Category Archives: Governance

Indicted

A Tesla employee is indicted for creating fake documents to cover up a fake-payment scheme.  “Former Tesla Employee Is Indicted,” The Wall Street Journal, November 12, 2018 B5.

Companies have a lot of controls to prevent fraud by employees, and often these controls work.  Why are there more such controls to prevent financial fraud than to prevent violations of other company procedures, such as those related to document creation, retention, and storage?

One wonders whether, in the aggregate, companies lose more money through poor document management and control than they lose through financial fraud.  How would one conduct such a study?

Advertisements

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Protect assets, Records Management, Security, Third parties, Value, Vendors

Management of change

How do you make sure that your policies are keeping pace with law and society?

“Google Changes Harassment Rule,” The Wall Street Journal, November 9, 2018 B4.  Following an employee walkout over how the company handles/handled sexual harassment claims, Google will no longer require that such claims be subject to arbitration.

This ties to Governance (what rules do you have in place, and when do you update those), Compliance (how do you handle claims of policy violations), and Information (a claim is one type of information).

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Definition, Governance, Information, Oversight

Technology controls

“Wells Fargo Technology Under Scrutiny,” The Wall Street Journal, November 8, 2018 B11. Questions being raised about the technology the bank uses for cybersecurity and risk management.

Do you have the right technology to effectuate the controls you have placed around information?  Will your regulators agree?  If you are already on the regulator’s radar screen, will your controls measure up?

Leave a comment

Filed under Controls, Corporation, Duty, Governance, Internal controls, IT, Oversight, Protect, Protect assets, Risk assessment, Security, Technology

Too much sharing

I’m a bit of a knowledge management wonk, having been involved in the then-nascent KM movement within the inhouse legal community in the early 2000s.  But there can be too much sharing.

“Sinclair Settles With U.S. on Ad-Sales Data,” The Wall Street Journal, November 8, 2018 B2.  A media group settles lawsuit over alleged sharing of information among television station owners, that may have led to higher advertising rates.

An interesting side note is that this all came to light when Sinclair proposed to buy another company and had to undergo a government investigation.

Are there restrictions on how much information can be shared between and among competitors?  Yes.  They are call “antitrust laws.”  And is there a risk of making a deal that subjects you to government scrutiny?  Yes.  The may discover all manner of minor and major sins.

Leave a comment

Filed under Access, Communications, Compliance, Compliance (General), Controls, Corporation, Discovery, Duty, Governance, Information, Internal controls, Knowledge Management, Oversight

Crisis information

How do you protect information in the event of an Event?  Is this part of your business continuity plan?  You do have a business continuity plan, right? Do you have a process to safeguard information you will need to resume operation?

“Second Black Box Eludes Search Teams,” The Wall Street Journal, November 3, 2018 A6.  Divers are still searching for the cockpit voice recorder following the crash of Lion Air flight 610 in Indonesia.

Planes carry two “black boxes,” one  a flight data recorder (which captures a lot of equipment operating data) and the other a cockpit voice recorder (which captures conversation in the cockpit).  The information on these two boxes (which are actually neon orange) is used to determine the cause of a crash.

What information does your company generate that you would need to run your business following an “Event,” such as a computer crash or a hurricane, or whatever?  Is that part of your normal operating policies and procedures?  If you can’t get to that information, can you restart or run your business?

Is this an Information point (protecting information) , or a Governance point (having processes and procedures to protect mission-critical information), or a Compliance with policies and procedures?

Leave a comment

Filed under Access, Business Case, Collection, Controls, Corporation, Duty, Governance, Information, Internal controls, Oversight, Protect, Protect assets, Risk, Use, Value

Pesky little emails

Hard to believe that people are still tripping over emails.

“Emails Raise Doubts on FBI Plan,” The Wall Street Journal, November 3, 2018 A3.  Emails surface contradicting White House claims that moving the FBI from Pennsylvania Avenue in Washington D.C.  (as proposed by the prior administration) would cost more than leaving it where it is (down the street from the Department of Justice and across the street from the Trump Hotel).

Perhaps there were “soft costs” involved in the move than weren’t considered, or there were other reasons for not moving the FBI from its current location, notwithstanding the higher cost.  But it is embarrassing when emails coming to a different conclusion are discovered.

How transparent is your decision-making process?  Do you allow for some contrary information in your final decision?  Is that proactive information management of negative information?  Do you have a policy or a procedure on this?  Should you?

Leave a comment

Filed under Controls, Duty, Governance, Government, Information, Internal controls, Oversight, To report

Tracking

“Technology Puts Pinch on Oil Smuggling,” The Wall Street Journal, November 2, 2018 B6.  Smugglers of Iranian crude will be challenged by satellites and big data.

Smugglers had in the past “hid” their ships, but that will now be harder.  Certain companies find a business opportunity in helping to track these vessels.

What controls do you need to have in place to make sure your policies are followed?  How have people tried to avoid your controls?  How did you/will you respond?  Is there a market opportunity for others to help you enforce compliance by collecting other information?

Leave a comment

Filed under Analytics, Collection, Compliance (General), Controls, Governance, Information, Oversight, Third parties, Use, Value