regulatory scrutiny.  2017 wasn’t a good year for the bank.
  3. “Court to Review SEC Judges,” The Wall Street Journal, January 13, 2018 B10.  The Court accepted an appeal that will look at whether SEC’s judges are unconstitutional, having been selected by the HR Department.  Do government agencies need to comply with the US Constitution?  Can one be “governed” by someone who wasn’t properly appointed or supervised?  Is the common law writ of quo warranto still effective?
  4. “Parents’ Dilemma: When to Give the Children Smartphones,” The Wall Street Journal, January 13, 2018 A1.  Giving your child a smartphone also gives them access to a whole bunch of stuff you might wish they didn’t have so much access to.  Are you properly governing how much information your kids can see?  Do you also provide them a handgun (without bullets, of course)?  (The article talks about teaching your children to use cocaine, but in a balanced way). Not all information accessible by smartphone is of equal value, and different parties in the transaction value different information differently.

Leave a comment

Filed under Access, Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Security, Third parties, Value