Category Archives: Vendors

The cobbler’s children

The cobbler’s children have no shoes.  Experts tend not to tend to things at home.

“Errant Charges at Coinbase,” The Wall Street Journal, February 17, 2018 B9.  A bitcoin firm ended up charging its customers multiple times (as many as 50!) for the same transactions. Blames its vendors.

Let me see.  You can’t work out your own electronic invoicing and you want to store our digital currency?  We should trust you why, exactly?

Wouldn’t you think you’d keep a close eye on the processes by which customers are charged and you are paid?

Advertisements

Leave a comment

Filed under Accuracy, Board, Controls, Corporation, Directors, Duty, Governance, Interconnections, Internal controls, IT, Oversight, Supervision, Third parties, Vendors

Stop digging

What’s the first step to get out of a hole?  Stop digging.

“Wells Errs in Bid to Make Amends,” The Wall Street Journal, February 12, 2018 B1.  Wells Fargo, a frequent star in this blog, was trying to reach out to the 600,000 – 800,000 customers it screwed over by forcing them to buy auto collision insurance.  It couldn’t even do that.

First, it reportedly sent refunds to some non-customers.  Second, it told some customers that they would be paid the wrong amount. Third, it said it was going to pay refunds to people who hadn’t even bought the insurance. Affected: 38,000 folks.  Cause: a vendor’s coding error.

Fourth, Wells Fargo still hasn’t contacted the 110,000 people it overcharged for mortgage insurance rate locks.

And they are in charge of your bank deposits?

Leave a comment

Filed under Accuracy, Controls, Corporation, Duty, Duty of Care, Governance, Internal controls, Oversight, Supervision, Vendors

Uber settles

“Uber Settles Trade-Secrets Case,” The Wall Street Journal, February 10, 2018 B1.  Uber pays more than $240 million to settle case, and agrees not to use certain technology on self-driving cars, allegedly belonging to Waymo.  The agreement not to use was worth perhaps $250 million.

How does your company make sure it isn’t using a third party’s intellectual property without permission?  Is this an important part of your compliance program?  How does your company manage its acquisitions of new companies, some of whom (or their employees) may not have been as diligent in avoiding trade secret theft?

How can you prevent people from bringing information that you do not want into your company?  What are your processes?

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Ownership, Policy, Protect assets, Protect information assets, Supervision, Third parties, Value, Vendors

Vendors

“U.S. Probes Supplier to VW,” The Wall Street Journal, February 1, 2018 B2.  Engineering firm under criminal investigation for alleging helping VW cook the emissions tests – altering the nature of the information provided to the government.  See also, “Robert Bosch Workers Face Probe,” The Wall Street Journal, February 1, 2018 B3. (Similar allegations, but involving Chrysler).

Are you concerned about your vendors?  Do you make sure they comply with law?  Do you appreciate the data that confirms your own compliance?  What’s it worth to have that data be accurate?

Were this a blog about Crisis Management and Emergency Response, there would be an entry here about what you should do when you hear that someone else in your industry has been doing something bad.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Protect assets, Protect information assets, Third parties, Value, Vendors

Process safety

“Hack of Saudi Plant Targeted Safety System,” The Wall Street Journal, January 19, 2018 B4. Cyberattack focused not on the theft of information, but on a critical emergency safety shut-off system.

So, this is more about information security than it is about information governance.  Or is it?  This is the type of attack that keeps the information security folks awake at night.  A big deal in the oil patch.

Who’s responsible?  The vendor of the equipment (and software) that was hacked?  Or the owner of the plant that had the equipment on-line?

Do your company have information that is critical to the safety of your operations?  Who’s responsible for protecting that from outside attack?

 

Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Interconnections, Internal controls, IT, Security, Vendors

The hits just keep on coming

“Faked Data at Issue Again in Japan,” The Wall Street Journal, November 25, 2017 B1.  Mitsubishi Materials continued to ship car, plane, and power-plant parts to 200 customers (including in the US) while factory workers were fudging quality data on rubber gaskets and copper products.  As is common, they sat on the news for a while.

This follows similar stories about Kobe Steel and Nissan Motors.  So much for the much-vaunted quality initiatives in Japan.  These types of problems “have deep roots in Japan Inc.’s governance problems,” which rely on decentralized and largely independent operations.

If there’s a problem somewhere else in your industry, you probably have it, too;  you just haven’t found it yet.

Leave a comment

Filed under Accuracy, Board, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Managers, Oversight, Protect assets, Supervision, To report, Vendors

Equifax and SEC Hacks

A lot in the news of late about the hacks at Equifax and the SEC.

“SEC Discloses Edgar Corporate Filing System Was Hacked in 2016,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Hackers Spied for Months,” The Wall Street Journal, September 21, 2017 A1.

“Equifax Board Weighs Clawbacks,” The Wall Street Journal, September 30, 2017 B3.  How many years’ compensation will be affected?

“Equifax Lawyer in Hot Seat,” The Wall Street Journal, October 2, 2017 A1.  Chief legal officer probed for clearing stock sales after executives knew, but no one else did, about the hack.

“Equifax Ex-CEO Lays Out Lapses,” The Wall Street Journal, October 3, 2017 B1.  Staffers blamed for not reacting to public warning.

“Lawmakers Slam the Ex-CEO Of Equifax,” The Wall Street Journal, October 4, 2017 B1.  He and others “weren’t aware of the significance of the company’s data breach ….” “[A]n employee failed to notify other staff to patch the software ….”  For want of a nail ….

“Senators Rap Credit-Reporting Model,” The Wall Street Journal, October 5, 2017 B1.  “[W]hy consumers shouldn’t have power over the data [credit companies] collect on them”?

“Lawmaker Asks SEC To Delay Trade Log,” The Wall Street Journal, October 5, 2017 B12.  Head of House Financial Services Committee pressures SEC to delay release of trading database following hack of SEC systems. Can you have too much information?

“Equifax Timeline Criticized,” The Wall Street Journal, October 6, 2017 B10.  How long did Equifax sit on news of the hack before alerting the Board, the market and the Feds?  Is five weeks too long?  Executives selling stock in that window will be investigated.  Three weeks before he informed the Board.

“After Breach, SSN Reliance Is Criticized,” The Wall Street Journal, October 7, 2017 A4.  One reaction to the Equifax hack is a move to find a replacement for Social Security Numbers.

“Index Firm Flagged Equifax for Security,” The Wall Street Journal, October 7, 2017 B9.  Company warned about Equifax data security flaws in August 2016.

“Equifax Probes Possible New Breach,” The Wall Street Journal, October 13, 2017 B1.  A code installed on Equifax’s website by a vendor “serve[s] ‘malicious content’ to consumers.”  Just when you thought ti was safe to go back in the water again.

“GOP Bill Would Boost Checks on Credit Firms,” The Wall Street Journal, October 13, 2017 B10.  The horse having left the barn, the government wants to exercise more oversight.

Leave a comment

Filed under Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, IT, Oversight, Oversight, Protect assets, Protect information assets, Security, Value, Vendors