Hard to believe that people are still tripping over emails.
“Emails Raise Doubts on FBI Plan,” The Wall Street Journal, November 3, 2018 A3. Emails surface contradicting White House claims that moving the FBI from Pennsylvania Avenue in Washington D.C. (as proposed by the prior administration) would cost more than leaving it where it is (down the street from the Department of Justice and across the street from the Trump Hotel).
Perhaps there were “soft costs” involved in the move than weren’t considered, or there were other reasons for not moving the FBI from its current location, notwithstanding the higher cost. But it is embarrassing when emails coming to a different conclusion are discovered.
How transparent is your decision-making process? Do you allow for some contrary information in your final decision? Is that proactive information management of negative information? Do you have a policy or a procedure on this? Should you?
What does it say when you try too hard to “manage” the information that gets out? Do you have the necessary “control” of that information? When you try to “control” it, what does it say about you when the information gets out anyway?
This sounds like “the risk of selectively releasing information.”
“Turkey Slams Saudis Over Lack of Clarity About Slain Journalist’s Body,” The Wall Street Journal, November 1, 2018 A9. Changing stories on the death of Jamal Khashoggi.
Apparently, there are international norms on what you need to say and how you need to say it, even if it information concerns events within a consulate. Was disclosure legally required? Maybe not, at least legally. But when you do disclose, it’s a good idea to do so honestly. Especially if someone else gets the information.
Filed under Accuracy, Communications, Compliance, Controls, Culture, Duty, Governance, Government, Information, Internal controls, To report
At common law, an employee has a duty
- to comply with applicable laws in the performance of his/her work for the employer
- to comply with his/her employers reasonable instructions in the performance of that work, and
- to report material information to his superiors.
“Credit Union Staff Faults Safeguards Against Laundering,” The Wall Street Journal, October 31, 2018 B12. Employees raised concerns in 2017 about the anti-money laundering program at the credit union where they worked. The chief audit executive dismissed the allegations.
Were these employees rewarded for raising these concerns? No. Did the company make changes? The company says it did. Will other employees raise concerns in the future?
How seriously do you take concerns raised by your employees, who are closest to the facts? Is this a Compliance point or a Governance point? Or an Information point (in that Management received information and apparently didn’t use it)?
Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Information, Internal controls, Oversight, Third parties, To report, Use
“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1. FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.
What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market? When does mere puffery become criminal? What controls would you need to have to prevent this at your company?
Do you have them? Are they enforced?
Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report
“SEC Keeps Study On Speed-Bump Trading Under Wraps,” The Wall Street Journal, October 25, 2018 B11. SEC has done a study of controls that slow down high-frequency traders, but hasn’t released that publicly.
The SEC is in charge of protecting the stock trading system. As such, it watches over how quickly information moves within that ecosystem, and whether access is available to all at the same time. But the SEC refuses to release the unredacted text of a study that it did on the impact on “controls” that limit the ability of high-speed traders to take unfair advantage of their access to information.
Curious as to why (and what) the government doesn’t want us to know. Who oversees the government? (Hint: a free press is one of them).
Filed under Access, Accuracy, Controls, Data quality, Duty, Governance, Government, Information, Interconnections, IT, Oversight, Technology, Third parties, To report, Value
One of the consequences of non-compliance is a higher level of scrutiny from the regulators.
“Wells Fargo Places Two Executives On Leave,” The Wall Street Journal, October 25, 2018 B10. The Comptroller of the Currency sent letters to two WF executives about their failures of oversight at the bank in connection with WF’s sales practices. Execs (chief administrative officer and chief auditor) placed on leave and removed from operating committee.
Boy, does that ever not look good on your resume.
Why did the regulator have to do this? One reason is that WF didn’t do it itself. Would your compliance system do better? Do the directors still have their jobs?
Filed under Board, Compliance, Compliance (General), Corporation, Culture, Directors, Duty, Employees, Governance, Government, Oversight, Supervision, To report
“Apple Says It’s Sorry for Chinese Hacks,” The Wall Street Journal, October 17, 2018 B4. Apple apologizes to customers who didn’t use two-factor authentication and who lost money when their accounts got hacked. No disclosure of how the Apple IDs were stolen.
One could comment on this as a hack, or as the failure of the user to use optional controls in a software/hardware app, or as the failure to make the control required rather than optional. But, as with the earlier post today, this post takes a different tack: what does it say about Governance in China when a vendor is pressured to apologize for its customers’ decisions? That doesn’t happen stateside, much. Is this punishment for Apple’s non-compliance? Versus a lawsuit, which would be the Western approach?
Filed under Access, Communications, Compliance (General), Controls, Corporation, Culture, Duty, Governance, Internal controls, Technology, Third parties, To report