Category Archives: Policy

Uber settles

“Uber Settles Trade-Secrets Case,” The Wall Street Journal, February 10, 2018 B1.  Uber pays more than $240 million to settle case, and agrees not to use certain technology on self-driving cars, allegedly belonging to Waymo.  The agreement not to use was worth perhaps $250 million.

How does your company make sure it isn’t using a third party’s intellectual property without permission?  Is this an important part of your compliance program?  How does your company manage its acquisitions of new companies, some of whom (or their employees) may not have been as diligent in avoiding trade secret theft?

How can you prevent people from bringing information that you do not want into your company?  What are your processes?

Advertisements

Leave a comment

Filed under Board, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Ownership, Ownership, Policy, Protect assets, Protect information assets, Supervision, Third parties, Value, Vendors

Sending a message?

“Bank Fires Adviser on Conduct,” The Wall Street Journal, December 8, 2017 B10. Morgan Stanley fires a former Congressman (Harold Ford, Jr.) who worked as a “senior adviser” after allegations of inappropriate conduct involving a woman.

The fired Congressman still works as a political analyst for MSNBC.

Does that send a message to the bank’s employees that you’re serious about your policies? What about MSNBC?

Leave a comment

Filed under Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Oversight, Policy

Violating company policy

Who gets fired for violating company policy?  How often is it a senior executive?

“Visa Cites Behavior In Firing Executive,” The Wall Street Journal, December 4, 2017 B3.  We don’t know what the violation was.  Yet.  But he was a high-flyer, handling the Apple and PayPal partnerships.

Does this send a message to the rest of the organization?  Does it depend on the policy he violated?

Does your company publish information on how many people have been disciplined for violations?  If not, why not?

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Oversight, Policy

Nissan, too

“Nissan Report Faults Management,” The Wall Street Journal, November 18, 2017 B3. Factory workers falsified inspection data.  Nissan recalls 1.2 million vehicles.  Did management press too hard when setting targets?

Everyone on the manufacturing floor knew the inspections were being done by under-qualified workers, and hid it from the inspectors.  Management was clueless.  Practice was the norm for nearly 30 years.

Would your culture allow this to happen in your company?

Leave a comment

Filed under Accuracy, Compliance, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Policy, Protect assets, To report

King Canute revisited

“Afghanistan Orders WhatsApp Blocked,” The Wall Street Journal, November 4, 2017 A9.  Some providers don’t comply.

King Canute ordered the tides to recede.  With limited success.  Does your company issue policies that just won’t work?  What does it say about the person issuing the policies and what does it say about your company’s culture?  What about how well the company’s other policies will be adhered to?

Internet neutrality – is the power to regulate (and tax) the power to prohibit?  Whether exercised or not?

 

Leave a comment

Filed under Access, Compliance, Controls, Governance, Interconnections, IT, Policy

Kobe (2)

“Kobe Steel Discloses More Reporting,” The Wall Street Journal, October 14, 2017 B3. Falsification of quality documents is much more prevalent than first reported at Kobe Steel.  Twice the number of customers now involved.  500.

Once you find a rotten apple, one can make certain assumptions about the rest of that barrel.  It’s a culture issue, at its core.

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Policy, Protect assets, Protect information assets, Third parties

A top goal?

“CEOs Make Protecting Data a Top Goal,” The Wall Street Journal, October 13, 2017 B4.  Unfortunately, the focus is on cyber-security rather than the broader information risk profile.  While this affect CEOs’ email habits, as they are phishing targets?

While this is a start, do CEOs really understand how much their company’s proprietary information is worth?  Or their duty to protect the company’s assets (people, physical equipment, cash, and information)?  Why not?

And where are the boards?  Don’t they have an overarching duty to oversee the major risks the company is facing and to make sure there’s an effective program in place to address?

I hear the violin.  Is Rome burning?

Leave a comment

Filed under Access, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Managers, Oversight, Oversight, Ownership, Policy, Protect assets, Protect information assets, Security, Value