Category Archives: Third parties

Indicted

A Tesla employee is indicted for creating fake documents to cover up a fake-payment scheme.  “Former Tesla Employee Is Indicted,” The Wall Street Journal, November 12, 2018 B5.

Companies have a lot of controls to prevent fraud by employees, and often these controls work.  Why are there more such controls to prevent financial fraud than to prevent violations of other company procedures, such as those related to document creation, retention, and storage?

One wonders whether, in the aggregate, companies lose more money through poor document management and control than they lose through financial fraud.  How would one conduct such a study?

Advertisements

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Protect assets, Records Management, Security, Third parties, Value, Vendors

More of your data for sale

“Wall Street Analysts Are Selling More Data,” The Wall Street Journal, November 8, 2018 B11. Analysts are searching and make available a bunch of information on your information, including “social media sentiment … and geospatial mapping.”  Think of it as expanded research reports.

Well, they are in the business of reviewing data and offering opinions (for a price).  Is it much of a disintermediation for them to start selling the information directly?  I guess there’s money in it.  Or service.

Leave a comment

Filed under Access, Analytics, Collect, Controls, Corporation, Duty, Information, IT, Management, Operations, Ownership, Security, Third parties, Use, Use, Value

Tracking

“Technology Puts Pinch on Oil Smuggling,” The Wall Street Journal, November 2, 2018 B6.  Smugglers of Iranian crude will be challenged by satellites and big data.

Smugglers had in the past “hid” their ships, but that will now be harder.  Certain companies find a business opportunity in helping to track these vessels.

What controls do you need to have in place to make sure your policies are followed?  How have people tried to avoid your controls?  How did you/will you respond?  Is there a market opportunity for others to help you enforce compliance by collecting other information?

Leave a comment

Filed under Analytics, Collection, Compliance (General), Controls, Governance, Information, Oversight, Third parties, Use, Value

Chinese hacking alleged

“U.S. Charges Agents Of China Hacked Aviation Firms,” The Wall Street Journal, November 1, 2018 B4. Agents of the Chinese government indicted for trying to steal airline industry technology.

This is getting to be rather routine.  One part of this is the value of Information, and the importance of information security.  One part of this is Compliance, of course, as the US government is trying to protect the US information assets (although the company at issue probably had some responsibility for this as well, as well as their board of directors).  And, of course, Governance, as the US government is prosecuting.

We all know the business case for cyber-security.

Leave a comment

Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Duty of Care, Governance, Government, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties

Employees speaking up

At common law, an employee has a duty

  • to comply with applicable laws in the performance of his/her work for the employer
  • to comply with his/her employers reasonable instructions in the performance of that work, and
  • to report material information to his superiors.

“Credit Union Staff Faults Safeguards Against Laundering,” The Wall Street Journal, October 31, 2018 B12.  Employees raised concerns in 2017 about the anti-money laundering program at the credit union where they worked.  The chief audit executive dismissed the allegations.

Were these employees rewarded for raising these concerns? No.  Did the company make changes?  The company says it did.  Will other employees raise concerns in the future?

How seriously do you take concerns raised by your employees, who are closest to the facts?  Is this a Compliance point or a Governance point?  Or an Information point (in that Management received information and apparently didn’t use it)?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Information, Internal controls, Oversight, Third parties, To report, Use

It depends on your point of view

“U.K. Plans to Introduce Digital Tax on Tech Firms,” The Wall Street Journal, October 30, 2018 A9.  Rather than further regulating firms like Google and Facebook, the UK now tried to tax their locally generate revenue.

The lack of a universal taxing methodology may cause the big players some headaches.  Compare the patchwork of privacy obligations if you operate in different countries (or states).

Look at this from two different views.  First, how does a large multi-national comply with all the different laws around the world?  Second, how does your company deal with the overlapping laws and your own corporate policies and procedures, which may apply differently to different parts of your company?

While one-size-fits-all makes sense at one level (if you’re on top of the Governance pyramid), does this process require a bit more granular differentiation (if you are on the bottom)?

 

 

Leave a comment

Filed under Compliance, Controls, Governance, Interconnections, Internal controls, Oversight, Third parties, Who is in charge?

How much did that free dinner cost me?

“Annuities Soar After Rule’s Demise,” The Wall Street Journal, October 29, 2018 B1.  More annuities sold after failure to pass rule about disclosure of conflicts by investment advisers.

If you don’t institute controls on behavior, what will enterprising (sales)people do?  What’s it worth to you to know whether the person advising you is getting a large commission?  Would that information influence your financial decisions?  Do investors need to be protected from salespeople offering “free” meals? And if investors either (a) are or (b) are not so protected, what are the consequences on the other decisions those investors make in their lives?  Do we rely on the government to protect us from our dumb decisions?

Caveat emptor?  Is this an Information post or a Governance post?

Leave a comment

Filed under Controls, Duty, Governance, Information, Reliance, Third parties, Use, Value, Vendors