Tuesday, October 30, 2012

I've been to an HP event. It wasn't that bad.

Several years ago, I was invited to a Hewlett-Packard sales conference in Las Vegas. I only had one minor quibble with the affair - the people in charge of seating at the events forcibly dictated where you were to sit during the events. If you wanted to sit in the back of the room, no dice - you had to sit in the open chair in row 3, seat 21. Other than that, I enjoyed the conference.

Apparently there was a senior network engineer who really, really didn't want to go to an HP conference. InformationWeek provides more detail about this engineer (but not his name). It appears that the engineer received a "written warning a corrective action plan" from his employer. One of the items cited in the memorandum:

The memorandum...also accused the network engineer of "purposely pulling a cable out of a production environment in order that you would not have to travel to Jacksonville to attend an HP event at the request of the CIO."

Hey, if you really don't want to go to an event, you really don't want to go to an event.

The memorandum included a few other items. InformationWeek:

The network slowdown was one of the first clues that something was amiss....It was the spring of 2005. Over a period of roughly seven business days, traffic had slowed to a crawl....

Dan Saccavino...says he and another network engineer eventually pinpointed the cause of the slowdown: A senior network engineer had disabled the company's WatchGuard firewalls and routed all of the [company's] IP traffic...through his home cable modem....

Why would a network engineer route all of his employer's traffic through his home RoadRunner cable modem? "You can direct where your traffic is going, and we found out that he'd sent the traffic home to ensure that his routing patterns at work were correct," Saccavino told InformationWeek in a recent interview. But after a week, Saccavino said, he'd forgotten to turn it off.

One can say that these were the actions of a rogue engineer. But the rogue engineer wasn't the only problem going on at his employer - broker/dealer GunnAllen. The lack of controls on this engineer reflected the lack of controls throughout the firm. Never mind the fact that the engineer's actions resulted in no required logging of stock trades; the company had bigger issues.

Not all of GunnAllen's alleged IT missteps had SEC implications. One incident detailed by two former employees involved unpaid Microsoft SQL Server licenses. The Revere Group had been receiving from Microsoft license-renewal bills for GunnAllen, which the acting CIO had ignored, according to the two former employees. Ultimately, Microsoft issued a final warning with a bill for about $20,000, saying it would disable the license at a specified date and time. "It was like an hour or two before the deadline--before Microsoft shuts the SQL servers down, which would bring GunnAllen to its knees," Saccavino recalled.

That ultimatum led one of DiMarzio's employees to contact Microsoft and share GunnAllen's licensing details. But two former employees say the acting CIO at the time, when given the licensing news and bill by the employee, threatened to fire the employee if he spoke of the matter again.

And it wasn't just IT:

2008 was when FINRA fined GunnAllen $750,000 for a "trade allocation scheme" conducted by former head trader Alexis J. Rivera. "In 2002 and 2003, the firm, acting through Rivera, engaged in a 'cherry picking' scheme in which Rivera allocated profitable stock trades to his wife's personal account instead of to the accounts of firm customers," according to FINRA. "Rivera garnered improper profits of more than $270,000 through this misconduct, which violated the anti-fraud provisions of the federal securities laws and FINRA rules. Rivera was barred in December 2006."

More - much, much more - here. Not every isolated incident is just the tip of the iceberg of widespread corporate corruption - but even isolated incidents need to be checked out to make sure they're not part of a larger problem.
blog comments powered by Disqus