Willie Sutton (a famous bank robber) was reportedly asked, “Why do you rob banks?” He reportedly said, “Because that’s where the money is.” https://www.snopes.com/quotes/sutton.asp
“Hackers Plunder Crypto Exchange,” The Wall Street Journal, January 27, 2018 B5. More than $500 million in credits hacked from the Coincheck site in Japan. One assumes virtual banks are easier to rob than brick and mortar banks.
This is a concrete example of the cost of a cyber breach. But it also follows on from an earlier post (Law School Exam Question) equating cash money and information, in terms of value.
If businesses (including the Board of Directors) treated information assets as cash, and managing, protecting, and controlling the organization’s information as currency, would that be “information governance”? Why do they handle information assets differently? Why should the Board and the officers get a pass on this? The shareholders certainly don’t.
Filed under Board, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Oversight, Oversight, Ownership, Protect, Protect assets, Protect information assets, Security, Third parties, Value
Your can keep track on paper, or have a machine do it. Which is better for compliance?
“Electronic Logs to Rule the Road,” The Wall Street Journal, December 16, 2017 B3. For many years, larger trucking companies have used electronic systems to monitor how many hours their drivers drive, and thus comply with various DOT regs. Now smaller companies will have to follow suit.
Filed under Accuracy, Collect, Compliance, Controls, Corporation, Data quality, Duty, Employees, Governance, Information, Internal controls, Management, Oversight, Requirements, Third parties, To report, Value
“Firm Settles Russia Probe,” The Wall Street Journal, December 12, 2017 A5. Company working on US defense projects had Russian employees who lacked appropriate security clearances (and who stored some material on servers in Russia).
No fine reported; company to institute new security protocols and thereby resolve criminal complaint.
One would have thought someone would have gotten more than their hands slapped over this one.
Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Governance, Government, Internal controls, Management, Oversight, Protect
It’s a bad sign when you establish a covert unit.
“Uber Formed Covert Unit to Steal Trade Secrets, Ex-Employee Says,” The Wall Street Journal, November 29, 2017 A1. According to a former security employee, Uber “had a team dedicated to stealing [competitors’] trade secrets and helped employees dodge regulators’ scrutiny.”
This information was in a letter read to the jury in the Alphabet/Uber trade secret litigation. Ouch.
What does it say about the company’s commitment to compliance with law (including the rights of others)? Are RICO charges far behind?
If Uber loses the case, will shareholders sue the directors who allowed this to happen?
Filed under Board, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight, Supervision
Who gets fired for violating company policy? How often is it a senior executive?
“Visa Cites Behavior In Firing Executive,” The Wall Street Journal, December 4, 2017 B3. We don’t know what the violation was. Yet. But he was a high-flyer, handling the Apple and PayPal partnerships.
Does this send a message to the rest of the organization? Does it depend on the policy he violated?
Does your company publish information on how many people have been disciplined for violations? If not, why not?
Filed under Compliance, Compliance, Controls, Corporation, Duty, Employees, Governance, Internal controls, Management, Oversight, Policy
“Wells Fargo Fires A Top Official, The Wall Street Journal, November 18, 2017 B1. Head of commercial lending canned because he said bad things to a fellow employee about regulators (and how they were affecting golden parachute payments) .
Think about that. He didn’t write it down; he just said it. Not outside the company, even.
True, his firing may have been expedited by all the other legal issues Wells Fargo has been having. But he may not have gotten much of a parachute.
Information controls apply to unwritten information, too.
Filed under Communicate, Communications, Compliance, Controls, Culture, Definition, Duty, Employees, Governance, Information, Internal controls, Management
“Nissan Report Faults Management,” The Wall Street Journal, November 18, 2017 B3. Factory workers falsified inspection data. Nissan recalls 1.2 million vehicles. Did management press too hard when setting targets?
Everyone on the manufacturing floor knew the inspections were being done by under-qualified workers, and hid it from the inspectors. Management was clueless. Practice was the norm for nearly 30 years.
Would your culture allow this to happen in your company?
Filed under Accuracy, Compliance, Compliance, Controls, Corporation, Culture, Data quality, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Policy, Protect assets, To report