To view this notification widget you need to have JavaScript enabled. This notification widget was easily created with NotifySnack.
First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Survey results: Risk-based internal audit planning

risk

Clearly, the great majority base their audit plan on some combination of (macro) enterprise-level risks and (micro) risks at a lower level of the organization. Somewhat more have weighted their plan towards the micro level than the macro level. So what does this all mean?

, , , , , , , ,

Reasonable expectation of privacy and text messaging

text-messaging

The task of picking up the phone, dialing and anticipating a “hello” on the other end can be daunting for many people. Text messaging, compared to phone calls, has dominated the way we communicate with one another over the years. With the abundance of text messages exchanged between people, there stems an important question with respect to privacy. That is, is there a reasonable expectation of privacy in a text message once it has been sent and received by the intended recipient? The Ontario Court of Appeal recently concluded that there is not. Thereby ruling that text messages seized from a recipient’s phone can be used against the sender in court.

, , , , ,

Israeli arrests provide lessons for Canadian charities

charity

For most Canadians and Canadian Charities the Anti-Terrorism rules are a red herring to be reviewed only in the rarest of situations, if at all. However, recent events in Israel provide some motivation for Canadian Charities doing work abroad to take a closer look at these rules. According to international news reports the Israeli authorities have arrested the Gazan head of an international Christian charity on the allegation that he was funneling international aid donations to Hamas.

, , , , , ,

A review of new whistleblower protections under Ontario’s Securities Act

whistle-blower

In connection with the establishment of the Ontario Securities Commission’s new Whistleblower Program in July 2016, which includes monetary incentives for whistleblowers in Ontario, the Ontario government has approved amendments to the Securities Act (Ontario) to provide additional protection to persons who report a potential violation of Ontario securities law or a by-law or other instrument of a self-regulatory organization. The amendments were proclaimed into force on June 28, 2016.

, , , , , , , , ,

New case law dealing with CRA requests for documents

Law

On June 3, 2016, the Supreme Court of Canada released two important decisions dealing with requests made by the Canada Revenue Agency (“CRA”) for information. The cases highlight the fact that when an individual or an organization receive such a request from CRA, they should consider whether any of the information requested is subject to solicitor–client privilege. If solicitor–client privilege applies, the information should not be produced.

, , , , , ,

Public Safety Canada calls for submissions on new national cybersecurity strategy

data-security

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy. The consultation will close on October 15, 2016. Businesses may want to consider making submissions in respect of some key questions posed around possible regulation or standard-setting regarding Internet of Things and connected devices, certification for E-commerce activities, and information sharing (especially in respect of critical infrastructure).

, , , , , , , , , , , , , ,

The pitfalls of unwritten contracts – Part 3

magnifying_glass_over_contract1

Getting your contracts in writing is half the battle. You must also ensure that your contract says what you want it to say, and says it clearly. The main issue in the following case was the interpretation of an employment agreement.

, , , , , , , , ,

Have your provided comments on the COSO ERM draft?

PUBLIC COMMENT

Have your provided comments on the COSO ERM draft? Please share your views on this important document. I submitted my comments some time ago. I realize that some of you prefer the ISO 31000:2009 global standard on risk management. But let’s recognize that nearly half of the risk management functions around the world are
influenced by if not using the COSO framework.

, , , , , , , ,

Pension and benefit plan provider breaches privacy law causing employee to lose life insurance coverage

PRIVACY

Many of us have called service providers to change basic information, such as a mailing address. You pick up the phone, speak to a representative, and the change is made; no big deal, right? This seamless scenario may not always be the case. Any little misstep on an organization’s part can cause grief not only for the customer, but also for the organization itself. This proved to be true when an employee complained, to the Office of the Privacy Commissioner of Canada, that her employment pension and benefit provider disclosed her personal information to a third party without her consent.

, , , , , , , , , , ,

Ministry of Finance accepting comments on new Employer Health Tax rules for charities

Health tax

The Ontario Ministry of Finance is proposing a new regulation under the Employer Health Tax Act, to include special Employer Health Tax rules for registered charities. The new regulation could be effective as early as January 1, 2017.

, , , , , , ,

Risk and how we run our business

Risk monopoly

I am going to use a metaphor involving the board game of Monopoly to illustrate how I feel about risk management. The players compete to win by either having more money when the game ends (if there is a time limit) or by being the only one left standing after all the others have gone bankrupt. Let’s imagine our executive team is playing a game against its main competitors.

, , , , , ,

U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies

Data security

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.

, , , , , , , , , , , , , ,

Even in the face of disaster, charities should not stray from their purposes

Charity

Whether it is assisting Syrian refugees to settle in Canada or helping those fleeing from floods and fires, the goodwill of the people and charities in Canada always make headlines. In times of disaster, it seems many charities want to raise money and get on the bandwagon to help those in need. Although this may be a laudable goal for charities that want to show their benevolence, sometimes it could simply get them into trouble.

, , , , , , , , , , , , ,

Some authoritative guidance on risk management and the three lines of defense

risk

The King Code of Corporate Governance has been a fine source of principles and practice for governance, including risk, assurance, and compliance, ever since its initial release. In this post, I want to talk about two areas I find interesting in the draft Code.

, , , , , , , , , ,

Data breaches: All’s not lost, even if your data is (and if you’ve taken precautions)

Data security

As anyone who’s ever left a USB key in a Kinko’s knows, it’s easy to lose a mobile device containing sensitive user information. As a recent statement from the Newfoundland and Labrador’s Office of the Information and Privacy Commissioner shows, taking preemptive steps to make the user information on a mobile device more secure could protect the information – and your organization – if the device ever falls into the wrong hands.

, , , , , , , , , ,

Previous Posts