Category Archives: Controls

Kobe (3)

The adventure continues, after Kobe Steel announced earlier this month that workers at several different facilities had fudged paperwork on product quality, dating back to at least 2007.  Apparently, getting that type of paperwork accurate is important.  To someone.

“U.S. Looking Into Kobe Steel Scandal,” The Wall Street Journal, October 18, 2017 B3.  Department of Justice kicks off a request for information after company disclosures about practices in Japan. Affects product sold into manufacturers of train, planes, and cars.

More to follow.  Expect Congress to weigh in shortly.  Again, the problem occurred in more than one facility, over a period of years.  Is that a failure of compliance, or culture, or both?

An example of the intersection of governance, compliance, and information.

Advertisements

Leave a comment

Filed under Accuracy, Compliance, Controls, Corporation, Culture, Data quality, Definition, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Reliance, Use, Value

Raining, pouring

Why does it seem that when a certain type of crisis happens in one industry leader, similar crises pop up in other members of the same industry?  Does “culture” affect an entire industry?  What about a culture of “not reporting”?

“Amazon Executive Quits Amid Sex Claim,” The Wall Street Journal, October 18, 2017 A10. The head of Amazon Studios (who had close business relationships with Harvey Weinstein) “resigns” after a producer claimed he had sexually harassed her two years ago.

What does it say that there were so many unreported instances of sexual harassment in this industry (many coming out in recent weeks in various media outlets)?  Did people not complain or did people not respond?  Or was the press/media not interested, for any one of a whole host of reasons?

Leave a comment

Filed under Compliance, Controls, Corporation, Culture, Duty, Employees, Governance, Internal controls, Oversight, To report

Chinks in the chain

“Wi-Fi Flaw May Endanger Security,” The Wall Street Journal, October 17, 2017 B4.  A wi-fi flaw opens up systems to hackers.  Impact mostly for corporations, affecting WPA2 protocols.  But does affect older Android phones and use of Wi-Fi networks while traveling.

Is cyber-security too complex for humans to understand?

Hopefully, the corporations will install the patches on a timely basis.  What other steps should we take in the meantime?

Leave a comment

Filed under Access, Controls, Interconnections, IT

Equifax, cont’d

“After Equifax, a New Way Forward,” The Wall Street Journal, October 17, 2017 B4.  How to replace the Social Security Number as the common way to identify us and authenticate our transactions to lots of organizations, both public and government.

Who decided to take the risk of using the SSN for this?  Should the same people (i.e., banks) pay for the cost of their chosen course of action, or for using someone else’s information?  Or your doctor/insurance company?  Sure, it’s easy(ier) for the banks.

Who owns your SSN?  You?  The government?  Did you consent to this use of your information?  Did the government?  If you didn’t, I guess getting a mortgage would be difficult.

Leave a comment

Filed under Access, Controls, Information, Ownership, Third parties

Mulligan

This is a straight compliance piece, where a corporation is held liable for the misdeeds of its employees (agents).

“Wells Fargo to Pay $3.4 Million Over Advisers’ Flub,” The Wall Street Journal, October 17, 2017 B10.  Apparently, some of the bank’s financial advisers recommended volatility ETFs when they shouldn’t have.  The advisers also didn’t have adequate training.

This is straightforward.  Should some manager be fired or disciplined?  Maybe.  This would not seem the type of event that calls into question the Board’s duty to supervise, unless this is the third time this same compliance issue has arisen.  This is only the second time.  The bank paid nearly $3 million in fines and restitution in 2012 for a similar violation.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Oversight, Oversight, Requirements

Kobe (2)

“Kobe Steel Discloses More Reporting,” The Wall Street Journal, October 14, 2017 B3. Falsification of quality documents is much more prevalent than first reported at Kobe Steel.  Twice the number of customers now involved.  500.

Once you find a rotten apple, one can make certain assumptions about the rest of that barrel.  It’s a culture issue, at its core.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Policy, Protect assets, Protect information assets, Third parties

Equifax and SEC Hacks

A lot in the news of late about the hacks at Equifax and the SEC.

“SEC Discloses Edgar Corporate Filing System Was Hacked in 2016,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Hackers Spied for Months,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Board Weighs Clawbacks,” The Wall Street Journal, September 30, 2017 B3.  How many years’ compensation will be affected?

“Equifax Lawyer in Hot Seat,” The Wall Street Journal, October 2, 2017 A1.  Chief legal officer probed for clearing stock sales after executives knew, but no one else did, about the hack.

“Equifax Ex-CEO Lays Out Lapses,” The Wall Street Journal, October 3, 2017 B1.  Staffers blamed for not reacting to public warning.

“Lawmakers Slam the Ex-CEO Of Equifax,” The Wall Street Journal, October 4, 2017 B1.  He and others “weren’t aware of the significance of the company’s data breach ….” “[A]n employee failed to notify other staff to patch the software ….”  For want of a nail ….

“Senators Rap Credit-Reporting Model,” The Wall Street Journal, October 5, 2017 B1.  “[W]hy consumers shouldn’t have power over the data [credit companies] collect on them”?

“Lawmaker Asks SEC To Delay Trade Log,” The Wall Street Journal, October 5, 2017 B12.  Head of House Financial Services Committee pressures SEC to delay release of trading database following hack of SEC systems. Can you have too much information?

“Equifax Timeline Criticized,” The Wall Street Journal, October 6, 2017 B10.  How long did Equifax sit on news of the hack before alerting the Board, the market and the Feds?  Is five weeks too long?  Executives selling stock in that window will be investigated.  Three weeks before he informed the Board.

“After Breach, SSN Reliance Is Criticized,” The Wall Street Journal, October 7, 2017 A4.  One reaction to the Equifax hack is a move to find a replacement for Social Security Numbers.

“Index Firm Flagged Equifax for Security,” The Wall Street Journal, October 7, 2017 B9.  Company warned about Equifax data security flaws in August 2016.

“Equifax Probes Possible New Breach,” The Wall Street Journal, October 13, 2017 B1.  A code installed on Equifax’s website by a vendor “serve[s] ‘malicious content’ to consumers.”  Just when you thought ti was safe to go back in the water again.

“GOP Bill Would Boost Checks on Credit Firms,” The Wall Street Journal, October 13, 2017 B10.  The horse having left the barn, the government wants to exercise more oversight.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Value, Vendors