Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.
On July 26th, 2016, the Supreme Court of British Columbia released an interesting decision that addresses questions regarding: (1) the scope of privilege that applies to work done by lawyers in relation to judicial proceedings; and (2) the interpretation of BC’s Privacy Act with respect to the requirements of “wilfulness”.
Risk Officers have to consider themselves as business executives first and foremost. While their charter may talk about ‘risk’, their job is to help the board and executive team achieve the corporate objectives. They need to put themselves in the shoes of the CEO and board members. They cannot afford only to concern themselves with reasons not to pursue ventures–implying a desire to stay home and vegetate. Think like a CEO, act like a CEO, and talk like a CEO. Provide leadership with the information, process, systems, and so on to make effective decisions that lead to success.
I have been saying for a while that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language.
The United States Federal Trade Commission has issued warning letters to 28 companies claiming to be certified participants in the Asia–Pacific Economic Cooperative Cross-Border Privacy Rules system. This is an important reminder for companies, including Canadian companies, that the use of international certifications is something in which regulators take a keen interest.
This last week, COSO published an Exposure Draft of its ERM Framework Update, freshly entitled Enterprise Risk Management – Aligning Risk with Strategy and Objectives. The COSO update is a significant moment for all risk practitioners. So I strongly recommend that everybody take the time to review and give careful consideration to the draft.
When the Liberals came into power last year, the new Minister of National Revenue announced that she was putting a halt to the “political activities” audit of charities that the previous administration had been conducting for the past few years. In practice, this meant that the charities in line to be audited under the program were given a reprieve, but those that were already in the course of being audited were not. One of the latter charities, Canada Without Poverty, is now bringing a constitutional challenge against the political activities law.
In December 2015, over 50 WTO members, including Canada, gathered at the Nairobi Ministerial Conference, and agreed to the expansion of the Information Technology Agreement (ITA), a WTO agreement that aims to eliminate tariffs on IT products. The ITA was originally concluded by 29 participants in 1996. It now has over 82 participants, representing around 97 per cent of world trade in IT products.
A new report from Deloitte has some interesting conclusions—plus predictable ones. 2016 Global Chief Audit Executive Survey: Internal Audit at a crossroads has some provocative content. Deloitte says there is a choice to be made: “Evolution or irrelevance”.
The Federal Court of Appeal has provided some guidance on the recently–recognized tort of intrusion upon seclusion and the as–yet–unrecognized tort of publicity given to private life.
An interesting interview with Eugene Soltes, the Jakurski Family Associate Professor of Business Administration at Harvard Business School, appeared in the Harvard Business School’s Working Knowledge publication. According to the school, “his research focuses on how individuals and organizations confront and overcome challenging situations”. “Why White-Collar Criminals Commit Their Crimes” is an ‘author interview’, Soltes having written Why they do it: Inside the mind of the white-collar criminal. I have not read the book, but suggest that those with continuing responsibility for detecting and/or investigating fraud might want to do so.
The new requirements may be particularly onerous for corporations like home–builders or condominium developers, or any other corporation which may have hundreds or thousands of ownership interests in land.
Risk management, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives. All the standards, frameworks, and guidelines talk about risk in terms of its ability to affect the achievement of the organization’s objectives. Some things might happen that will help and some that will interfere with our progress.