First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

2016

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Cybersecurity best practices for connected cars

Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.

 

, , , , , , , , , , , , , , ,

Closing your business for the holidays

The holidays are quickly approaching. However, leading to that point of unwinding can be stressful for many business owners, with the balancing of family demands and workplace year–end pressures. Regardless of such amounting pressures, businesses should not neglect their responsibilities to employees and clients before closing for the holidays.

 

, , , , ,

Privacy, privilege and wilfulness

On July 26th, 2016, the Supreme Court of British Columbia released an interesting decision that addresses questions regarding: (1) the scope of privilege that applies to work done by lawyers in relation to judicial proceedings; and (2) the interpretation of BC’s Privacy Act with respect to the requirements of “wilfulness”.

 

, , , , , , , , , , , ,

Risk and strategy entwined

Risk Officers have to consider themselves as business executives first and foremost. While their charter may talk about ‘risk’, their job is to help the board and executive team achieve the corporate objectives. They need to put themselves in the shoes of the CEO and board members. They cannot afford only to concern themselves with reasons not to pursue ventures–implying a desire to stay home and vegetate. Think like a CEO, act like a CEO, and talk like a CEO. Provide leadership with the information, process, systems, and so on to make effective decisions that lead to success.

 

, , ,

Explaining risk management in plain English

I have been saying for a while that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language.

 

, , ,

Warnings to companies claiming APEC privacy certification

The United States Federal Trade Commission has issued warning letters to 28 companies claiming to be certified participants in the Asia–Pacific Economic Cooperative Cross-Border Privacy Rules system. This is an important reminder for companies, including Canadian companies, that the use of international certifications is something in which regulators take a keen interest.

 

, , ,

COSO ERM Exposure Draft

This last week, COSO published an Exposure Draft of its ERM Framework Update, freshly entitled Enterprise Risk Management – Aligning Risk with Strategy and Objectives. The COSO update is a significant moment for all risk practitioners. So I strongly recommend that everybody take the time to review and give careful consideration to the draft.

 

, , , , ,

Political activities law: Charity brings new Charter challenge

When the Liberals came into power last year, the new Minister of National Revenue announced that she was putting a halt to the “political activities” audit of charities that the previous administration had been conducting for the past few years. In practice, this meant that the charities in line to be audited under the program were given a reprieve, but those that were already in the course of being audited were not. One of the latter charities, Canada Without Poverty, is now bringing a constitutional challenge against the political activities law.

 

, , , , , , , ,

Canada implements expanded WTO agreement

In December 2015, over 50 WTO members, including Canada, gathered at the Nairobi Ministerial Conference, and agreed to the expansion of the Information Technology Agreement (ITA), a WTO agreement that aims to eliminate tariffs on IT products. The ITA was originally concluded by 29 participants in 1996. It now has over 82 participants, representing around 97 per cent of world trade in IT products.

 

, , , , , ,

Deloitte predicts change for Internal Audit

A new report from Deloitte has some interesting conclusions—plus predictable ones. 2016 Global Chief Audit Executive Survey: Internal Audit at a crossroads has some provocative content. Deloitte says there is a choice to be made: “Evolution or irrelevance”.

 

, , , ,

New tort: Publicity given to private life

The Federal Court of Appeal has provided some guidance on the recently–recognized tort of intrusion upon seclusion and the as–yet–unrecognized tort of publicity given to private life.

 

, , , ,

Fraud: Why do people commit it?

An interesting interview with Eugene Soltes, the Jakurski Family Associate Professor of Business Administration at Harvard Business School, appeared in the Harvard Business School’s Working Knowledge publication. According to the school, “his research focuses on how individuals and organizations confront and overcome challenging situations”. “Why White-Collar Criminals Commit Their Crimes” is an ‘author interview’, Soltes having written Why they do it: Inside the mind of the white-collar criminal. I have not read the book, but suggest that those with continuing responsibility for detecting and/or investigating fraud might want to do so.

 

, , , , ,

New Ontario statutes in effect December 10, 2016

The new requirements may be particularly onerous for corporations like home–builders or condominium developers, or any other corporation which may have hundreds or thousands of ownership interests in land.

 

, , , , , , , ,

A revolution in risk management

Risk management, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives. All the standards, frameworks, and guidelines talk about risk in terms of its ability to affect the achievement of the organization’s objectives. Some things might happen that will help and some that will interfere with our progress.

 

, , , , ,

Previous Posts