Category Archives: Management

Technology controls

“Wells Fargo Technology Under Scrutiny,” The Wall Street Journal, November 8, 2018 B11. Questions being raised about the technology the bank uses for cybersecurity and risk management.

Do you have the right technology to effectuate the controls you have placed around information?  Will your regulators agree?  If you are already on the regulator’s radar screen, will your controls measure up?

Advertisements

Leave a comment

Filed under Controls, Corporation, Duty, Governance, Internal controls, IT, Oversight, Protect, Protect assets, Risk assessment, Security, Technology

Crisis information

How do you protect information in the event of an Event?  Is this part of your business continuity plan?  You do have a business continuity plan, right? Do you have a process to safeguard information you will need to resume operation?

“Second Black Box Eludes Search Teams,” The Wall Street Journal, November 3, 2018 A6.  Divers are still searching for the cockpit voice recorder following the crash of Lion Air flight 610 in Indonesia.

Planes carry two “black boxes,” one  a flight data recorder (which captures a lot of equipment operating data) and the other a cockpit voice recorder (which captures conversation in the cockpit).  The information on these two boxes (which are actually neon orange) is used to determine the cause of a crash.

What information does your company generate that you would need to run your business following an “Event,” such as a computer crash or a hurricane, or whatever?  Is that part of your normal operating policies and procedures?  If you can’t get to that information, can you restart or run your business?

Is this an Information point (protecting information) , or a Governance point (having processes and procedures to protect mission-critical information), or a Compliance with policies and procedures?

Leave a comment

Filed under Access, Business Case, Collection, Controls, Corporation, Duty, Governance, Information, Internal controls, Oversight, Protect, Protect assets, Risk, Use, Value

Tracking

“Technology Puts Pinch on Oil Smuggling,” The Wall Street Journal, November 2, 2018 B6.  Smugglers of Iranian crude will be challenged by satellites and big data.

Smugglers had in the past “hid” their ships, but that will now be harder.  Certain companies find a business opportunity in helping to track these vessels.

What controls do you need to have in place to make sure your policies are followed?  How have people tried to avoid your controls?  How did you/will you respond?  Is there a market opportunity for others to help you enforce compliance by collecting other information?

Leave a comment

Filed under Analytics, Collection, Compliance (General), Controls, Governance, Information, Oversight, Third parties, Use, Value

Information economy

“Alternative Data Is Valued on Wall Street,”The Wall Street Journal, November 2, 2018 B1.  Companies mine different types of available information to help traders.

Is information is worth so much, won’t someone start a business to provide it?  Apparently.  What should you be monitoring to understand how your customers make their purchasing decisions, or what your competitors are doing?

Drones looking at parking lots and where are the iPhones coming from and going to and how many construction permits were issued?  What’s your metric?  How do you measure it?

Leave a comment

Filed under Access, Analytics, Collection, Data quality, Definition, Information, Use, Value

Employees speaking up

At common law, an employee has a duty

  • to comply with applicable laws in the performance of his/her work for the employer
  • to comply with his/her employers reasonable instructions in the performance of that work, and
  • to report material information to his superiors.

“Credit Union Staff Faults Safeguards Against Laundering,” The Wall Street Journal, October 31, 2018 B12.  Employees raised concerns in 2017 about the anti-money laundering program at the credit union where they worked.  The chief audit executive dismissed the allegations.

Were these employees rewarded for raising these concerns? No.  Did the company make changes?  The company says it did.  Will other employees raise concerns in the future?

How seriously do you take concerns raised by your employees, who are closest to the facts?  Is this a Compliance point or a Governance point?  Or an Information point (in that Management received information and apparently didn’t use it)?

Leave a comment

Filed under Compliance, Compliance (General), Controls, Culture, Duty, Employees, Governance, Information, Internal controls, Oversight, Third parties, To report, Use

How much did that free dinner cost me?

“Annuities Soar After Rule’s Demise,” The Wall Street Journal, October 29, 2018 B1.  More annuities sold after failure to pass rule about disclosure of conflicts by investment advisers.

If you don’t institute controls on behavior, what will enterprising (sales)people do?  What’s it worth to you to know whether the person advising you is getting a large commission?  Would that information influence your financial decisions?  Do investors need to be protected from salespeople offering “free” meals? And if investors either (a) are or (b) are not so protected, what are the consequences on the other decisions those investors make in their lives?  Do we rely on the government to protect us from our dumb decisions?

Caveat emptor?  Is this an Information post or a Governance post?

Leave a comment

Filed under Controls, Duty, Governance, Information, Reliance, Third parties, Use, Value, Vendors

What’s worse than a tweet?

“FBI Probes Tesla Over Production Figures,” The Wall Street Journal, October 27, 2018 A1.  FBI conducts a criminal investigation into whether Tesla knowingly overstated anticipated production figures and thereby misled investors.

What if Tesla knew at the time that it couldn’t and wouldn’t meet the production targets it was then continuously providing the market?  When does mere puffery become criminal?  What controls would you need to have to prevent this at your company?

Do you have them?  Are they enforced?

Leave a comment

Filed under Accuracy, Collect, Communicate, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Culture, Data quality, Duty, Duty of Care, Governance, Internal controls, Investor relations, Management, Oversight, To report