Category Archives: Internal controls

Metrics

Industrial Espionage Cases Soar In U.S.,” The Wall Street Journal, September 20, 2019 A1. Theft of trade secrets at a medical technology start-up.  Chinese spies.  $180 billion a year.

The headline says it all.

Advertisements

Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, IT, Protect assets, Protect information assets, Security, Third parties, Value

Burned by a phone

Apparently, NCAA rules prohibit coaches from using a burner phone to contact football recruits.  Or lying about it when you do.

“‘Burner Phone’ Accusation Marks New Chapter in Ole Miss Scandal,” The Wall Street Journal, September 20, 2017 A16. Coaches accused and investigated, and asked to sign certifications that they had never used pre-paid phones for recruiting or other work-related purpose.

Is this a question you normally ask your employees, or is this a form you have them sign?  Should you ask for a certification that exiting employees do not have any company information on a non-company asset or location?

Leave a comment

Filed under Access, Board, Compliance, Compliance Verification, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Legal, Oversight, Oversight, Policy, Protect assets, Security, Third parties

Barclays culture, continued

“Compliance Officer To Leave Barclays,” The Wall Street Journal, September 16, 2017 B1. The compliance officer at Barclays responsible for the whistleblower program settled “an employment dispute” with Barclays right before a hearing in London.  The CEO had earlier tried to learn the identity of the employee who complained about his hiring of a buddy.  The UK regulatory authority is still investigating that matter.

But the CEO remains in place.  Go figure.  I guess the Board’s sense of ethics is flexible.

I wonder what the employment dispute was about?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight, Policy, Privacy, Supervision, Third parties

Equifax ripple

Looking beyond your own credit profile for impacts from the Equifax hack?

“Exchanges Warn Of Hacking Risks,” The Wall Street Journal, September 16, 2017 B11.  NYSE execs, and others, warn that post-Equifax, a likely “juicy target” will be a database established to detect market manipulation.

Is your company a participant in a program that builds targets that would be especially attractive to hackers?  How well are you protecting it, and what will you do to reduce the impact of a hack?

Those who don’t learn from history …

Leave a comment

Filed under Access, Board, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Information, Internal controls, IT, Oversight, Protect assets, Protect information assets, Security, Third parties, Value

Caesar’s wife he’s not

“CEO Quits Embattled Firm,” The Wall Street Journal, September 16, 2017 B2.  The CEO of SoFi (an online lender) quits after allegations of improper workplace behavior.  He also steps down as chairman of the board.  His behavior towards women was an issue.

Five years earlier, there had been similar allegations.  It only took five years!

What does it say about a company where it takes five years to oust the Chairman of the Board for inappropriate behavior?  What does it say about the culture that was allowed to persist?

Who’s in charge when the Chairman is bent?  Will the ads stop now?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Internal controls, Oversight

Equifax, Chapter 3

“Two Equifax Officials Exit,” The Wall Street Journal, September 16, 2017 B1.  In the biggest surprise since the sun set last night, the CIO and the chief security officer at Equifax have retired. A week after the hack of 143 millions account records.

What about the members of the Board of Directors, who knew of the risk of a cybersecurity breach and didn’t take sufficient steps to prevent it?  The shareholders – who didn’t have the power to makes sure Equifax’s network was secure – will certainly pay.  But what about the directors?  And the other officers, starting with the CEO.

By the way, what are their names, Social Security numbers, dates of birth, and driver’s license numbers?  Inquiring minds want to know.

Leave a comment

Filed under Access, Board, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Privacy, Protect assets, Protect information assets, Security, Value

Close that barn door!

“Banks Weigh Shift From Equifax,” The Wall Street Journal, September 13, 2017 B14.  Hack of 143 million accounts causes banks to turn to Equifax’s competitors.

Talk about closing the barn door after 143 million horses have bolted!  What are the banks doing to prevent the fraudulent use of the information obtained through the hack in their decisions to issue or deny credit?  Merely moving to a different credit bureau doesn’t begin to address the flaw in the banking system’s reliance on your Social Security Number and date of birth to uniquely identify you.

Not that I’m calling for a National ID card.  Maybe we should all have a microchip, like our pets.  Don’t we need a new solution, suitable for the digital age?

See related note at “Hack of All Hacks,” September 12, 2017.

Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Operations, Oversight, Privacy, Protect assets, Third parties, Use, Value