First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Accounts payable and receivable

A revolution in risk management

Risk management, whether you call it enterprise risk management, strategic risk management, or something else, is about helping an organization achieve its objectives. All the standards, frameworks, and guidelines talk about risk in terms of its ability to affect the achievement of the organization’s objectives. Some things might happen that will help and some that will interfere with our progress.

 

, , , , ,

Risk management guidance: Time for a leap change

Even though both COSO ERM and ISO 31000:2009 are evolving, moving to a greater emphasis on decision-–making and the setting and execution of strategy, the practice of managing risk continues to lag. I have written in my blogs and spoken in person to thought leaders involved in both COSO ERM and ISO 31000 updates about the need to take a huge leap forward. When the practice is seen as failing to contribute to success, and limited to a compliance function, something dramatic has to happen.

 

, , , , ,

CASL made clearer: First CRTC decision released

Until now, the Canadian Radio-Television and Telecommunications Commission’s CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, released on October 26, 2016, is significant because it is the first CASL enforcement decision to provide guidance on compliance. The decision contains several important lessons about regulation of commercial electronic messages in Canada before class action enforcement opens on July 1, 2017.

 

, , , , , , ,

The astonishing Wells Fargo fraud

The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!

 

, , , , , , , ,

Risk management: What academics fail to understand

How do you expect a CEO to believe risk management enables success when all the CRO gives him is a list of what could go wrong? He needs help to see what might happen, both good and bad, and what to do about it—in other words, risk management needs to be seen by the CEO as helping him or her get where he or she needs to go. Do you share my view? If so, how do we move both the practitioner and academic community?

 

, , , , , ,

Business tax information just got clearer!

The Canada Revenue Agency (CRA) has announced that it has redesigned the correspondence it sends to Corporations regarding their business tax information, including individual Canadians, and Goods and services tax/harmonized sales tax (GST/HST) notices of assessment (NOA) and notices of reassessment (NOR). The CRA has made changes to how the notices are structured, designed, formatted, and written, making the information easier to read and understand.

 

, , , , , , , , , , ,

CRTC’s reminder on record-keeping for CASL compliance

The Canadian Radio-television and Telecommunications Commission issued an enforcement advisory directing businesses and individuals to consider the importance of record-keeping pursuant to Canada’s anti-spam legislation (CASL). Under CASL, the onus remains on the sender of commercial electronic messages (CEMs) to demonstrate that it had the proper consents in place to send CEMs (whether implied or explicit).

 

, , , , ,

Proving consent under CASL: CRTC issues enforcement advisory notice

The Canadian Radio–television and Telecommunications Commission has issued an Enforcement Advisory notice directed to businesses and individuals that send commercial electronic messages (CEMs) as part of their commercial activities. Notably, the sender of CEMs must have the consent of the recipient to send them a message, or else the message is considered spam.

 

, , , , ,

New case law dealing with CRA requests for documents

On June 3, 2016, the Supreme Court of Canada released two important decisions dealing with requests made by the Canada Revenue Agency (“CRA”) for information. The cases highlight the fact that when an individual or an organization receive such a request from CRA, they should consider whether any of the information requested is subject to solicitor–client privilege. If solicitor–client privilege applies, the information should not be produced.

 

, , , , , ,

Risk and how we run our business

I am going to use a metaphor involving the board game of Monopoly to illustrate how I feel about risk management. The players compete to win by either having more money when the game ends (if there is a time limit) or by being the only one left standing after all the others have gone bankrupt. Let’s imagine our executive team is playing a game against its main competitors.

 

, , , , , ,

Some authoritative guidance on risk management and the three lines of defense

The King Code of Corporate Governance has been a fine source of principles and practice for governance, including risk, assurance, and compliance, ever since its initial release. In this post, I want to talk about two areas I find interesting in the draft Code.

 

, , , , , , , , , ,

Private right of action under Canada’s Anti-Spam Law (CASL)

As of July 1, 2017, individuals and organizations will be entitled to institute a “private right of action” before the courts against those that contravene certain provisions of Canada’s Anti-Spam Law (“CASL”). In the event of a contravention of the message rules in CASL, a monetary penalty up to a maximum of $1,000,000 per day may be imposed. This private right of action should be taken seriously right now. From this perspective and building on previous publications, this bulletin discusses this new mechanism.

 

, , , , , , , , ,

Anti-money laundering updates

Final amendments to Regulations to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act released.

 

, , , , , , , , ,

Prepare for harmonized sales tax (HST) rate changes

HST rates are set to increase in three provinces. Businesses based in, or doing business with these provinces should prepare for the changes.

 

, , , ,

Fill in the blanks and test your “Do Not Call” skills

Complying with the Unsolicited Telecommunications Rules (UTR) includes the National Do Not Call List (DNCL) Rules, the Telemarketing Rules and the Automatic Dialing-Announcing Devices (ADAD) Rules. Test your knowledge to see if you understand these obligations.

 

, , , , , ,

Previous Posts Next posts