Category Archives: Management

Catching up

I was working on another project, and could not do my postings as timely as I would like.  But here’s a bunch of news items I wanted to write about:

Leave a comment

Filed under Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Lawyers, Oversight, Ownership, Privacy, Third parties, Uncategorized

Going to the movies

Sony was not alone.  HBO gets hacked, too, and Netflix.  Is nothing sacred?

“Hackers Stole HBO Programming,” The Wall Street Journal, August 1, 2017 B2.  Game of Thrones may be coming sooner than planned.    Hacker also got personal information on at least one executive.

How well is your information protected?  What’s that protection worth?

Leave a comment

Filed under Access, Controls, Governance, Information, Internal controls, IT, Management, Protect, Protect assets, Protect information assets, Security, Value

Keeping it in the family

“Two Plead Guilty in Insys Cases,” The Wall Street Journal, July 12, 2017 B3.  Insys Therapeutics had an unusual fentanyl problem: bribing doctors to prescribe it.  Two saleswomen took the plea.

Notable:  one of the women is married to the firm’s former CEO, who  was arrested on related charges in December, together with 5 other senior managers.

Does corruption normally run this deep?  Where is (or was) the board?

Leave a comment

Filed under Board, Compliance, Compliance, Compliance, Compliance Verification, Controls, Corporation, Culture, Culture, Directors, Duty, Duty of Care, Employees, Governance, Internal controls, Management, Oversight, Oversight

Altered metrics

If someone asks you to “alter” or “fudge” a financial metric reported to the market, take pause.  Or hit the big red button.

“Witness: Magnate Knew of Altered Metric,” The Wall Street Journal, June 28, 2017 B9. The chairman of a large company allegedly knew that one of the financial metrics the company reported to the market for the previous quarter was improperly inflated.  Or fudged, as they say in the trade.  By $12 million.

The former chief accounting officer took a plea to fraud (and admitted to lying on other matters) and is cooperating with the government; the former CFO is charged with criminal fraud and is at trial.  The company is “cooperating.”  The chairman hasn’t been charged.  Yet.

Why isn’t the company charged?  At least one of its agents appears to have committed a fraud.  Why isn’t the chairman charged, if he knew?  Is this consistent with the Yates memo?  Is there a civil (derivative) suit against the chairman?

Leave a comment

Filed under Accuracy, Board, Collect, Communicate, Compliance, Compliance, Compliance, Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Inform market, Internal controls, Management, Oversight, Oversight

Contractors and the Cloud

Do you have contractors who analyze your data for you?  Do they use cloud storage?  Do you know?  How secure it that?  Is that prohibited by your service contract?

“Data on 198 Million Votes Exposed Online,” The Wall Street Journal, June 20, 2017 A4. Deep Root Analytics, a Republican party consultant, used an online storage system that was reportedly open to the world for several days.  Most/some of the information exposed was publicly available information on voters.  A lot of voters.

Well, at least the Russians (or the DNC) didn’t hack it.  Or did they?

What controls do you have that protect information your consultants are using and the opinions you are paying them to provide you?  Do you care?  It’s not like it’s money or anything.

Leave a comment

Filed under Access, Board, Controls, Corporation, Duty, Governance, IT, Management, Oversight, Protect, Protect assets, Protect information assets, Security, Third parties, Vendors

Weakest link

Where do you start if you want to pierce a corporation’s cybersecurity protections?  The CEO.

“Goldman, Citi Bosses Duped by Email Prankster,” The Wall Street Journal, June 13, 2017 B11.  Although nothing confidential was leaked, the CEOs bought into phishing emails.

Hard to blame the Chief Information Security Officer.  One assumes there’s a policy in place, but can you write a policy to protect against this?  Who else in the corporation isn’t following the existing policy?  How do you fix? Two-factor authentication for every email to/from a senior exec?  Encryption?

Leave a comment

Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Policy, Security

What will you (or they) need twenty years from now?

How do you forecast what information the company will need twenty years from now, long after your retirement?

“First Job of Dismantling Nuclear Plants: Find a Russian Speaker,” The Wall Street Journal, June 12, 2017 A1.  Dismantling engineers encounter problems when trying to decontaminate and tear down an old nuclear facility.  The engineering drawings are not necessarily accurate as-built diagrams, and a lot of the language is Russian.

An organization needs a lot of information.  One area is “What information will we need when it’s time to dismantle this great thing we just built?”  Is this information governance, records management, or knowledge management?  Does it matter?  Who owns this problem?  This same problem  came up in my prior life when looking at the information requirements to shut down and dismantle a North Sea oil platform – a lot of that information needs to be captured at the front end and during the life of the facility, and maintained until the facility is removed.

Leave a comment

Filed under Accuracy, Collect, Controls, Governance, Internal controls, Knowledge Management, Management, Oversight, Use