Category Archives: Value

VW Compliance Executive Pleads Guilty

“Ex-VW Official Admits Role in Emissions Cheating,” The Wall Street Journal, August 5, 2017 B3. A former VW “compliance executive” charged with conspiracy to defraud the US, wire fraud, and Clean Air Act violations pleads guilty.  He admits he knew about the software used to mislead US environmental regulators.  Faces sentencing in criminal case in December.

Hiding information from the government is not a good thing.  What was the culture that allowed this to happen?  Did people feel a need to do this to compete?  Too many car companies have been caught up in such scandals to have it be random.

The shareholders have paid (and are continuing to pay) for the mistakes of the employees of the company.  Who else from the company is going to go to jail,  or lose his/her job?  VW is facing costs in just the US of more than $25 billion and investigations elsewhere.  Does the “compliance executive” know of others who also knew?  Might he offer up some names before December?  People who bought VWs are going to want to recover damages from someone.

Leave a comment

Filed under Accuracy, Analytics, Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Data quality, Directors, Duty, Employees, Governance, Information, Internal controls, Oversight, Oversight, Value

Going to the movies

Sony was not alone.  HBO gets hacked, too, and Netflix.  Is nothing sacred?

“Hackers Stole HBO Programming,” The Wall Street Journal, August 1, 2017 B2.  Game of Thrones may be coming sooner than planned.    Hacker also got personal information on at least one executive.

How well is your information protected?  What’s that protection worth?

Leave a comment

Filed under Access, Controls, Governance, Information, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Security, Value

Pesky little documents

“Caterpillar Faces New Questions in Probe,” The Wall Street Journal, July 3, 2017 B1.  During a criminal investigation, required export documentation couldn’t be found. Apparently, there are also inconsistencies between what was submitted to the Department of Commerce and what was turned over in response to subpoenas.

So, a corpration may be charged criminally.  What about officers, directors, and employees?

It is only foolish consistency, not inconsistency, that is the hobgoblin of little minds.

Leave a comment

Filed under Accuracy, Compliance, Compliance Verification, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Oversight, Value

Ransomware Week

“Faux Ransomware Does Damage,” The Wall Street Journal, June 30, 2017 B3.  Motive for recent attacks was not blackmail, but just disruption.  The files that were attacked may not be recoverable.  “Malware Leaves Big Law Firm Hobbled,” The Wall Street Journal, June 30, 2017 B3.  DLA Piper shuts down after its computer systems hit.  “Hospital Is Forced To Scrap Computers,” The Wall Street Journal, June 30, 2017 B3. West Virginia hospital tosses its entire computer network after cyberattack.

Have the Visigoths gathered at the gate?  If we can’t protect our computers and the information they contain and send, does our civilization survive?  Is IT now more important that all the other functions?

Leave a comment

Filed under Access, Business Case, Business Continuity, Controls, Information, Interconnections, IT, Operations, Risk, Security, Value

Cyberattacks, revisited

It’s Groundhog Day.  Or becoming a dog-bites-man story.

“Cyberattack’s Fallout Fuels Scramble,” The Wall Street Journal, June 29, 2017 B3. A ransomware attack through Microsoft Windows hits Maersk, Merck, WPP, and Rosneft, among others.  Surgeries disrupted at a Pennsylvania hospital.  “Hospital Operator In Pennsylvania Works to Recover,” The Wall Street Journal, June 29, 2017 B3.

Does this become so routine we forget people are supposed to take steps to prevent it?  Do cyberattacks make the board agenda, without the tie to the greater information governance questions?  Is that progress?  Does industry not see the bigger risk?

 

Leave a comment

Filed under Access, Controls, Duty of Care, Governance, Information, Interconnections, Internal controls, IT, Oversight, Protect assets, Security, Third parties, Value

There’s gold in them thar hills

What are you buying when you go to the grocery store?  Organic bananas?

Not if you’re Amazon.

“Big Prize for Amazon: Shopper Data,” The Wall Street Journal, June 21, 2017 B5. Amazon seeks to buy Whole Foods, but for what?  Its hard assets such as stores and locations? Its customer base?  Its purchasing and distribution network?  More likely: information on how shoppers shop.

If you’re the government agency in charge of approving or disapproving this deal, how do you analyze the impact on competition?  What is the “market” that needs to be analyzed?  Is this a vertical or horizontal deal?  Or something else?

Is most of the value (to Amazon) in this deal the information that it gets?  Where’s that on the Whole Foods balance sheet?

Leave a comment

Filed under Access, Analytics, Information, Operations, Use, Value

Snitches get stitches

Apparently, keeping the identities of confidential informants secret poses some challenges.  Are there information governance lessons to be learned?

“Inmates Targeting Informants,” The Wall Street Journal, June 21, 2017 A3. “[C]lose to 700 witnesses and informants believed to have cooperated with the government have been threatened, wounded or killed” over three years.  One source of information: online court records that provide clues as to who cooperated with the prosecutors.  Some inmates may be posting their sentencing files to establish their bona fides.

Hard to classify this in this blog.  Does this pertain to

  • the value of accurate and complete information
  • the risk in making information widely available
  • the government’s duty to protect informants
  • the government’s duty to have a transparent criminal justice system
  • a defendant’s right to confront his/her accusers
  • the need for security and the difficulty in providing it
  • the proactive value of disclosure
  • the fact that information can be misused
  • the difficulty in creating effective controls
  • other?

 

Leave a comment

Filed under Access, Accuracy, Communications, Compliance, Controls, Data quality, Duty, Duty of Care, Governance, Government, Information, Internal controls, Oversight, Privacy, Protect assets, Risk, Third parties, Value