Category Archives: Policy

Kobe (2)

“Kobe Steel Discloses More Reporting,” The Wall Street Journal, October 14, 2017 B3. Falsification of quality documents is much more prevalent than first reported at Kobe Steel.  Twice the number of customers now involved.  500.

Once you find a rotten apple, one can make certain assumptions about the rest of that barrel.  It’s a culture issue, at its core.

Advertisements

Leave a comment

Filed under Accuracy, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Definition, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Oversight, Policy, Protect assets, Protect information assets, Third parties

A top goal?

“CEOs Make Protecting Data a Top Goal,” The Wall Street Journal, October 13, 2017 B4.  Unfortunately, the focus is on cyber-security rather than the broader information risk profile.  While this affect CEOs’ email habits, as they are phishing targets?

While this is a start, do CEOs really understand how much their company’s proprietary information is worth?  Or their duty to protect the company’s assets (people, physical equipment, cash, and information)?  Why not?

And where are the boards?  Don’t they have an overarching duty to oversee the major risks the company is facing and to make sure there’s an effective program in place to address?

I hear the violin.  Is Rome burning?

Leave a comment

Filed under Access, Board, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, IT, Managers, Oversight, Oversight, Ownership, Policy, Protect assets, Protect information assets, Security, Value

Disclosure

“A Hot Startup Misled Advertisers,” The Wall Street Journal, October 13, 2017 A1.  Outcome Health apparently misled advertisers as to how many units their ads were appearing on.  The investigation continues.

How would your employees react if ask to provide inflated numbers to potential customers?  How would your investors react after a story appears on page one, above the fold?  Probably reflects in the valuation of the company.  And what about your company’s extensive political contacts?

Leave a comment

Filed under Accuracy, Board, Communicate, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Inform shareholders, Information, Internal controls, Investor relations, Managers, Oversight, Oversight, Policy, Protect assets, Protect information assets, Use, Value

Electrical banana (reprise)

Slack is a new communications software in use in many companies.  Do your policies deal with the implications of the use and misuse of yet another new technology?  How will you handle this when litigation comes in?

“Tips to Tighten Slack Users’ Skills,” The Wall Street Journal, October 12, 2017 B4.

Leave a comment

Filed under Access, Communications, Compliance, Content, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Information, Interconnections, Internal controls, IT, Legal, New Implications, Oversight, Policy, Protect assets, Security

Burned by a phone

Apparently, NCAA rules prohibit coaches from using a burner phone to contact football recruits.  Or lying about it when you do.

“‘Burner Phone’ Accusation Marks New Chapter in Ole Miss Scandal,” The Wall Street Journal, September 20, 2017 A16. Coaches accused and investigated, and asked to sign certifications that they had never used pre-paid phones for recruiting or other work-related purpose.

Is this a question you normally ask your employees, or is this a form you have them sign?  Should you ask for a certification that exiting employees do not have any company information on a non-company asset or location?

Leave a comment

Filed under Access, Board, Compliance, Compliance Verification, Controls, Corporation, Discovery, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Legal, Oversight, Oversight, Policy, Protect assets, Security, Third parties

Barclays culture, continued

“Compliance Officer To Leave Barclays,” The Wall Street Journal, September 16, 2017 B1. The compliance officer at Barclays responsible for the whistleblower program settled “an employment dispute” with Barclays right before a hearing in London.  The CEO had earlier tried to learn the identity of the employee who complained about his hiring of a buddy.  The UK regulatory authority is still investigating that matter.

But the CEO remains in place.  Go figure.  I guess the Board’s sense of ethics is flexible.

I wonder what the employment dispute was about?

Leave a comment

Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Governance, Internal controls, Oversight, Oversight, Policy, Privacy, Supervision, Third parties

Weakest link

Where do you start if you want to pierce a corporation’s cybersecurity protections?  The CEO.

“Goldman, Citi Bosses Duped by Email Prankster,” The Wall Street Journal, June 13, 2017 B11.  Although nothing confidential was leaked, the CEOs bought into phishing emails.

Hard to blame the Chief Information Security Officer.  One assumes there’s a policy in place, but can you write a policy to protect against this?  Who else in the corporation isn’t following the existing policy?  How do you fix? Two-factor authentication for every email to/from a senior exec?  Encryption?

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Policy, Security