Category Archives: Who is in charge?

It’s not just VW

Often, a corporation’s violation of law don’t result in a conviction of the senior officers or directors.  Sometimes it does, and when it does, that’s a powerful compliance message.

“Audi CEO Is Arrested In Emissions Scandal,” The Wall Street Journal, June 19, 2018 A1. Executive jailed in Germany to prevent obstruction of ongoing investigation into emissions testing scandal at VW.

This goes to Governance, Compliance, and Information.

Advertisements

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Culture, Directors, Duty, Employees, Governance, Oversight, To report, Who is in charge?

Poster boy for Information Governance

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study.  It touched a lot of bases.  Now we have a better one.

While there have been a lot of information governance-related stories in the news over the past two years, including Equifax and Facebook and VW and Wells Fargo, my nominee for the one name associated with the most significant teaching example in information governance and compliance is the former FBI Director, James Comey.

First, he gave us The Day That Information Governance Died, with his July 5, 2016 pronouncement that, notwithstanding her clear violations of several applicable legal laws dealing with the handling of confidential or secret information (and the destruction of information subject to a subpoena), Secretary Hillary Clinton’s use (and wiping) of a private server to store government email was not going to be prosecuted.  Such a pronouncement deviated “‘from well-established Department policies'” that the FBI does not comment about  ongoing criminal investigations.

Then he wrote a memo ostensibly commemorating a meeting he had with his boss on government business on a government computer (while in a government vehicle) during the work day, and declared that that was his personal correspondence that he could (and did) distribute as he pleased.

And now we learn that he conducted government business over his own private gmail account {that information does not appear in the WSJ article – Ed.}, and actively avoid his boss’ oversight (and his bosses failed to adequately supervise him).  “Report Blasts FBI Agents, Comey Over Clinton Probe,” The Wall Street Journal, June 15, 2018 A1. Inspector General releases his report on the Clinton Investigation.

Recap:

  • Violations of law are not enforced
  • Evidence is destroyed notwithstanding a subpoena
  • Senior employees ignore long-standing policy
  • Senior employees treat documents prepared by them in the course of business as their personal information
  • Senior employees use private email accounts to transact government business
  • Employees hide things from their bosses
  • Bosses failed to adequately supervise their reports

And this is at the FBI, by a lawyer.

Does anyone wonder why we have a hard time getting traction on information governance initiatives?  Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath.  Not sure you could cover it all in one semester, at both law schools and business schools.

 

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Culture, Discovery, Duty, Duty of Care, Employees, Governance, Government, Information, Internal controls, Lawyers, Managers, Oversight, Ownership, Ownership, Policy, Requirements, Supervision, Who is in charge?

Compelled speech

“HHS Probes Rules on Giving Abortion Information,” The Wall Street Journal, June 1, 2018 A4.  HHS Office for Civil Rights investigates state requirements that crisis pregnancy centers must advise women about abortion services.

Leave the political/moral issues aside, and look at this from an information governance perspective.  Who mandates what information you must provide to your customers?  And are they (the mandaters) allowed to require that?

What are the limits on the government’s ability to require you to provide information to third parties? Is the U.S. Constitution a law or a policy?  Or is it Governance?

Leave a comment

Filed under Communications, Compliance, Compliance (General), Controls, Corporation, Duty, Governance, Government, Internal controls, Third parties, Who is in charge?

Bait and switch?

You make some promises, or strong indications, to a star performer that he or she is so above average, next year you will get ___ a year early.  [Fill in the blank]

How do you handle a change in direction?

“Goldman’s Rising Stars Told to Hold,” The Wall Street Journal, May 26, 2018 B9.  Two years ago, a group of high-potential employees were told they were on the fast track and would get promoted before the rest of their class.  Now they are told there is no fast track this year.

How do you handle it when you have to tell your star performer that she/he’s not going to get what you told them they were going to get?  Have you just put your crown jewels into play?  How do you rebuild trust and confidence in your best and brightest?

Is this Information or Governance or just bad management?  Does it matter whether you told them in writing or not?  Is that a risk that was considered?

 

Leave a comment

Filed under Definition, Duty of Care, Governance, Information, Protect assets, Risk, Who is in charge?

Private speech v. public speech

Can your employer restrict what political statements you make in the course of your employment, when you’re getting paid to wear your company shirt on television?

Maybe.

“NFL Adopts New Anthem Policy,” The Wall Street Journal, May 24, A14. Teams (but not players) can be fined if NFL players on the field do not stand for the National Anthem.

Governance

  • Who has the power to make what rules governing whom, and how violations of those rules will be enforced?
  • The League has the power to govern teams, but not players?  (See reference to collective bargaining agreement below.)
  • Will this redirect any fan displeasure away from the NFL and onto the individual teams or players?

Information

  • Is an employee’s political speech information?
  • If information is received, created, or distributed by a company’s employees during the workday in the workplace, is that information company information?
  • If it’s company information, can’t the company limit that distribution?

Compliance

  • Does enforcing rules against the teams and not the players work?
  • Does this comply with the collective bargaining agreement?  Is that why the policy doesn’t apply to the actual players, and just the teams?

 

Leave a comment

Filed under Compliance, Compliance (General), Controls, Corporation, Definition, Duty, Employees, Governance, Information, Internal controls, Oversight, Policy, Risk assessment, Third parties, Who is in charge?

When does one use or disclose information?

Often, one has information but doesn’t act immediately, or require others to act on it immediately.  But there have been several instances of the government sitting on information that later turns out was really important.  Is this just not recognizing the risk?  Would they have done anything differently?

“FAA Was Slow to Act On Engine Warning,” The Wall Street Journal, May 21, 2018 B1.  FAA (and the airline industry)  knew of the potential for engine blades to crack for 2 years.  The manufacturer increased inspections. Then one blade cracked, destroying an engine and killing a passenger on the Southwest airlines flight in April.

This seems to link Governance (Who was responsible for deciding that the risk was adequately managed?) and Information (Did everyone have the same level of information?).  Is there also a Compliance vector?  The airlines were complying with government directions.

And how much does the flying public rely on the government to take care of such things?

Leave a comment

Filed under Governance, Protect assets, Reliance, Risk assessment, Who is in charge?

Which is the tail and which is the dog?

“CBS Board Defies Shari Redstone,” The Wall Street Journal, May 18, 2018 B1.  Board tries to reduce the control exercised by an 80% shareholder.

This is going to be fun to watch (if you’re not one of the other shareholders).  Interesting question on what the controlling shareholder (and the Board) can and cannot do.

Here’s a subsequent post from another source, if you want background.  Caution – heavily legal.

Leave a comment

Filed under Board, Controls, Corporation, Directors, Duty, Governance, Internal controls, Investor relations, Oversight, Shareholders, Who is in charge?