Category Archives: Compliance Verification

Burned by a phone

Apparently, NCAA rules prohibit coaches from using a burner phone to contact football recruits.  Or lying about it when you do.

“‘Burner Phone’ Accusation Marks New Chapter in Ole Miss Scandal,” The Wall Street Journal, September 20, 2017 A16. Coaches accused and investigated, and asked to sign certifications that they had never used pre-paid phones for recruiting or other work-related purpose.

Is this a question you normally ask your employees, or is this a form you have them sign?  Should you ask for a certification that exiting employees do not have any company information on a non-company asset or location?

Advertisements

Leave a comment

Filed under Access, Board, Compliance, Compliance Verification, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Legal, Oversight, Oversight, Policy, Protect assets, Security, Third parties

The Hack of All Hacks

The Yahoo hack may have affected 1.5 billion customers.  But in terms of targeted hacks, OPM was pretty big.  There’s a new contender for the Hack of Hacks.

“Equifax Reveals Huge Breach,” The Wall Street Journal, September 8, 2017 A1.  The records (name, address, Social Security number, birth date, etc.) of 143 million US consumers at the credit reporting company have been hacked. That’s roughly half the US.  And they sat on it for awhile (since they discovered in on July 29).

Will this fundamentally change the landscape?  Will we see EU-level privacy controls in the US?  Will the directors of Equifax face personal liability for not ensuring the information was protected?  How can you protect your Social Security Number five years from now?  How will credit decisions be made in the future?

 

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Risk Assessment, Security, Supervision, Value, Vendors

Keeping it in the family

“Two Plead Guilty in Insys Cases,” The Wall Street Journal, July 12, 2017 B3.  Insys Therapeutics had an unusual fentanyl problem: bribing doctors to prescribe it.  Two saleswomen took the plea.

Notable:  one of the women is married to the firm’s former CEO, who  was arrested on related charges in December, together with 5 other senior managers.

Does corruption normally run this deep?  Where is (or was) the board?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight

Pesky little documents

“Caterpillar Faces New Questions in Probe,” The Wall Street Journal, July 3, 2017 B1.  During a criminal investigation, required export documentation couldn’t be found. Apparently, there are also inconsistencies between what was submitted to the Department of Commerce and what was turned over in response to subpoenas.

So, a corpration may be charged criminally.  What about officers, directors, and employees?

It is only foolish consistency, not inconsistency, that is the hobgoblin of little minds.

Leave a comment

Filed under Accuracy, Compliance, Compliance Verification, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Oversight, Value

Duty of Directors

One of my common themes is the duty of directors.  They get paid a lot of money to act as fiduciaries for the company’s shareholders.

“Warren Keeps Pressure on Wells,” The Wall Street Journal, June 20, 2017 B10.  Senator Elizabeth Warren (D. Mass.) is leaning on the Federal Reserve (arguably an independent body) to remove 12 directors who served on Wells Fargo’s Board when the account- cramming scandal was going on.  Other problems have emerged at Wells Fargo since then.

The shareholders didn’t/couldn’t vote them out in April, and so far (as I know) the directors haven’t been held personally liable for negligent oversight.  So it’s nice that someone is still pursuing the people in charge at the time that (some of the) bad things were happening.

Some executives got fired or their bonuses were docked.  The shareholders lost a bundle in fines and penalties paid by the company.  It would be nice if the directors were held responsible and accountable — not just to penalize them, but to put other directors on notice of what they are getting paid to do, and for whom.

Would be nice to have a poster child for the director’s duty.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Culture, Directors, Duty, Duty of Care, Governance, Inform shareholders, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment, Supervision

Nearly governance

The shareholders at Wells Fargo almost exercised “governance” over the Board of Directors.

“Wells Fargo Directors Face Shareholders’ Ire,” The Wall Street Journal, April 26, 2017 A1.  Several directors were nearly voted out at the annual meeting on Tuesday, following the Board’s failure to provide sufficient oversight to prevent or even discover the account cramming scandal that persisted over several years.

Directors have a duty of oversight; they are fiduciaries, after all.  If they breach that duty, the shareholders can either bring a derivative suit and try to impose individual liability (or reach the insurance), or vote the rascals out of office, thereby besmirching their reputation.  But neither remedy is easy.  Shareholders face several hurdles to impose governance on the Board.

At least it’s a shot across the bow.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Directors, Duty, Duty of Care, Governance, Inform shareholders, Investor relations, Oversight, Oversight, Supervision

Do you track what’s the normal cost?

“Venezuela Alleges Fraud in $1.3 Billion Oil-Rig Lease,” The Wall Street Journal, March 16, 2017 A10.  “Officials at PdVSA [the state oil company in Venezuela] were accused of embezzlement by paying inflated fees.”

How do you track whether the company is paying inflated fees to companies owned by Saudi princes, with a no-bid contract to an industry newcomer?  You do track that, don’t you?  As a director you would want to make sure that people weren’t paying too much for service contracts.  Why would the state oil company pay inflated rates?  Aren’t these bribes going the ‘wrong’ way?  Or was it just waste and incompetence?  The difference is only $250,000 a day for seven years.

Do you consider the information governance aspects of the FCPA, beyond the books and records?  It is good that the government checks.

Leave a comment

Filed under Board, Compliance, Compliance Verification, Controls, Corporation, Definition, Directors, Duty, Employees, Governance, Government, Information, Internal controls, Oversight, Oversight, Protect assets, Risk Assessment, Risk assessment