Category Archives: Internal controls

The dog that didn’t bark

In a departure from normal practice, I comment upon an event unreported, as far as I can tell, in The Wall Street Journal.  For me, some things transcend politics.

Maybe I missed it.  Or maybe The Wall Street Journal didn’t see fit to print the leaked transcripts of President Trump’s post-inauguration phone calls with the leaders of Mexico and Australia.

What does it say that this story, blaring over the TV newswires, wasn’t printed?  Does it say something about some organizations placing the Nation’s security above their own circulation numbers?  Is that a control you can rely on?  Apparently not from everyone.

Even if the paper had or did print something on this, what does the leak of those transcripts say about information governance?  First, does the White House have adequate controls and culture in place?  Clearly not.  Maybe General Kelly can help with that.

But what about the person who signed an oath and nonetheless decided to leak these classified transcripts to the press, thinking little or nothing about the impact on future calls between world leaders?  What’s their understanding of duty?  Placing the Nation’s needs above those of party or self?

Hang ’em high.

Leave a comment

Filed under Access, Compliance, Controls, Culture, Duty, Employees, Governance, Government, Internal controls, Protect assets, Third parties

VW Compliance Executive Pleads Guilty

“Ex-VW Official Admits Role in Emissions Cheating,” The Wall Street Journal, August 5, 2017 B3. A former VW “compliance executive” charged with conspiracy to defraud the US, wire fraud, and Clean Air Act violations pleads guilty.  He admits he knew about the software used to mislead US environmental regulators.  Faces sentencing in criminal case in December.

Hiding information from the government is not a good thing.  What was the culture that allowed this to happen?  Did people feel a need to do this to compete?  Too many car companies have been caught up in such scandals to have it be random.

The shareholders have paid (and are continuing to pay) for the mistakes of the employees of the company.  Who else from the company is going to go to jail,  or lose his/her job?  VW is facing costs in just the US of more than $25 billion and investigations elsewhere.  Does the “compliance executive” know of others who also knew?  Might he offer up some names before December?  People who bought VWs are going to want to recover damages from someone.

Leave a comment

Filed under Accuracy, Analytics, Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Oversight, Value

Hire the bad guys

Someone breaches your security perimeter and hacks your product.  Relax, it was only a job interview.

“GM Hires Famed Jeep Hackers,” The Wall Street Journal, August 1, 2017 B5.  The people who that successfully hacked a moving Jeep have been hired by GM to advise on cybersecurity.

I guess it’s better to have them inside the tent rather than outside.  But it’s only a guess.

Leave a comment

Filed under Access, Controls, Internal controls, IT, Security, Third parties

Going to the movies

Sony was not alone.  HBO gets hacked, too, and Netflix.  Is nothing sacred?

“Hackers Stole HBO Programming,” The Wall Street Journal, August 1, 2017 B2.  Game of Thrones may be coming sooner than planned.    Hacker also got personal information on at least one executive.

How well is your information protected?  What’s that protection worth?

Leave a comment

Filed under Access, Controls, Governance, Information, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Security, Value

The grip on your information

“Apple Eases Its Grip in Chinese Data,” The Wall Street Journal, July 13, 2017 B3.  “To comply with tough new cybersecurity rules, Apple will begin storing all cloud data for its Chinese customers with a government owned company [in China] ….”  Apple “will retain control over encryption keys.”  That makes me much more comfortable.

It might appear that China is exerting its grip on the data stored by Chinese customers on iCloud.  But whose data is it, anyway?  And what if other countries take similar steps with their citizens’ data?  Any opportunity for mischief?

Leave a comment

Filed under Access, Controls, Information, Internal controls, IT, Ownership, Privacy, Security, Third parties

Keeping it in the family

“Two Plead Guilty in Insys Cases,” The Wall Street Journal, July 12, 2017 B3.  Insys Therapeutics had an unusual fentanyl problem: bribing doctors to prescribe it.  Two saleswomen took the plea.

Notable:  one of the women is married to the firm’s former CEO, who  was arrested on related charges in December, together with 5 other senior managers.

Does corruption normally run this deep?  Where is (or was) the board?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight

Pesky little documents

“Caterpillar Faces New Questions in Probe,” The Wall Street Journal, July 3, 2017 B1.  During a criminal investigation, required export documentation couldn’t be found. Apparently, there are also inconsistencies between what was submitted to the Department of Commerce and what was turned over in response to subpoenas.

So, a corpration may be charged criminally.  What about officers, directors, and employees?

It is only foolish consistency, not inconsistency, that is the hobgoblin of little minds.

Leave a comment

Filed under Accuracy, Compliance, Compliance Verification, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Oversight, Value