First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

2017

Ontario Court of Appeal confirms broad scope of Crown copyright

In order to protect their ownership of copyright, organisations whose works might be published by the government should obtain any necessary assignments or waivers, since the Crown copyright regime does not apply if there is a private arrangement with the work’s author.

 

, , ,

COSO ERM explains the flaw in risk appetite statements

Devotion to remaining within risk appetite (if you can even express one that will proactively guide decision-makers) is likely to make you risk averse – and focusing on avoiding harm is the path to avoiding success.

 

, , ,

Updated: Nova Scotia passes new cyber-bullying legislation

On October 5, 2017, the Nova Scotia Legislature introduced Bill No. 27, the Intimate Images and Cyber-protection Act. The Act comes as Nova Scotia’s previous cyber-bullying legislation, the Cyber-safety Act, was struck down in 2015 by the Nova Scotia Supreme Court on constitutional challenge.

 

, , , , , , , , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Facilitation payments now illegal under Canada’s foreign corruption law

On October 31, 2017, the federal government brought into force a pending amendment to the Corruption of Foreign Public Officials Act likely to have a significant impact on many Canadian firms operating abroad. Starting on October 31, so-called “facilitation payments” – payments to low-level government officials to expedite or secure the performance of an act of a routine nature – will be illegal.

 

, , , ,

Internal controls for gift giving this holiday season

Many companies effectively minimize the risk of inappropriate gifts through stringent pre-approval requirements because a sufficiently robust and enforced pre-approval policy can reduce the number of gifts simply because of the headache of getting the pre-approval. This has the added benefit of ensuring enforcement of internal controls, largely because of the reduced volume of gifts being included in expense reports.

 

, , , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

Canada publishes a somewhat consolidated economic sanctions list

On October 13, 2017, Global Affairs Canada published the country’s first consolidated list of blacklisted individuals and entities under the Special Economic Measures Act (“SEMA”), known as the “Consolidated SEMA Sanctions List”. The Consolidated SEMA Sanctions List is intended to provide a single accessible website for members of the public to search for individuals and entities listed under SEMA sanctions regulations.

 

, , , , ,

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

 

, , , , , ,

Bill 141 – Proposed amendments to the Act respecting the Autorité des marchés financiers with regard to whistleblowing

Following the example of the Ontario Securities Commission, the Authority implemented a whistleblower program in June 2016. Contrary to Ontario, Quebec’s program does not give financial awards to whistleblowers, but it does guarantee a framework that ensures confidentiality and protects whistleblowers against reprisals. However, no legislative amendment guaranteeing these protections has been introduced until now.

 

, , , , , ,

“Swipe card” records inadmissible to prove time theft

An employee was terminated for time theft because his time cards did not align with the ‘swipe card’ records showing when he entered and exited the building. But did the employer collect the data in accordance with privacy laws?

 

, , , , ,

Getting risk management right

In this commentary on a recent article by Doug Anderson, an advisor on behalf of the IIA on the COSO ERM update project, examples are provided on getting risk management right.

 

, , , , ,

Ontario Court of Appeal breathes some life into anti-corruption pursuits

The Ontario Court of Appeal’s decision in this case injects new life into anti-corruption pursuits under the CFPOA and is a reminder that individuals may be personally liable for illegal conduct undertaken for a company’s benefit.

 

, , , ,

High-profile sexual harassment claims show a toxic culture can be a product defect

The rapid demise of the Weinstein Co., once one of the most successful movie studios in Hollywood, should have every CEO wondering: What skeletons does my organization have in the closet? And how could they destroy the value of my company’s brands, or the company itself?

 

, , , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Previous Posts Next posts