First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Accounting Systems and Controls

Whistleblower protection: Employers need to create a speak-up environment

It is incumbent on Canadian employers to take whatever steps they can to implement systems that would allow whistleblowers to step forward without fear, and speak-up without punishment.

 

, , , , , , , , ,

Fintech regulatory developments: 2017 year in review

As predicted in our 2016 year-end report, 2017 proved to be a busy year for Fintech in Canada, with a number of important regulatory developments. With the dawn of 2018, we look back to summarize some of 2017’s most notable Fintech regulatory developments in Canada, as well as developments to watch for in 2018.

 

, , , , , , ,

Ontario proposes amendments to gift card rules to clarify scope

The Government of Ontario’s proposal to amend existing gift card rules under the Consumer Protection Act, 2002 (Ontario) states that the amendments are intended to clarify “confusion in the marketplace about how the rules apply to certain types of cards, like prepaid credit cards”.

 

, ,

Phishing losses exceed $224,000.00 after insurer denies coverage

In August 2010, someone called The Brick’s accounts payable (AP) department, pretending to be from Toshiba Canada. The caller said he was new to Toshiba and needed some payment details. The Brick employee faxed the payment information to the number which the caller provided.

 

, , , , , , , , , , ,

Canadian Anti-Money Laundering Law: What you need to know about compliance program requirements

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is Canada’s financial intelligence unit. Among other things, it is responsible for the enforcement of Canadian AML Law. In December 2017, FINTRAC released a revised guidance document relating to the compliance program requirements.

 

, , , , ,

The state of information or cyber security today

Senior management must understand the state of information or cyber security today and how it affects enterprise objectives and the delivery of value to customers and other stakeholders. A number of recent publications talk to this topic.

 

, , , , , , , , , ,

Is asking about risk culture the right question?

If you don’t have a consistent attitude towards taking risk among the few members of the executive team, how can you expect to have a consistent attitude among the population of employees and decision-makers?

 

, , ,

Canadian Competition Bureau releases final fintech report

The Bureau’s final fintech report is intended as guidance for financial services sector regulators and policymakers. The following are the key takeaways, which were covered in more detail when the draft report was issued.

 

, , , ,

Do we understand what a risk event is?

COSO ERM talks about the possible effect of an event on objectives, and in common parlance we are talking about something happening that has an effect on the organization. (COSO thinks of risk as the possibility of that event occurring; ISO talks about risk as the effect of what might happen on objectives.)

 

, , , ,

Canadian taxation of cryptocurrency … so far

Cryptocurrency is digital “money” that utilizes encryption techniques to regulate the issuance of units and verify their transfer. Cryptocurrency operates without the participation of a central bank or other government agency.

 

, , , , , ,

COSO ERM explains the flaw in risk appetite statements

Devotion to remaining within risk appetite (if you can even express one that will proactively guide decision-makers) is likely to make you risk averse – and focusing on avoiding harm is the path to avoiding success.

 

, , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Facilitation payments now illegal under Canada’s foreign corruption law

On October 31, 2017, the federal government brought into force a pending amendment to the Corruption of Foreign Public Officials Act likely to have a significant impact on many Canadian firms operating abroad. Starting on October 31, so-called “facilitation payments” – payments to low-level government officials to expedite or secure the performance of an act of a routine nature – will be illegal.

 

, , , ,

Internal controls for gift giving this holiday season

Many companies effectively minimize the risk of inappropriate gifts through stringent pre-approval requirements because a sufficiently robust and enforced pre-approval policy can reduce the number of gifts simply because of the headache of getting the pre-approval. This has the added benefit of ensuring enforcement of internal controls, largely because of the reduced volume of gifts being included in expense reports.

 

, , , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

Previous Posts Next posts