What Makes an Ethical Executive?
October 16, 2007 | Filed Under Compliance, In the News
A trip to Shenandoah National Park in Virginia last week found me offline and unplugged for a period of time. Reading material was scarce, but I was able to secure a daily copy of USA Today by befriending the helpful staffer at the lodge front desk.
One article in McPaper caught my eye: a report about the background of former Enron “executive” Lynn Brewer. Ms. Brewer wrote a book, “Confessions of an Enron Executive: A Whistleblower’s Story,” which launched a career as a business speaker and advisor.
But according to the newspaper, Ms. Brewer’s executive status may not be as it seems; quoting two of her former supervisors, Mary Solmonson and David Gossett:
But her boss, Solmonson, says Brewer had no control over budget or salaries and that she herself, as a senior director, would not be considered an executive. Further, Brewer’s work had nothing to do with management. “What my group did was very much a clerical function,” says Solmonson, “an important clerical function, but it was clerical.”
Gossett, Brewer’s boss during her last months at the company, scoffs at the notion that she was an executive. He was a director at Enron, he says, and that didn’t qualify him as an executive. “There was no way she was an executive, not even with a little ‘e,’ ” he adds. “If she was an executive, she was in charge of nothing.”
The article also describes the circumstances of Ms. Brewer’s departure and weighs her claims of whistleblower status.
Senior corporate executives serious about compliance learn that people sometimes hear what you say, but they really watch what you do. They also learn that leadership is called for when dealing with two key management issues: responsibility and credit.
Responsibility is something you take.
Credit is something you give.
Data Security: IP Yes; Db No?
June 4, 2007 | Filed Under Technology, Compliance, General
A recent white paper prepared by Application Security and sponsored by the Ponemon Institute shows that organizations may be more focused on protecting their IP over various sensitive Dbs (databases). It’s a constant struggle trying to figure out how to protect data while allowing necessary access. Two key findings:
- Forty percent said their organizations don’t monitor their databases for suspicious activity, or don’t know if such monitoring occurs. Notably, more than half of these organizations have 500 or more databases – and the number of databases is growing.
- “Trusted” insiders’ ability to compromise critical data was cited as the most serious concern – with 57 percent perceiving inadequate protection against malicious insiders and 55 percent for “data loss” by internal entities.
We’ve previously seen the data security risks posed by departing employees. Law departments need to understand what their IT brethren are doing about this, knowing that some of the biggest potential risks are posed by the very people you are asking.
As Goes SOX?
May 31, 2007 | Filed Under Technology, Compliance
The financial gravy train ridden by auditing firms due to Sarbanes-Oxley compliance may be slowing down a bit.
ComputerWorld reports that average SOX compliance costs declined from $4.5 million in 2004 to $2.9 million in 2006. The main reason is not a surprise:
“Technology has a lot to do with the cost reduction,” said Sanjay Anand, chairperson of the Sarbanes-Oxley Institute. Public companies “are actually automating their controls. A good 20 to 30%, even as much 40%, of the cost reduction is actually coming from automated controls rather than manual controls.”
(A clear sign that SOX may be a bit over the top is that it has spawned its own institute.)
The experience that companies gained in automating processes due to Sarbanes-Oxley may now be extended to other areas of the enterprise. Lawyers know that a good deal of what constitutes ongoing legal services could be automated, or a least tracked better from a technology standpoint in the first instance.
That’s the start of any process improvement. Almost like magic, or like just adding water.
Update (1 June 07): One CEO writes in the Wall Street Journal that he doesn’t see Sarbox-related costs going down.
HP, the SEC, and Reliance on Counsel
May 24, 2007 | Filed Under Litigation, Compliance, Governance
The SEC confirmed yesterday that HP would not face sanctions over a failure to explain why director Thomas Perkins left during last year’s Dunn-director investigation saga.
“From the whole hubbub that erupted last summer, this is it” in terms of SEC enforcement, said Marc Fagel, associate regional director for the SEC in San Francisco. “We view the issue as a narrow one, which is, what is a company’s responsibility when a director resigns.”
It is unusual, in my experience, for a regulator to use the word “hubbub.” Sort of hard to press charges over hubbubs.
The SEC’s decision was explained thusly:
“It was a new rule and (HP) relied on their attorneys,” Fagel said. “They got legal advice from inside and outside counsel that they did not need to make the disclosure. You need to be careful how you sanction a company that relied on its counsel.”
“You need to be careful how you sanction a company that relied on its counsel.”
Ah, music to the ears of SEC partners everywhere. And a standard that regulators of various stripes should consider.
That said, will inside counsel make such a call in the future without an outside opinion? Are they covered (insurance, indemnity or otherwise) if they do and they are wrong?
While HP still faces related shareholder litigation, this is definitely a positive development for new HP GC Michael Holston.
Chiquita and Columbia
March 20, 2007 | Filed Under Criminal Liability, Compliance
Chiquita Brands announced last week an agreement with the US Department of Justice regarding “protection payments” made in Columbia by a former subsidiary:
In 2003, Chiquita voluntarily disclosed to the Department of Justice that its former banana-producing subsidiary had been forced to make payments to right- and left-wing paramilitary groups in Colombia to protect the lives of its employees. The company made this disclosure shortly after senior management became aware that these groups had been designated as foreign terrorist organizations under a U.S. statute that makes it a crime to make payments to such organizations. Since voluntarily disclosing this information, Chiquita has continued to cooperate with the DOJ’s investigation.
The DOJ’s press release is here, and reads a bit like a Tom Clancy novel. The bottome line for Chiquita, according to the DOJ:
Chiquita pleaded guilty pursuant to a written plea agreement. Under the terms of the plea agreement, Chiquita’s sentence will include a $25 million criminal fine, the requirement to implement and maintain an effective compliance and ethics program, and five years’ probation. Chiquita also has agreed to cooperate in this ongoing investigation. Sentencing will occur on June 1, 2007.
While the DOJ has admitted that this matter is “complicated” that apparently did not prevent the prosecution. You get the sense that the full story has not emerged; Chiquita maintains that it was motivated to ensure the safety of its employees. The DOJ’s press release repeatedly mentions that Chiquita had advice of counsel that these payments were illegal under American law.
There is even a report that Columbia may seek to extradite certain Chiquita officials. A few days prior to the announcement of the plea agreement, Chiquita appointed a new compliance officer.
Search
Powered By
Links
| ||||
 | ||||
| ||||
| ||||
