Category Archives: Oversight

Shoot for the stars

Nailing a high-visibility target demonstrates that you’re serious about compliance.  Especially if he or she is a big money maker.  And especially if it is over violations of your company’s procedures.

“GAM Says Fund Manager Breached Policies on Gifts,” The Wall Street Journal, August 7, 2018 B10.  “[T]he star fund manager” also used his personal email to transact business for the company, and failed to follow other company procedures.

The company’s shares have dropped 44%.

Would you be surprised if your company did this?  What does that say about your culture?

Advertisements

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Policy

Gee, what could go wrong?

“Facebook Asks Banks for Customer Data,” The Wall Street Journal, August 7, 2018 A1. “[T]o offer new services to users,” Facebook asks banks for “detailed financial information about their customers.”

I can see what’s in it for Facebook, and maybe for the banks.  But isn’t this your information?  Shouldn’t you have some control what the banks do with it?  Are you comfortable with the controls the banks and Facebook will place on this information?  It might be convenient for you, but at what risk?

Do we remember Cambridge Analytica?  Will Facebook try to do this in Europe?

To whom do you complain?  Your elected representative?  Your bank?  The state or federal regulators?

Leave a comment

Filed under Access, Controls, Corporation, Duty, Duty of Care, Governance, Information, Internal controls, Investor relations, IT, Oversight, Ownership, Privacy, Protect assets, Security, Third parties, Uncategorized, Who is in charge?

How much due process is due?

“CBS to Weigh CEO’s Fate,” The Wall Street Journal, July 30, 2018 A1.  Discussion over whether CEO accused of sexual harassment should stand down while the investigation continues.

Curious that Urban Meyer has to stand aside while an investigation into whether he should have reported domestic abuse by an assistant coach 9 years earlier at a different school, but Leslie Moonves remains on board as the CEO of CBS.  See https://infogovnuggets.com/2018/08/07/caesars-wife/

What does it say about a company’s culture when, in the current environment, the CEO can remain in his job during such an investigation?  How convinced are the rank-and-file employees that the sexual harassment policy is real, or just a piece of paper?  Are the directors serious about this policy?  What about other policies?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance (General), Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Oversight, Oversight, Policy

Your vendors

This blog focuses more on the intersection of Governance, Information, and Compliance than on the implications of information security.  But the topics do overlap.

So, what controls do you have in place to prevent from someone accessing your computer and changing the information there or, as important, changing how your computer operates?  That’s an identified risk, right?

“Russia Hacks Its Way Into U.S. Utilities,” The Wall Street Journal, July 24, 2018 A3.  Russian hackers gain access to sensitive information at utilities by compromising the utilities’ vendors and their access to the utilities’ systems.  Can the hackers take control of those systems or shut them down?

Does anyone recall the name of the HVAC contractor that was the entry point for the Target hack several years ago?  Contractors can be a massive IT security risk.

Is this part of Information Governance?

What duties do the directors of the utilities have to make sure processes are in place to prevent third parties from causing harm by accessing the company’s information and process control systems?  And to control the third parties who do have that access?  Is there a process?

Leave a comment

Filed under Access, Board, Controls, Corporation, Directors, Duty, Duty of Care, Governance, Internal controls, IT, Management, Oversight, Oversight, Protect, Protect assets, Protect information assets, Risk Assessment, Risk assessment, Security, Third parties, Vendors

Fraudster

“Theranos Settle Investor Suit As Firm Runs Low on Funds,” The Wall Street Journal, July 23, 2018 B3.  Investors alleged Theranos had defrauded them by making false statements about the company’s technology.

This joins the long (and growing) list of people suing for harm caused by this company.  Are the directors in the dock?  The CEO and former president are.

False statements are information, in a sense.  The is the kind of basic, bog standard stock fraud that led to the creation of the SEC.

Who’s going to get the last drop of blood out of this stone?

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Inform shareholders, Information, Internal controls, Investor relations, Oversight, Oversight, Protect information assets

CEOs in the news

“Ex-CEO at Oil Driller Settles SEC Inquiry On Undisclosed Loans,” The Wall Street Journal, July 17, 2018.  CEO had taken more than $10 million in loans from vendors in return for awarding contracts.

He used the money to cover margin calls and to maintain an extravagant lifestyle.  Also caught up in the scandal was a former portfolio manager who got a seat on the company’s board.

CEOs get hammered, too, for conflicts and poor ethics.

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Internal controls, Investor relations, Oversight, Policy, Third parties, Vendors

Loose lips volume II

“Chips CEO Resigns Over Conduct,” The Wall Street Journal, July 18, 2018 B1.  CEO of Texas Instruments fired/forced-to-resign after two months for violating company’s Code of Conduct.  Probably no package, either.  No details on the nature of the violation.

It’s nice when a company enforces its policies against the CEO.  Sends a message to the worker bees.

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Internal controls, Oversight, Oversight, Policy