Category Archives: Oversight

Burned by a phone

Apparently, NCAA rules prohibit coaches from using a burner phone to contact football recruits.  Or lying about it when you do.

“‘Burner Phone’ Accusation Marks New Chapter in Ole Miss Scandal,” The Wall Street Journal, September 20, 2017 A16. Coaches accused and investigated, and asked to sign certifications that they had never used pre-paid phones for recruiting or other work-related purpose.

Is this a question you normally ask your employees, or is this a form you have them sign?  Should you ask for a certification that exiting employees do not have any company information on a non-company asset or location?

Advertisements

Leave a comment

Filed under Access, Board, Compliance, Compliance Verification, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Legal, Oversight, Oversight, Policy, Protect assets, Security, Third parties

Barclays culture, continued

“Compliance Officer To Leave Barclays,” The Wall Street Journal, September 16, 2017 B1. The compliance officer at Barclays responsible for the whistleblower program settled “an employment dispute” with Barclays right before a hearing in London.  The CEO had earlier tried to learn the identity of the employee who complained about his hiring of a buddy.  The UK regulatory authority is still investigating that matter.

But the CEO remains in place.  Go figure.  I guess the Board’s sense of ethics is flexible.

I wonder what the employment dispute was about?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight, Policy, Privacy, Supervision, Third parties

Equifax, Chapter 3

“Two Equifax Officials Exit,” The Wall Street Journal, September 16, 2017 B1.  In the biggest surprise since the sun set last night, the CIO and the chief security officer at Equifax have retired. A week after the hack of 143 millions account records.

What about the members of the Board of Directors, who knew of the risk of a cybersecurity breach and didn’t take sufficient steps to prevent it?  The shareholders – who didn’t have the power to makes sure Equifax’s network was secure – will certainly pay.  But what about the directors?  And the other officers, starting with the CEO.

By the way, what are their names, Social Security numbers, dates of birth, and driver’s license numbers?  Inquiring minds want to know.

Leave a comment

Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Security, Value

The Hack of All Hacks

The Yahoo hack may have affected 1.5 billion customers.  But in terms of targeted hacks, OPM was pretty big.  There’s a new contender for the Hack of Hacks.

“Equifax Reveals Huge Breach,” The Wall Street Journal, September 8, 2017 A1.  The records (name, address, Social Security number, birth date, etc.) of 143 million US consumers at the credit reporting company have been hacked. That’s roughly half the US.  And they sat on it for awhile (since they discovered in on July 29).

Will this fundamentally change the landscape?  Will we see EU-level privacy controls in the US?  Will the directors of Equifax face personal liability for not ensuring the information was protected?  How can you protect your Social Security Number five years from now?  How will credit decisions be made in the future?

 

Leave a comment

Filed under Access, Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Risk Assessment, Security, Supervision, Value, Vendors

Outsider, beware

“Infosys CEO Leaves In Row With Founder,” The Wall Street Journal, August 19, 2017 B3.  Gibson Dunn had been investigating some internal improprieties.  The former CEO, who was hired by Infosys from outside the company,  will stay on as executive vice chairman.  He is replaced by a long-time Infosys employee.

Seems a bit of a mixed message.  The founder of the company, who left 3 years ago, complains about operations under the new (and now former) CEO, but the former CEO sticks around on the Board.  Who’s really in charge?  Change is hard.

Leave a comment

Filed under Board, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Investor relations, Oversight, Third parties

Can shareholders do that?

Can one of the shareholders both sue your former CEO for fraud and contact all the other shareholders?  Apparently.

That’s what happening at Uber.  “Kalanick Critic Stirs the Pot,” The Wall Street Journal, August 15, 2017 B1.  Benchmark Capital (which also sits on the Board) sued the former CEO at Uber for fraud, saying he had failed to disclose “secret bad business practices,” which may revolve around the CEO’s increase in the number of directors, or allegations about sexual harassment and sexism.  While Uber searches for a new CEO, it is managed by a 16-person committee.  How’s that working for you?

Apparently, derivative actions aren’t a shareholder’s sole remedy.  And a board member can sue as an individual shareholder.

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Culture, Directors, Duty, Governance, Inform market, Inform shareholders, Internal controls, Oversight, Shareholders

VW Compliance Executive Pleads Guilty

“Ex-VW Official Admits Role in Emissions Cheating,” The Wall Street Journal, August 5, 2017 B3. A former VW “compliance executive” charged with conspiracy to defraud the US, wire fraud, and Clean Air Act violations pleads guilty.  He admits he knew about the software used to mislead US environmental regulators.  Faces sentencing in criminal case in December.

Hiding information from the government is not a good thing.  What was the culture that allowed this to happen?  Did people feel a need to do this to compete?  Too many car companies have been caught up in such scandals to have it be random.

The shareholders have paid (and are continuing to pay) for the mistakes of the employees of the company.  Who else from the company is going to go to jail,  or lose his/her job?  VW is facing costs in just the US of more than $25 billion and investigations elsewhere.  Does the “compliance executive” know of others who also knew?  Might he offer up some names before December?  People who bought VWs are going to want to recover damages from someone.

Leave a comment

Filed under Accuracy, Analytics, Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Oversight, Value