Category Archives: Third parties

The cobbler’s children

The cobbler’s children have no shoes.  Experts tend not to tend to things at home.

“Errant Charges at Coinbase,” The Wall Street Journal, February 17, 2018 B9.  A bitcoin firm ended up charging its customers multiple times (as many as 50!) for the same transactions. Blames its vendors.

Let me see.  You can’t work out your own electronic invoicing and you want to store our digital currency?  We should trust you why, exactly?

Wouldn’t you think you’d keep a close eye on the processes by which customers are charged and you are paid?

Advertisements

Leave a comment

Filed under Accuracy, Board, Controls, Corporation, Directors, Duty, Governance, Interconnections, Internal controls, IT, Oversight, Supervision, Third parties, Vendors

Information quality

The quality of information is largely based on its accuracy.  Excluding others from using that information can also be valuable, such as trade secrets, patents, or copyrights.  An additional factor is the information’s timeliness: getting information before someone else allows you to use that information first.  Even fractions of a second can matter.

“CME Defect Aids Speedy Traders,” The Wall Street Journal, February 13, 2018, B1.  Five years ago, some high-frequency traders took advantage of the small time gap between (a) when they received confirmation of trades and (b) when those trades were reported to the market.  Based on this information, they deduced the direction of market movements and sold or bought, as appropriate, before that information was in the market.  The exchange fixed this.  Sort of, as the problem has reappeared, albeit much smaller.  But microseconds matter, when it’s the computers that are doing the trading.

What’s the point?  Well, what information would you pay more for to get it sooner?  Do you rely on getting information at the same time as (or before) your competitors, allowing you to use your superior skill, foresight, and industry to profit from it?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Information, Internal controls, Third parties, Value

Uber settles

“Uber Settles Trade-Secrets Case,” The Wall Street Journal, February 10, 2018 B1.  Uber pays more than $240 million to settle case, and agrees not to use certain technology on self-driving cars, allegedly belonging to Waymo.  The agreement not to use was worth perhaps $250 million.

How does your company make sure it isn’t using a third party’s intellectual property without permission?  Is this an important part of your compliance program?  How does your company manage its acquisitions of new companies, some of whom (or their employees) may not have been as diligent in avoiding trade secret theft?

How can you prevent people from bringing information that you do not want into your company?  What are your processes?

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Ownership, Policy, Protect assets, Protect information assets, Supervision, Third parties, Value, Vendors

Believable denials

“Equifax Denies Breach Of Passport Numbers,” The Wall Street Journal, February 8, 2018 B10.  In the hack of its files, Equifax admits exposing information of perhaps 145 million people.  Social Security numbers, stuff like that.  And credit card numbers and driver’s license numbers.  Senator E. Warren says the hack also exposed passport numbers.  Equifax says it didn’t.

Who do you believe?  One of them is wrong.   Which is more likely, that Equifax is lying or that a sitting US Senator didn’t understand Equifax’s submission to Congress?  When information is contradictory, how do you minimize risk?

 

Leave a comment

Filed under Access, Accuracy, Controls, Corporation, Duty, Government, Third parties

Vendors

“U.S. Probes Supplier to VW,” The Wall Street Journal, February 1, 2018 B2.  Engineering firm under criminal investigation for alleging helping VW cook the emissions tests – altering the nature of the information provided to the government.  See also, “Robert Bosch Workers Face Probe,” The Wall Street Journal, February 1, 2018 B3. (Similar allegations, but involving Chrysler).

Are you concerned about your vendors?  Do you make sure they comply with law?  Do you appreciate the data that confirms your own compliance?  What’s it worth to have that data be accurate?

Were this a blog about Crisis Management and Emergency Response, there would be an entry here about what you should do when you hear that someone else in your industry has been doing something bad.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, Third parties, Value, Vendors

Willie Sutton?

Willie Sutton (a famous bank robber) was reportedly asked, “Why do you rob banks?” He reportedly said, “Because that’s where the money is.” https://www.snopes.com/quotes/sutton.asp

“Hackers Plunder Crypto Exchange,” The Wall Street Journal, January 27, 2018 B5. More than $500 million in credits hacked from the Coincheck site in Japan.  One assumes virtual banks are easier to rob than brick and mortar banks.

This is a concrete example of the cost of a cyber breach.  But it also follows on from an earlier post (Law School Exam Question) equating cash money and information, in terms of value.

If businesses (including the Board of Directors) treated information assets as cash, and managing, protecting, and controlling the organization’s information as currency, would that be “information governance”?  Why do they handle information assets differently?  Why should the Board and the officers get a pass on this?  The shareholders certainly don’t.

Leave a comment

Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Ownership, Protect, Protect assets, Protect information assets, Security, Third parties, Value

Leaking government documents

One would think that professionals hold themselves to a higher standard, and would not conspire to take advantage of leaks of information from someone who shouldn’t be leaking it.

Au contraire, mes amis.

“Former KPMG Executives Charged,” The Wall Street Journal, January 23, 2018 B1.  KPMG execs arranged to get a heads up on which KPMG audits were going to be reviewed by the PCAOB.  After things went south and the investigation started, people started deleting emails and texts.  Same song, different verse.

So, working with a federal government agency to get confidential government information.  Consequence: criminal indictments of KPMG partners and civil suits.  They were also fired.  KPMG cooperated “fully” in the investigation.  The leakers at the government were angling for jobs at KPMG.

Lessons:

  1. Auditors commit crimes, too
  2. Confidential government information belongs to the government
  3. Conspiring with government employees to get that information is a crime
  4. Your employer has a lot of incentives to cut you loose if you’ve committed a crime in the course of your business
  5. It’s hard to get a job as an auditor after a criminal conviction
  6. Deleting emails and texts after an investigation started is Bad.  See also 18 USC §1519
  7. If partners in your firm are doing this, what else is going on?
  8. No one at the government has been charged

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Ownership, Third parties