First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Fraud: Why do people commit it?

fraud

An interesting interview with Eugene Soltes, the Jakurski Family Associate Professor of Business Administration at Harvard Business School, appeared in the Harvard Business School’s Working Knowledge publication. According to the school, “his research focuses on how individuals and organizations confront and overcome challenging situations”. “Why White-Collar Criminals Commit Their Crimes” is an ‘author interview’, Soltes having written Why they do it: Inside the mind of the white-collar criminal. I have not read the book, but suggest that those with continuing responsibility for detecting and/or investigating fraud might want to do so.

, , , , ,

New Ontario statutes in effect December 10, 2016

statutes

The new requirements may be particularly onerous for corporations like home–builders or condominium developers, or any other corporation which may have hundreds or thousands of ownership interests in land.

, , , , , , , ,

A revolution in risk management

risk-management

Risk management, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives. All the standards, frameworks, and guidelines talk about risk in terms of its ability to affect the achievement of the organization’s objectives. Some things might happen that will help and some that will interfere with our progress.

, , , , ,

Risk management guidance: Time for a leap change

risk

Even though both COSO ERM and ISO 31000:2009 are evolving, moving to a greater emphasis on decision-–making and the setting and execution of strategy, the practice of managing risk continues to lag. I have written in my blogs and spoken in person to thought leaders involved in both COSO ERM and ISO 31000 updates about the need to take a huge leap forward. When the practice is seen as failing to contribute to success, and limited to a compliance function, something dramatic has to happen.

, , , , ,

Proposed Manitoba accessible employment standards

The Accessibility Advisory Council’s (AAC) is inviting interested stakeholders to provide their views to its initial proposal for accessible employment standards. Therefore, employment is the second of five accessibility standards being developed under the Accessibility for Manitobans Act (AMA).

, , , , , , , , , , , , , , , ,

Proposed Nova Scotia accessibility legislation

On November 2, 2016, the government proposed Nova Scotia accessibility legislation to promote equality of opportunity and increase the inclusion and participation of Nova Scotians who have disabilities or functional limitations in all areas of everyday life by promoting and encouraging the prevention, reduction and removal of barriers.

, , , , , , ,

CASL made clearer: First CRTC decision released

the-law

Until now, the Canadian Radio-Television and Telecommunications Commission’s CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, released on October 26, 2016, is significant because it is the first CASL enforcement decision to provide guidance on compliance. The decision contains several important lessons about regulation of commercial electronic messages in Canada before class action enforcement opens on July 1, 2017.

, , , , , , ,

The astonishing Wells Fargo fraud

fraud

The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!

, , , , , , , ,

Cybersecurity: CSA issues new guidance

cyber-security

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

, , , , , ,

Risk management: What academics fail to understand

risk-management

How do you expect a CEO to believe risk management enables success when all the CRO gives him is a list of what could go wrong? He needs help to see what might happen, both good and bad, and what to do about it—in other words, risk management needs to be seen by the CEO as helping him or her get where he or she needs to go. Do you share my view? If so, how do we move both the practitioner and academic community?

, , , , , ,

CRA provision misuse: The right to remain silent

clients

Practically every tax professional in the country has had to deal with the situation which arises when the Canada Revenue Agency (CRA) bases its reassessing position on the basis of an oral comment to the CRA. The difficulty is that there is no proof the comment was made or it may have been the result of a misunderstanding between the parties. In our practice we had one instance where a comment by an official of a charity to the CRA served as basis for reassessing over a thousand taxpayers. While the official admitted to having made the comment the fact was that the CRA auditor had misunderstood the context in which it was made.

, , , , , , , ,

Privacy injunctions in the age of the internet and social media

privacy

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

, , , , , , , ,

Cyber risk and audit

cyber-attack

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.

, , , , , , , ,

Charities political activities: CRA consulting on rules

The Government of Canada has committed to modernizing the rules governing the charitable sector to ensure that they are operating in a regulatory environment that respects and encourages their contribution to society. One of the areas they are looking into is clarifying the rules governing charities political activities.

, , , , , , , , , , , , , , ,

Lobbying: Considerations for not-for-profits

not-for-profit-charity-policy-pro

There have been many recent changes in lobbying law. Some jurisdictions, like New Brunswick, have passed lobbying legislation, while other jurisdictions, like Ontario, have made significant changes to existing legislation. Here are four things not–for–profits must consider.

, , , ,

Previous Posts