Category Archives: Business Case

Do new laws cost money?

“Data Curbs Put Facebook in Bind,” The Wall Street Journal, July 31, 2018 B4.  The GDPR in Europe places new restrictions on Facebook’s business model.  The new rules make it harder for Facebook to get advertising revenue based on the views by users of the platform.

How well does your company prepare for changes in the law?  Is this on your risk matrix?

Advertisements

Leave a comment

Filed under Business Case, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, New Implications, Risk, Value

Do your customers have an alternative?

What happens to your business if you or your customers can’t get to the Internet?

“Visa Hit by Outrage In Parts of Europe,” The Wall Street Journal, June 2, 2018 B12.  Users of Visa cards in Europe couldn’t use their cards on Friday as the result of a hardware failure.

Are you prepared for a hardware failure that prevents your customers from reaching you?  Is this an aspect of information governance?  Business continuity planning?  Both?

Leave a comment

Filed under Access, Business Continuity, Interconnections, IT, Operations, Risk

Bait and switch?

You make some promises, or strong indications, to a star performer that he or she is so above average, next year you will get ___ a year early.  [Fill in the blank]

How do you handle a change in direction?

“Goldman’s Rising Stars Told to Hold,” The Wall Street Journal, May 26, 2018 B9.  Two years ago, a group of high-potential employees were told they were on the fast track and would get promoted before the rest of their class.  Now they are told there is no fast track this year.

How do you handle it when you have to tell your star performer that she/he’s not going to get what you told them they were going to get?  Have you just put your crown jewels into play?  How do you rebuild trust and confidence in your best and brightest?

Is this Information or Governance or just bad management?  Does it matter whether you told them in writing or not?  Is that a risk that was considered?

 

Leave a comment

Filed under Definition, Duty of Care, Governance, Information, Protect assets, Risk, Who is in charge?

WWW

“New EU Rule Puts Scare Into Websites,” The Wall Street Journal, May 26, 2018 B4.  US websites block access by people in the EU to avoid breach of new GPDR.

This raises several interesting questions.

  1. What’s the risk that your website collects or stores information in violation of the General Data Protection Regulation?
  2. Is it better to cut off service to people in the EU rather than to take the risk that you don’t comply with EU privacy legislation?
  3. Will this open up a new market for Google-like and Facebook-like European competitors?
  4. How will the users in the EU react?
  5. Just how hard is it to comply with the GDPR?  You write a policy and take some internal steps to control your use of consumer information.
  6. Is this Y2K revisited?
  7. Is this Information, Governance, or Compliance?  A combination of some all of those?

Leave a comment

Filed under Access, Business Case, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Interconnections, Internal controls, IT, New Implications, Oversight, Privacy, Protect assets, Risk, Technology

Sniff test

What happens to compliance when the CEO and her boyfriend collaborate to create a culture of secrecy and fear?

“Partners in Blood,” The Wall Street Journal, May 19, 2018 C1.  Reports from the trenches at Theranos, which said it was able to run a range of tests from a few drops of blood; it couldn’t.  SEC charges company with fraud, and investors lose millions.

While the implications of a relationship of the CEO goes to Governance, are there also links to Compliance and Information?  What impact did the culture have on the company’s compliance?  How do investors know about the nature of a CEO’s personal relationships leaking into the corporate environment?

Who should have seen this and reported it to someone?  Why didn’t the directors smell a rat?

Leave a comment

Filed under Board, Compliance, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Risk, Supervision, To report

Costly

Wells Nears $1 Billion Settlement,” The Wall Street Journal, April 20, 2018 B1.

Wells Fargo is about to be (has been) fined close to $1 billion for irregularities regarding auto loans, auto insurance,  and mortgage loans.  This is the civil side.  This is in addition to the $185 million for the account cramming scandal in 2016, where the bank opened new accounts and credit cards that consumers did not request.  The Chief Risk Officer is also retiring.

Once again, the shareholders pay mightily for the sins of (mis-)management.

Leave a comment

Filed under Compliance (General), Culture, Governance, Risk, Risk assessment, Supervision

Knowledge is dangerous

“In a First, U.S. Firms Reveal Workers’ Pay Gap With CEO,” The Wall Street Journal, March 12, 2018 A1.  US law requires disclosure of comparison of CEO’s pay to that of the median worker in the CEO’s company.

Noodle on this for a minute.  Who “owns” the information as to what you earn?  Do you?  If so, you could, if you wanted to, publish that information or post it on your door.  Does your employer encourage you not to do that?  Who’s hiding what from whom?  Would you be interested to learn that Joe in the next cubicle is paid 10% more than you are?  Is his job or his qualifications that much different?  Why don’t companies post this information by position?  Why are you nervous about posting your salary?  Are you embarrassed?

Just curious.

Leave a comment

Filed under Access, Business Case, Controls, Duty, Employees, Information, New Implications, Ownership, Privacy