First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

2016

Risk management guidance: Time for a leap change

Even though both COSO ERM and ISO 31000:2009 are evolving, moving to a greater emphasis on decision-–making and the setting and execution of strategy, the practice of managing risk continues to lag. I have written in my blogs and spoken in person to thought leaders involved in both COSO ERM and ISO 31000 updates about the need to take a huge leap forward. When the practice is seen as failing to contribute to success, and limited to a compliance function, something dramatic has to happen.

 

, , , , ,

Proposed Manitoba accessible employment standards

The Accessibility Advisory Council’s (AAC) is inviting interested stakeholders to provide their views to its initial proposal for accessible employment standards. Therefore, employment is the second of five accessibility standards being developed under the Accessibility for Manitobans Act (AMA).

 

, , , , , , , , , , , , , , , ,

Proposed Nova Scotia accessibility legislation

On November 2, 2016, the government proposed Nova Scotia accessibility legislation to promote equality of opportunity and increase the inclusion and participation of Nova Scotians who have disabilities or functional limitations in all areas of everyday life by promoting and encouraging the prevention, reduction and removal of barriers.

 

, , , , , , ,

CASL made clearer: First CRTC decision released

Until now, the Canadian Radio-Television and Telecommunications Commission’s CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, released on October 26, 2016, is significant because it is the first CASL enforcement decision to provide guidance on compliance. The decision contains several important lessons about regulation of commercial electronic messages in Canada before class action enforcement opens on July 1, 2017.

 

, , , , , , ,

The astonishing Wells Fargo fraud

The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!

 

, , , , , , , ,

Cybersecurity: CSA issues new guidance

Cybersecurity is top of mind for corporate boards and securities regulators alike. On September 27, 2016, the Canadian Securities Administrators (CSA) issued CSA Staff Notice 11-332 – Cyber Security (2016 Notice). The 2016 Notice updates the CSA’s previous notice on the same topic, CSA Staff Notice 11-326 Cyber Security for reporting issuers, registrants and regulated entities.

 

, , , , , ,

Risk management: What academics fail to understand

How do you expect a CEO to believe risk management enables success when all the CRO gives him is a list of what could go wrong? He needs help to see what might happen, both good and bad, and what to do about it—in other words, risk management needs to be seen by the CEO as helping him or her get where he or she needs to go. Do you share my view? If so, how do we move both the practitioner and academic community?

 

, , , , , ,

CRA provision misuse: The right to remain silent

Practically every tax professional in the country has had to deal with the situation which arises when the Canada Revenue Agency (CRA) bases its reassessing position on the basis of an oral comment to the CRA. The difficulty is that there is no proof the comment was made or it may have been the result of a misunderstanding between the parties. In our practice we had one instance where a comment by an official of a charity to the CRA served as basis for reassessing over a thousand taxpayers. While the official admitted to having made the comment the fact was that the CRA auditor had misunderstood the context in which it was made.

 

, , , , , , , ,

Privacy injunctions in the age of the internet and social media

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

 

, , , , , , , ,

Cyber risk and audit

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.

 

, , , , , , , ,

Charities political activities: CRA consulting on rules

The Government of Canada has committed to modernizing the rules governing the charitable sector to ensure that they are operating in a regulatory environment that respects and encourages their contribution to society. One of the areas they are looking into is clarifying the rules governing charities political activities.

 

, , , , , , , , , , , , , , ,

Lobbying: Considerations for not-for-profits

There have been many recent changes in lobbying law. Some jurisdictions, like New Brunswick, have passed lobbying legislation, while other jurisdictions, like Ontario, have made significant changes to existing legislation. Here are four things not–for–profits must consider.

 

, , , ,

IP address as personal information: Canadian and EU positions

The Office of the Privacy Commissioner’s findings do not mean that consent to the collection of an IP address is always required. There may be a number of legitimate reasons for collecting this information, including those relating to security of the site. These reasons would not necessarily extend, however, to collection and use of IP addresses for advertising purposes without some form of consent.

 

, , , , , , , , ,

Business tax information just got clearer!

The Canada Revenue Agency (CRA) has announced that it has redesigned the correspondence it sends to Corporations regarding their business tax information, including individual Canadians, and Goods and services tax/harmonized sales tax (GST/HST) notices of assessment (NOA) and notices of reassessment (NOR). The CRA has made changes to how the notices are structured, designed, formatted, and written, making the information easier to read and understand.

 

, , , , , , , , , , ,

CRTC’s reminder on record-keeping for CASL compliance

The Canadian Radio-television and Telecommunications Commission issued an enforcement advisory directing businesses and individuals to consider the importance of record-keeping pursuant to Canada’s anti-spam legislation (CASL). Under CASL, the onus remains on the sender of commercial electronic messages (CEMs) to demonstrate that it had the proper consents in place to send CEMs (whether implied or explicit).

 

, , , , ,

Previous Posts Next posts