Where do you start if you want to pierce a corporation’s cybersecurity protections? The CEO.
“Goldman, Citi Bosses Duped by Email Prankster,” The Wall Street Journal, June 13, 2017 B11. Although nothing confidential was leaked, the CEOs bought into phishing emails.
Hard to blame the Chief Information Security Officer. One assumes there’s a policy in place, but can you write a policy to protect against this? Who else in the corporation isn’t following the existing policy? How do you fix? Two-factor authentication for every email to/from a senior exec? Encryption?
Filed under Access, Compliance, Compliance, Controls, Corporation, Duty, Duty of Care, Employees, Governance, Internal controls, IT, Management, Policy, Security
How do you deal with claims of sexual harassment? Have two law firms conduct investigations and fire 20 people. But will that be the end or the middle?
“Uber Fires Over 20 In Wake Of Probe,” The Wall Street Journal, June 7, 2017 B1. Over two hundred claims investigated and no action taken in 100 of them.
Were there supervisors who participated or condoned or who failed to notice or respond? Were there reporting practices and policies in place? If harassment was “accepted” in the Uber culture, who’s to blame? HR? The Board? Management? How long had this been going on? How much will the shareholders have to pay?
A summary of one of the law firm reports is due out soon.
Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Culture, Duty, Employees, Governance, Internal controls, Management, Oversight, Oversight
Uber fired the executive at the heart of the dispute with Google over self-driving cars. The exec failed to meet a deadline to comply with a court order to turn over documents in a trade secret case over self-driving cars. “Uber Fires Executive At Center Of Suit,” The Wall Street Journal, May 31, 2017 A1.
Lesson? If you hire an employee from a competitor and he’s accused of stealing his former employer’s trade secrets, try your best to look good.
What’s your process for keeping new employees, especially from competitors, from damaging your business and your reputation by bringing in your competitor’s trade secrets? Did you follow it, or is it just there for show?
Filed under Communications, Compliance, Controls, Corporation, Duty, Employees, Governance, Information, Internal controls, Management, Managers, Oversight, Ownership, Policy, Protect, Third parties, Value
Executives do go to jail. “Ex-VW Official to Stay in Jail,” The Wall Street Journal, May 26, 2017 B3. The official was head of the environmental and engineering office. VW had already pleaded guilty to criminal charges in connection with the diesel emissions scandal. So the company AND some executives are criminally charged! Guess Sally Yates meant it. At least for foreign companies. But no directors have been sued. Yet.
“FBI Holds Memos for Now,” The Wall Street Journal, May 26, 2017 A4. Congress wants the memos that ex-Director Comey wrote, but the existence of the special counsel (also the ex-Director) and Congressional “inquiries” have muddied the waters. Whose information is it, anyway? And can’t we all look at them together? Right after Mr. Comey testifies? Interesting that the FBI can withhold non-privileged memos, whatever their weight may be.
Chairman doesn’t go to jail. “Leader of Brazil’s JBS Steps Down,” The Wall Street Journal, May 27, 2017 B1. The bribing scandal in Brazil’s meat-packing industry removes the chairman and his brother from the Board (although the brother remains as CEO). The chairman signed a plea bargain in exchange for criminal immunity. Curious about the culture at the company after the plea deal.
Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Information, Internal controls, Investor relations, Management, Oversight, Oversight, Ownership
“FCC Won’t Move Against Colbert for Crude Remarks,” The Wall Street Journal, May 24, 2017 A3. Remarks about Trump don’t draw a fine. The question remains, what will? What’s the impact of the regulator not even trying to enforce regulatory standards?
“Pakistan Investigates Social-Media Critics of Its Military,” The Wall Street Journal, May 24, 2017 A8. Twenty-seven critics investigated for “unacceptable” comments criticizing and ridiculing the military and judiciary. The FCC wasn’t consulted.
2. “U.S. Sues Chrysler Over Emissions Tests,” The Wall Street Journal, May 24, 2017 B1. Apparently VW wasn’t the only one seeking to game the emissions-testing process.
3. “Human Still Rule Machines in Insurance,” The Wall Street Journal, May 24, 2017 B1. Despite the new sources of data, and the ability of computer programs to determine how much an individual insurance policy should cost, humans are still a necessary decision-maker.
4. “Target Settles Probe Into Its 2013 Hack,” The Wall Street Journal, May 24, 2017 B3. Following the 2013 data breach, Target pays an additional $18.5 million to settle state charges.
5. “High-Ranking Chinese Regulator Faces Probe,” The Wall Street Journal, May 24, 2017 B14. Assistant chairman of the China Banking Regulatory Commission fired for breaking the rules. Details not available.
Filed under Accuracy, Analytics, Compliance, Compliance, Controls, Corporation, Culture, Duty, Employees, Governance, Government, Information, Internal controls, Management, Managers, Oversight, Supervision, Value
Does your radar go wild when someone suggests delaying the report of information?
“Sunrun Sales Data Seen as Skewed,” The Wall Street Journal, May 23, 2017 B1. In the run-up to the company’s IPO, some managers were told by their managers to hold off on reporting a number of canceled contracts. Reporting this information would have reduced the sales numbers, as the canceled contracts were a large percentage of total orders.
What does it say about a culture where the bosses ask managers to do this type of thing? And no one says, “No”? Was no one bright enough to connect the dots? What else is suspect? Are employees clueless as to their common law duties to report wrong-doing or deviations from company processes?
Filed under Accuracy, Compliance, Compliance, Controls, Culture, Data quality, Duty, Employees, Governance, Internal controls, Management, Managers, Oversight, Supervision, To report
How do you enforce a non-retaliation policy when the CEO ignores it?
“Barclays CEO is Probed Over Bid to Unmask Whistleblower,” The Wall Street Journal, April 10, 2017 (online). CEO attempts to learn the identity of an employee who criticized the hiring of one of the CEO’s buddies. He asked his internal security folks to find out who was the author; he was rebuffed the first time (he was told it would be inappropriate), but persisted by asking them to look into it again.
Where does one start? Sounds like a law school exam question. “Analyze and discuss.”
How do you enforce a policy (or any policy) when the CEO ignores it? This time it was anti-retaliation; next time he might not hold the handrail, or violate some other company policy. What does the organization see when the CEO does this?
Here, he got a formal reprimand and will lose some bonus. How can he remain in his post? How does this discipline compare to what others have gotten for similar misconduct? Will the Board members be reelected? What message would terminating his employment send? If he violates some other policy (large or small) in the future, can the shareholders sue the directors individually for grossly negligent oversight?
Not sure how long an “A” answer would need to be.
Filed under Board, Compliance, Compliance, Compliance, Controls, Corporation, Culture, Culture, Directors, Duty, Employees, Governance, Internal controls, Management, Managers, Oversight, Oversight, Policy