First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Fraud and Corruption

Fraud: Why do people commit it?

An interesting interview with Eugene Soltes, the Jakurski Family Associate Professor of Business Administration at Harvard Business School, appeared in the Harvard Business School’s Working Knowledge publication. According to the school, “his research focuses on how individuals and organizations confront and overcome challenging situations”. “Why White-Collar Criminals Commit Their Crimes” is an ‘author interview’, Soltes having written Why they do it: Inside the mind of the white-collar criminal. I have not read the book, but suggest that those with continuing responsibility for detecting and/or investigating fraud might want to do so.

 

, , , , ,

The astonishing Wells Fargo fraud

The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!

 

, , , , , , , ,

BC Privacy Office says free legal advice doesn’t trigger client ID requirements

A recent Mediation Settlement from the BC Privacy Commissioner has raised an issue of particular interest to law firms, and other organizations which must meet “Know Your Client” requirements. The item is brief, but seems to suggest that free legal advice doesn’t trigger the “Know Your Client” provisions imposed by various Law Societies for compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. According to this Mediation Settlement, only paid legal advice triggers that obligation.

 

, , , , , , , , ,

Have your provided comments on the COSO ERM draft?

Have your provided comments on the COSO ERM draft? Please share your views on this important document. I submitted my comments some time ago. I realize that some of you prefer the ISO 31000:2009 global standard on risk management. But let’s recognize that nearly half of the risk management functions around the world are
influenced by if not using the COSO framework.

 

, , , , , , , ,

Pension and benefit plan provider breaches privacy law causing employee to lose life insurance coverage

Many of us have called service providers to change basic information, such as a mailing address. You pick up the phone, speak to a representative, and the change is made; no big deal, right? This seamless scenario may not always be the case. Any little misstep on an organization’s part can cause grief not only for the customer, but also for the organization itself. This proved to be true when an employee complained, to the Office of the Privacy Commissioner of Canada, that her employment pension and benefit provider disclosed her personal information to a third party without her consent.

 

, , , , , , , , , , ,

U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.

 

, , , , , , , , , , , , , ,

Data breaches: All’s not lost, even if your data is (and if you’ve taken precautions)

As anyone who’s ever left a USB key in a Kinko’s knows, it’s easy to lose a mobile device containing sensitive user information. As a recent statement from the Newfoundland and Labrador’s Office of the Information and Privacy Commissioner shows, taking preemptive steps to make the user information on a mobile device more secure could protect the information – and your organization – if the device ever falls into the wrong hands.

 

, , , , , , , , , ,

The art of restraint

A restrictive covenant is a class of legal “promise” imposing a restriction on one party for the benefit of another. When drafted correctly, restrictive covenants are an invaluable tool to protect your business.

 

, , , , , , ,

Be aware of potential liabilities when buying a business

In a recent decision, Gestion F. Lessard inc. v. Bournival, the Superior Court of Québec observed the potential liabilities involved in share purchase transactions — such as threats of litigation by unsatisfied customers, employee conflicts and software malfunction — and reminded us that not all potential liabilities can be imputed on the seller for fraud.

 

, , , , , , , , , ,

Anti-money laundering updates

Final amendments to Regulations to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act released.

 

, , , , , , , , ,

Whistleblowers: The AMF will not offer any reward

On February 18, 2016, after a thorough and rigorous analysis which included closely monitoring the rewards-based whistleblower programs offered by the U.S. and Ontario, the Autorité des marchés financiers (the AMF) announced that it does not intend to offer financial rewards to whistleblowers. Instead, the AMF wishes to promote a whistleblower program that builds on existing measures.

 

, , , , , , , , , , ,

The pitfalls of unwritten contracts – Part 1

This is not to suggest that written contracts provide perfect inoculation against lawsuits—litigants often misunderstand the obvious; written information may be open to multiple interpretations; and people sue even when they have no case. Two important considerations when making an agreement that you wish to be legally binding and enforceable in a court of law, are:

 

, , , , , , , , , , , , , , , ,

Internal audit: Essential to minimizing risk

Managing risk in today’s business environment has become a far more complex process than it ever has been. This can be attributed to a number of factors, such as increased government regulation and cyber-based issues. Other factors include uncertain political and economic situations that can arise, sustainable development and environmental concerns. These issues can have a substantial impact on small, medium and large organizations.

 

, , , , ,

Data breach protection services: Taxable in Canada?

A recent IRS announcement raises questions about how Canadian tax authorities will treat the free data protection services that organizations often provide in order to mitigate data breaches.

 

, , , , , , , , , , , ,

Managing risk means opening your eyes every day

On the surface, it is good news that the majority of Canadian CFOs are confident in their management of risk and believe that employees understand the risks to the organization. 72% feel that their strategy is aligned with their risk appetite. But, do the authors of the study understand what effective risk management entails?

 

, , , , , , ,

Previous Posts Next posts