First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Financial Compliance / Planning / Management

Emerging risks: who is watching?

Who should be alert and watching for emerging risks: things that might happen (a better expression than the ‘R’ word, ‘risk’, because of its negative impression) that might affect the achievement of enterprise objectives?

 

, ,

Canada moves forward with a remediation agreement regime

It is likely that many organizations will choose to enter into a remediation agreement with the hope of obtaining a stay of the charges and avoiding the risk of a lengthy prosecution and subsequent criminal conviction.

 

, , , ,

TCC Clarifies child care expenses in Kwan

Kids are expensive. There’s no doubt about that. The Canadian government provides a small subsidy by allowing a limited amount of child care expenses to be deducted from income taxes.

 

, , ,

Good decisions take time and more

Do risk, governance, and audit practitioners consider the problem of decisions where insufficient time was taken to obtain the necessary information, consult with all affected parties, and THINK about the options?

 

, , , ,

Why are SOX compliance costs increasing so much?

From a recent survey by Protiviti, the information on how many organizations had to issue a cyber-security disclosure is interesting. Apparently, this generally resulted in an increase on SOX compliance hours – although the reason for a significant increase is not clear.

 

, , , , ,

What happens to your franchise agreement in the event of a change in the law?

Because franchise agreements are often signed for long periods of time (generally two to ten years), it is very important for any franchisor, and for anyone drafting a franchise agreement, to make sure that the risk (which is very real and constant) of laws or regulations being changed or of new laws or regulations, or new case law, is covered by appropriate provisions that properly tailored to the network’s industry.

 

, ,

Learn from British Airways’ security breach reporting and notification

British Airways’ experience described in this article underscores that cybersecurity is important, and Canadian entities preparing for mandatory security breach reporting and notification coming into force soon can take lessons from British Airways’ response to a security breach.

 

, , , , , , , , , , ,

Draft amending regulations issued under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, including in respect of virtual currencies and prepaid cards

New regulations issued June 9, 2018, follow the recent 2016 Financial Action Task Force (FATF) Mutual Evaluation Report for Canada (the “FATF Report”) which concluded that Canada largely has a strong legal framework and competent authorities dealing with money laundering and terrorist financing risks, but noted certain deficiencies that needed to be addressed.

 

, , ,

Canada takes next steps towards implementing the MLI

internal divisions

The objective of the MLI is to implement measures to counter base erosion and profit shifting (“BEPS “) without requiring each party to a bilateral tax treaty to enter into a bilateral negotiation process.

 

, , , ,

A new era of private corporation tax rules – Part IV

The new TOSI rules are effective as of January 1, 2018. However, corporations have until the end of 2018 to complete corporate reorganizations to meet the votes and value test in the “excluded shares” exception if that exception is otherwise available to be used. Other points from Bill C-74 will be of interest as well. This article highlights comments from the Canada Revenue Agency and Department of Finance made at the roundtable at CALU and STEP.

 

, , , ,

Is there an ROI for investing in cyber or information security?

IS ROI on cyber really as high as it may seem at first glance? At some point, it may be better to consider cyber risk as a “cost of doing business”. If you can’t actually reduce the likelihood of a breach, can you at least increase the likelihood of prompt detection and response?

 

, , , , , ,

FCAC releases report on best practices in financial consumer protection

The Report on Best Practices in Financial Consumer Protection published by the Financial Consumer Agency of Canada outlines several best practices for financial consumer protection regimes.

 

, , ,

What is an internal control, really?

What is a control, at an abstract level: what is it supposed to achieve, and how is it supposed to operate within an organization?

 

, , ,

New COSO ERM Guidance for ESG

It is essential to provide leaders with actionable information. Simply rating a risk as high or valuing it at $250,000 is meaningless. Leaders need to be able to make decisions between addressing one risk vs another, and going forward with a project given all the uncertainties related to its success. For that they need clear, detailed information, not a simple risk rating.

 

, , ,

Department of Finance Canada issues consultation paper on review of the Canadian Payments Act

A recent Consultation Paper sought comments on whether the 2015 Amendments had been successful in better enabling Payments Canada to meet its mandate to promote the efficiency, safety, and soundness of its systems while taking into account the interests of users.

 

, , , , ,

Previous Posts