Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

‘Ma, We Were Only Pretexting!’ No More Worries About Filling The Pages

Matt Kelly | October 24, 2006

Ten months ago, when I took this job as managing editor of Compliance Week, even amid all the news and announcements coming across my desk, I still had a nagging, semi-ridiculous fear: that we would run out of things to write about.


When you think about it, that’s not a completely unwarranted phobia for a newcomer to have. After all, our business isn’t rocket science: Some regulatory agency comes out with a rule, we publish a few articles telling executives how it works, and we track your peers to see if there are any lessons to be learned. How hard can that be, right? After we explain the critical provisions and offer tips regarding compliance, what else is there to say about it?

Well, I now know that the fount of compliance confusion gushes without end—largely thanks to a select few members of Corporate America who, so often and in so many ways, prove themselves to be outstandingly dumb. Then the rest of us pay the price.

Readers who want proof of this can choose from any number of stories in this month’s magazine. We have a post-mortem on the fiasco at Hewlett-Packard and its now ex-Chairwoman Patricia Dunn, who destroyed her board in order to save it. We have several articles exploring the fallout of the backdating scandal—which reached new heights last month when Cablevision confessed that it had backdated a stock option grant to a dead person, reviving an executive compensation practice last used by the Pharaohs of Egypt.

And as you probably have already seen by now, on our front page we have our “World of Weakness” special report, examining exactly where Sarbanes-Oxley is tying companies into knots. (Not surprisingly, this report is long, and we still have a second installment of it coming in December.)

I don’t mean to imply that the people struggling with SOX compliance in our World of Weakness series are dumb; nothing could be further from the truth. They are usually smart, hard-working executives painstakingly working their way through the enormous puzzle that is Sarbanes-Oxley. But the plain truth is that their ordeals are a direct descendant of the dunderheaded moves made by other executives, who were probably rationalizing decisions that any eight-year-old would know was wrong.

My particular favorite this month is the hapless Hewlett-Packard and the “possibly illegal” practice of pretexting. Perhaps HP’s pretexting activities were not, in fact, illegal. Still, I can’t help but think of my best friend from childhood, Jeff Keenan, whose mother (and mine, actually) forbade us from seeing each other due to the evils we would perform on the community. We used to call each other nonetheless, pretending to be someone else. When our mothers identified the caller, all hell would broke loose, and arguing that, “Ma, we were only pretexting!” was not going to fly.

Still, someone at HP—the chairwoman, the CEO, the general counsel, the chief ethics officer, or perhaps all of them—obviously thought that rationale would fly (or, like me and Jeff, that they wouldn’t get caught). The braintrust at HP also thought they could tail reporters and board members, and set up sting operations to use phony emails to identify leaks. They even considered planting spies in newsrooms. Really, the more that comes out, the more I wonder where these people went to college.

All this brings me back to compliance. Those poor souls in our World of Weakness special report, laboring to comply with Sarbanes-Oxley, routinely complain of its prescriptive, rules-based nature. But the shenanigans at HP and Cablevision, let alone the outright thievery at Enron and WorldCom, demonstrate that when regulators give Corporate America a principles-based system, it fails. And the most spectacular failures aren’t because of underfunded enforcement agencies; they are failures of corporate leadership to do the right thing. Don’t lie about who you are. Don’t hide your debt. Don’t give stock options to dead people.

Mark my words: Thanks to Hewlett-Packard, someone, somewhere in Washington will propose a law that, no, you cannot lie about your identity to get phone records that don’t belong to you. Regulators will have hearings and roundtable discussions. Comments will be submitted. You will have to ask your outside counsel and external auditors for details, and they will send you bills. Then you’ll have to alter your policies, codes, training programs, and who knows what else.

And so, because of that well-proven truth—that when you leave people an opportunity to do something dumb, inevitably, someone will do it—I’ve stopped worrying about how to fill Compliance Week long ago. Instead, I worry about how I’ll fit everything in.