First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Corporate Governance

The most important question is WHY

Too often, people do things without asking themselves why they are doing them. It may be because that is what they have always done, what somebody told them to do, or because they read about it in a book or standard.

 

, , , ,

Is there an ROI for investing in cyber or information security?

IS ROI on cyber really as high as it may seem at first glance? At some point, it may be better to consider cyber risk as a “cost of doing business”. If you can’t actually reduce the likelihood of a breach, can you at least increase the likelihood of prompt detection and response?

 

, , , , , ,

Casinos, cards and counter-strike: A brief overview of skin gambling in Canada and abroad

In recent years, the gaming industry has seen the rise of so-called “skin gambling” websites. Critics have been quick to raise red flags, citing the need for profound regulation and protective measures shielding children from such platforms. This bulletin explores the practice of skin gambling, including regulatory responses in Quebec and the rest of the world.

 

, , , , , , , , , , , ,

The role of internal audit in risk management

If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?

 

, , ,

Plastic bag bans

Communities such as the City of Victoria recently enacted a bylaw prohibiting businesses from providing single-use plastic bags to customers and otherwise charging a fee for paper and reusable bags.

 

, , ,

What is an internal control, really?

What is a control, at an abstract level: what is it supposed to achieve, and how is it supposed to operate within an organization?

 

, , ,

Recent SEC settlement is cautionary tale for Canadian public issuers on disclosure of cyberincidents and related risks

The Securities and Exchange Commission’s (SEC) first enforcement action against a public issuer for failure to make timely disclosure of cyberincidents may be a wake-up call for Canadian public issuers and their directors and officers.

 

, , ,

Disclosure of forensic experts’ findings in data breach class action results in waiver of privilege

Given that maintaining privilege and confidentiality is a key objective in data breach incident response, organizations must structure their response teams and communications with a view to maintaining privilege.

 

, , ,

Is your ERM program as useful as a GPS?

An ERM program. like a GPS, helps with making informed and (hopefully) intelligent decisions so that objectives can be reached safely and on time.

 

, , ,

Only the clearest release will stop a class action: Superior Court of Québec authorizes class action by former employees against Air Canada

The Court authorized the class action on the basis that it was arguable that Air Canada had deliberately violated the Act by reducing the volume of work sent to Aveos, knowing that this would cause it to cease operations.

 

, ,

Has #MeToo changed the game for board-level compliance training?

Organizations should be applauded for their improvements in board compliance training. But they need to keep working, to channel their increased focus on board awareness and to make sure that their directors are getting the right training to truly lead their organizations.

 

, , , , , ,

Target 2030 and beyond: BC government unveils legislation to update greenhouse gas reduction targets

The British Columbia government has emphasized its intention to “remove barriers, and make it attractive and affordable for people, communities and industry to move to lower-carbon alternatives” while at the same time “grow[ing] an economy that’s stronger, cleaner, more diverse and more resilient.”

 

, , , , ,

B.C. considers benefit corporations

British Columbia may become the first province in Canada to pass legislation that provides for the creation of “benefit corporations.” Benefit corporations are different from the typical for-profit business corporation in that they must be mandated to conduct business for the purpose of creating a general public benefit. It will be interesting to see where the benefit company model will go in B.C. The benefit company is somewhat similar to the existing B.C. C3, which is a hybrid corporate structure featuring both for-profit and a non-profit components.

 

, , ,

Is it a management or board failure when no action is taken on audit findings?

How effective are your organization’s internal audit reports? An effective internal audit report and proper communication on the part if IAs can promote appropriate action on the part of management and the board.

 

, , , ,

Government of Canada announces significant expansion of Integrity Regime for federal contracting

Recently, the Government of Canada announced that it has completed its extensive consultation process that took place over the past year, and it has decided to implement new changes to the Integrity Regime.

 

, , ,

Previous Posts Next posts