“Amazon Fires Worker for Leaking Data,” The Wall Street Journal, October 6, 2018 B1. Leaker of customer email addresses fired and may be prosecuted.
Is this a Man-Bites-Dog story, just considering the source? What did this cost the employee? What did it cost Amazon? What damage did it cause to the customers?
Filed under Access, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, IT, Oversight, Protect assets, Security
“Facebook Hackers Access Nearly 50 Million Accounts,” The Wall Street Journal, September 29, 2018 A1. Unknown hackers may have gotten access as early as July 2017 by exploiting flaws in the system’s code. May have taken over your account and gotten to your posts and private messages, and may have the credentials to access other services, like Tinder and Spotify.
Is Facebook responsible for making sure its site is secure? How did the executive in charge of safety and security miss this? Does the Board at Facebook have liability? Facebook no longer has a Chief Security Officer.
Filed under Access, Board, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Technology, Third parties
What you do when an important executive is alleged to have violated company policy says a lot about your compliance program.
“Claims About Executive Tested Uber Overhaul,” The Wall Street Journal, September 27, 2018 B3. Senior executive investigated; rather than being terminated, he received a formal warning (apparently, informal was not sufficient), his bonus was reduced Why do you give bonuses to people who violate company policy?), and was required to take sensitivity training.
This at a company that had a rather sordid history of sexual harassment.
How will Uber convince its remaining employees that this time it is serious? Do you believe them? Is this an effective compliance program under the Federal Sentencing Guidelines, assuming that’s the appropriate measure?
Where’s the Board? Do they care?
Filed under Board, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Uncategorized
“Ex-Salix Official to Pay Fine,” The Wall Street Journal, September 29, 2018 B10. A company’s CFO understated the company’s inventories held by wholesalers; fined $1 million.
“Under-reporting,” also known in lay circles as lying, is generally not a good thing, especially for a CFO. See also, “Lender’s Unit Resolves SEC Case,”The Wall Street Journal, September 29, 2018 B10.
Filed under Accuracy, Communicate, Communications, Compliance, Compliance (General), Controls, Duty, Employees, Governance, Internal controls, Third parties
“SEC Sues to Oust Musk From Tesla Over Tweets,” The Wall Street Journal, September 28, 2018 A1. The SEC sued to remove Elon Musk as the CEO of Tesla, after Mr. Musk tweeted about funding for taking the company private. See also https://infogovnuggets.com/2018/08/11/loose-lips-revisited/.
So, if the CEO doesn’t follow the rules, how much do the shareholders get hurt? Ten percent (or $5 billion). What’s Compliance worth to them?
Take that and smoke it.
At least somebody goes to jail for leaking top secret information about Russian hacking of elections. In less than a year and a half.
“Former Intelligence Contractor Gets Five Years in Prison for Leak,” The Wall Street Journal, August 24, 2018 A2. Reality Winner, a contract worker at the NSA, gets sentenced for leaking a secret report on election hacking by the Russians from the NSA to a news outlet.
The rules do need to be enforced from time to time, or they are more like guidelines. And contractors seem to be a weak link.
Did anyone else in the chain of command get punished? If she were in Washington, DC, rather than Augusta, Ga., would she have faced the same fate?
See also https://infogovnuggets.com/2017/06/06/we-have-a-winner/.
Filed under Compliance, Compliance (General), Controls, Duty, Employees, Governance, Internal controls, Oversight, Protect assets, Third parties, Vendors
To have governance, is a single point of accountability required?
“Workers Deal With Too Many Bosses,” The Wall Street Journal, August 21, 2018 B1. According to a recent poll, two-thirds of employees have more than one boss. Some employees respond by trying to manage their bosses.
From a Governance perspective, if you have multiple bosses, who sets your priorities? Who establishes the policies and procedures and instructions that you, as an employee, must follow? How does one resolve conflicts?
And which one person in your organization bears responsibility/accountability for the overall Governance of your company’s Information? Your company’s overall Compliance with law and with company policy and procedures?
Without such a single point of accountability/responsibility, who gets punished if things don’t go right? If no one is held responsible/accountable at the C-suite level, do you really have a program-in-fact, as opposed to a program-on-paper?
Filed under Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Employees, Governance, Internal controls, Supervision, Who is in charge?
The prior post was about what you say and in what medium. So’s this one.
“SEC Probes Musk Tweets On Possible Tesla Buyout,” The Wall Street Journal, August 9, 2018 A1. Were Elon Musk’s tweets about having lined up financing for a buyout false or misleading? The SEC may want to know.
So, is information false or misleading? I thought we had freedom of speech? And (altogether too much) freedom to tweet?
Falsely shouting fire in a crowded theater is still a bad thing (thank you, Justice Holmes). As is misleading your shareholders.
Should a CEO of a listed company know better? Loose lips sink ships.
Filed under Accuracy, Communications, Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Employees, Governance, Information, Internal controls, Investor relations
The value of information can be calculated in multiple ways, from multiple viewpoints.
“My Boss Makes What? (Employees Work Harder If They Know),” The Wall Street Journal, August 6, 2018 R1. Salary transparency makes people work harder.
Is what you make “private”? Should it be? Whose interests are served by keeping this information private? Who owns it, you or your employer? Do anyone have a duty to keep this private? Why would your employer want this kept quiet? To avoid Sally complaining that she works harder/better/faster/quieter than Sue, and should be paid more? Or to keep a competitor enticing Sally away?
Ask yourself why you want to keep your salary private. Sure, you don’t want marketing agencies targeting you because you’re wealthy, but they probably can approximate your salary anyway.
Filed under Access, Accuracy, Communications, Controls, Corporation, Culture, Duty, Employees, Governance, Information, Internal controls, Managers, Ownership, Privacy, Third parties, Value
Nailing a high-visibility target demonstrates that you’re serious about compliance. Especially if he or she is a big money maker. And especially if it is over violations of your company’s procedures.
“GAM Says Fund Manager Breached Policies on Gifts,” The Wall Street Journal, August 7, 2018 B10. “[T]he star fund manager” also used his personal email to transact business for the company, and failed to follow other company procedures.
The company’s shares have dropped 44%.
Would you be surprised if your company did this? What does that say about your culture?