Category Archives: Managers


The value of information can be calculated in multiple ways, from multiple viewpoints.

“My Boss Makes What? (Employees Work Harder If They Know),” The Wall Street Journal, August 6, 2018 R1. Salary transparency makes people work harder.

Is what you make “private”?  Should it be?  Whose interests are served by keeping this information private?  Who owns it, you or your employer?  Do anyone have a duty to keep this private?  Why would your employer want this kept quiet?  To avoid Sally complaining that she works harder/better/faster/quieter than Sue, and should be paid more? Or to keep a competitor enticing Sally away?

Ask yourself why you want to keep your salary private.  Sure, you don’t want marketing agencies targeting you because you’re wealthy, but they probably can approximate your salary anyway.


Leave a comment

Filed under Access, Accuracy, Communications, Controls, Corporation, Culture, Duty, Employees, Governance, Information, Internal controls, Managers, Ownership, Privacy, Third parties, Value

Poster boy for Information Governance

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study.  It touched a lot of bases.  Now we have a better one.

While there have been a lot of information governance-related stories in the news over the past two years, including Equifax and Facebook and VW and Wells Fargo, my nominee for the one name associated with the most significant teaching example in information governance and compliance is the former FBI Director, James Comey.

First, he gave us The Day That Information Governance Died, with his July 5, 2016 pronouncement that, notwithstanding her clear violations of several applicable legal laws dealing with the handling of confidential or secret information (and the destruction of information subject to a subpoena), Secretary Hillary Clinton’s use (and wiping) of a private server to store government email was not going to be prosecuted.  Such a pronouncement deviated “‘from well-established Department policies'” that the FBI does not comment about  ongoing criminal investigations.

Then he wrote a memo ostensibly commemorating a meeting he had with his boss on government business on a government computer (while in a government vehicle) during the work day, and declared that that was his personal correspondence that he could (and did) distribute as he pleased.

And now we learn that he conducted government business over his own private gmail account {that information does not appear in the WSJ article – Ed.}, and actively avoid his boss’ oversight (and his bosses failed to adequately supervise him).  “Report Blasts FBI Agents, Comey Over Clinton Probe,” The Wall Street Journal, June 15, 2018 A1. Inspector General releases his report on the Clinton Investigation.


  • Violations of law are not enforced
  • Evidence is destroyed notwithstanding a subpoena
  • Senior employees ignore long-standing policy
  • Senior employees treat documents prepared by them in the course of business as their personal information
  • Senior employees use private email accounts to transact government business
  • Employees hide things from their bosses
  • Bosses failed to adequately supervise their reports

And this is at the FBI, by a lawyer.

Does anyone wonder why we have a hard time getting traction on information governance initiatives?  Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath.  Not sure you could cover it all in one semester, at both law schools and business schools.


Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Culture, Discovery, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Lawyers, Managers, Oversight, Ownership, Ownership, Policy, Requirements, Supervision, Who is in charge?

Shoes of the centipede

“Wells Fargo Faces More Woe Over Client Data,” The Wall Street Journal, May 18, 2018 B1.  Another shoe drops at Wells Fargo (when will it ever end?) after disclosure that employees in the wholesale business (non-consumer) banking side changed and added customer information without approval.  Reason: to meet a compliance deadline.

Is there another organization with so many compliance failures?  It started with consumer banking and credit cards and now seems to have permeated the entire enterprise.  Is it risky to call this an enterprise?  What influenced their behavior?  Why are the directors not in the dock?  Weren’t they in charge of establishing and ensuring the culture of compliance?  This is a bank, for God’s sake.

Is it easier to find someone who was or wasn’t involved in some type of bad behavior at Wells Fargo?

Leave a comment

Filed under Accuracy, Board, Compliance (General), Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Managers, Oversight, Oversight, Supervision

Are you responsible for your brother? Your cousin?

It’s bad enough trying to control your own employees, and those of your agents (and vendors).  But how do you control the employees, agents, and vendors of your various affiliates and ventures?  Do you all have the same Code of Conduct?  The same policies on a whole host of sensitive matters?

“KPMG Scandals Stay Local,” The Wall Street Journal, March 8, 2018 B10.  KPMG deals with alleged non-compliance at three international affiliates involved in auditing.

Does a client know the difference?  Do you ask prospective consultants about the compliance history of the larger firm?  Do you exercise enough control to also get liability?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Duty, Governance, Internal controls, Managers, Oversight, Third parties


“‘Success Theater’ Masked Rot at GE,” The Wall Street Journal, February 22, 2018 A1. GE’s CEO may have been too optimistic.  “This culture of confidence trickled down the ranks ….”

If the top boss has rose colored glasses, that view apparently permeates the organization. If he or she reacts badly to bad news, do people stop bring bad news?

One principle of compliance is that the tone at the top matters.  Does the CEO’s tone build filters that prevents him/her getting the facts?  Are the resulting wounds self-inflicted?  Where was the Board?

Leave a comment

Filed under Access, Accuracy, Board, Communications, Controls, Culture, Data quality, Duty, Employees, Governance, Internal controls, Managers, Oversight, Oversight

The hits just keep on coming

“Faked Data at Issue Again in Japan,” The Wall Street Journal, November 25, 2017 B1.  Mitsubishi Materials continued to ship car, plane, and power-plant parts to 200 customers (including in the US) while factory workers were fudging quality data on rubber gaskets and copper products.  As is common, they sat on the news for a while.

This follows similar stories about Kobe Steel and Nissan Motors.  So much for the much-vaunted quality initiatives in Japan.  These types of problems “have deep roots in Japan Inc.’s governance problems,” which rely on decentralized and largely independent operations.

If there’s a problem somewhere else in your industry, you probably have it, too;  you just haven’t found it yet.

Leave a comment

Filed under Accuracy, Board, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Managers, Oversight, Protect assets, Supervision, To report, Vendors

A top goal?

“CEOs Make Protecting Data a Top Goal,” The Wall Street Journal, October 13, 2017 B4.  Unfortunately, the focus is on cyber-security rather than the broader information risk profile.  While this affect CEOs’ email habits, as they are phishing targets?

While this is a start, do CEOs really understand how much their company’s proprietary information is worth?  Or their duty to protect the company’s assets (people, physical equipment, cash, and information)?  Why not?

And where are the boards?  Don’t they have an overarching duty to oversee the major risks the company is facing and to make sure there’s an effective program in place to address?

I hear the violin.  Is Rome burning?

Leave a comment

Filed under Access, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Managers, Oversight, Oversight, Ownership, Policy, Protect assets, Protect information assets, Security, Value