Category Archives: Access

Can information have a negative value?

Doug Laney has done a lot of good stuff on infonomics, and the value of information.  But can information have a negative value?

“FBI Didn’t Follow Up Tip By Person Close to Shooter,” The Wall Street Journal, February 17, 2018 A1.  FBI got a tip on January 5 about the person who ended up shooting up the school at Parkland on February 14.  Failed to act on it.  Seventeen people died.

Do you have a duty to use information you have?  What if you have important information and you don’t use it, or can’t use it because you can’t find it?  Is that a liability (i.e., a “negative asset”)?

Do your internal controls make sure that critical information gets to the decision makers promptly?  If not, who’s responsible?

Look at the past year or two in industry and you will find several examples of the cost of not having important information reach the right people at the right time.  For example, Wells Fargo management didn’t learn of the account cramming until months or years later.  The Board at GE didn’t know about the two-plane approach the CEO was using.

Which is worse, knowing or not knowing?  Don’t know, but certainly knowing and not doing anything is the most expensive.


Leave a comment

Filed under Access, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Oversight, To report, Value

Information quality

The quality of information is largely based on its accuracy.  Excluding others from using that information can also be valuable, such as trade secrets, patents, or copyrights.  An additional factor is the information’s timeliness: getting information before someone else allows you to use that information first.  Even fractions of a second can matter.

“CME Defect Aids Speedy Traders,” The Wall Street Journal, February 13, 2018, B1.  Five years ago, some high-frequency traders took advantage of the small time gap between (a) when they received confirmation of trades and (b) when those trades were reported to the market.  Based on this information, they deduced the direction of market movements and sold or bought, as appropriate, before that information was in the market.  The exchange fixed this.  Sort of, as the problem has reappeared, albeit much smaller.  But microseconds matter, when it’s the computers that are doing the trading.

What’s the point?  Well, what information would you pay more for to get it sooner?  Do you rely on getting information at the same time as (or before) your competitors, allowing you to use your superior skill, foresight, and industry to profit from it?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Information, Internal controls, Third parties, Value

Believable denials

“Equifax Denies Breach Of Passport Numbers,” The Wall Street Journal, February 8, 2018 B10.  In the hack of its files, Equifax admits exposing information of perhaps 145 million people.  Social Security numbers, stuff like that.  And credit card numbers and driver’s license numbers.  Senator E. Warren says the hack also exposed passport numbers.  Equifax says it didn’t.

Who do you believe?  One of them is wrong.   Which is more likely, that Equifax is lying or that a sitting US Senator didn’t understand Equifax’s submission to Congress?  When information is contradictory, how do you minimize risk?


Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Government, Third parties

Information from unusual places

What if you get information from an unexpected source?  What’s that worth?

“Stanford’s Aid Whistleblower,” The Wall Street Journal, February 1, 2018 B5.  A second-year MBA student does a study of scholarship decisions and blows the whistle on his own school.  Based on information found on a shared drive.

The information is there.  Are you aware what it says?  What’s it worth to have that analysis before someone else does it?  Is this something that Stanford wished wasn’t found, eight years later, on a shared drive?

Is this post about the value of information or the value of managing who gets access to what?  Or something else?

Leave a comment

Filed under Access, Controls, Duty, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Protect assets, Security, Value

Leaking government documents

One would think that professionals hold themselves to a higher standard, and would not conspire to take advantage of leaks of information from someone who shouldn’t be leaking it.

Au contraire, mes amis.

“Former KPMG Executives Charged,” The Wall Street Journal, January 23, 2018 B1.  KPMG execs arranged to get a heads up on which KPMG audits were going to be reviewed by the PCAOB.  After things went south and the investigation started, people started deleting emails and texts.  Same song, different verse.

So, working with a federal government agency to get confidential government information.  Consequence: criminal indictments of KPMG partners and civil suits.  They were also fired.  KPMG cooperated “fully” in the investigation.  The leakers at the government were angling for jobs at KPMG.


  1. Auditors commit crimes, too
  2. Confidential government information belongs to the government
  3. Conspiring with government employees to get that information is a crime
  4. Your employer has a lot of incentives to cut you loose if you’ve committed a crime in the course of your business
  5. It’s hard to get a job as an auditor after a criminal conviction
  6. Deleting emails and texts after an investigation started is Bad.  See also 18 USC §1519
  7. If partners in your firm are doing this, what else is going on?
  8. No one at the government has been charged

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Ownership, Third parties

Process safety

“Hack of Saudi Plant Targeted Safety System,” The Wall Street Journal, January 19, 2018 B4. Cyberattack focused not on the theft of information, but on a critical emergency safety shut-off system.

So, this is more about information security than it is about information governance.  Or is it?  This is the type of attack that keeps the information security folks awake at night.  A big deal in the oil patch.

Who’s responsible?  The vendor of the equipment (and software) that was hacked?  Or the owner of the plant that had the equipment on-line?

Do your company have information that is critical to the safety of your operations?  Who’s responsible for protecting that from outside attack?


Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Interconnections, Internal controls, IT, Security, Vendors

Catching up

I’ve taken a bit of a break; one of the readers of this blog asked if I’d stopped writing it.  Not that there aren’t issues on governance, information, or (and) compliance that come up daily.

Is this blog of value?  Is it worth your time?  Let me know.  How can I improve this?  Let me know by posting a comment.

Some recent stories:

  1. “Subaru Probes if Fuel Data Was Fake,” The Wall Street Journal, December 21, 2017 B1.  Company investigating whether workers fudged the numbers on fuel economy.  Another black eye for the Japanese quality objectives.  Is there/was there a culture problem?  Or did management apply too much pressure?
  2. “Wells Fargo Earns New Ire From Bank’s Overseers,” The Wall Street Journal, January 6, 2018 B10.  Bank regulators marked Wells Fargo down because of its management, and as a result the bank will pay higher insurance and be subjected to higher regulatory scrutiny.  2017 wasn’t a good year for the bank.
  3. “Court to Review SEC Judges,” The Wall Street Journal, January 13, 2018 B10.  The Court accepted an appeal that will look at whether SEC’s judges are unconstitutional, having been selected by the HR Department.  Do government agencies need to comply with the US Constitution?  Can one be “governed” by someone who wasn’t properly appointed or supervised?  Is the common law writ of quo warranto still effective?
  4. “Parents’ Dilemma: When to Give the Children Smartphones,” The Wall Street Journal, January 13, 2018 A1.  Giving your child a smartphone also gives them access to a whole bunch of stuff you might wish they didn’t have so much access to.  Are you properly governing how much information your kids can see?  Do you also provide them a handgun (without bullets, of course)?  (The article talks about teaching your children to use cocaine, but in a balanced way). Not all information accessible by smartphone is of equal value, and different parties in the transaction value different information differently.

Leave a comment

Filed under Access, Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Security, Third parties, Value