First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

New record-keeping requirements for Ontario corporations

While the new record-keeping requirements are relatively straightforward for corporations with just a few “ownership interests” in real property, corporations with significant interests, such as those involved in property development, face a much more onerous task. It is therefore recommended that Ontario corporations begin preparing the register as soon as possible to gather the required information and to establish a common practice.

 

, , , , , , , , , ,

Copyright year in review 2016

This article highlights noteworthy Canadian copyright law decisions and developments from 2016.

 

, , , , , , , , , , , , , , ,

Selecting software to help manage user access risk

I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.

 

, , , ,

Views on the future of risk management

James Lam has an impressive resume: Chief Risk Officer for major financial institutions, author of a respected book on ERM, consultant, and board member. Recently, he wrote a white paper that is available through RIMS or Workiva, Next Frontier: Performance-Based Continuous ERM. I think it is fair to say that James and I agree on many points but disagree on others.

 

, , , , ,

Adequacy of Canadian privacy law

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states.

 

, , , , , ,

A new front opens in the SOX battle

When potential material weaknesses are discovered during SOX or internal audit testing, my suggestion is to review the issue with the legal function. They can advise the CEO and CFO whether this should be disclosed as part of the Section 302 certification. This new front is clearly starting to open. Don’t let it pull you under.

 

, , , ,

Not–for–profits and charities: 4 New Year’s resolutions

Many people feel that New Year’s resolutions are passé, particularly since so many resolutions go unachieved each year. But, a resolution is essentially a plan to tackle something of importance, and planning is often half the battle. The following are 4 resolutions that can help strengthen charities and other not–for–profits in 2017.

 

, , , , ,

CASL and private right of action

Canada has the most onerous anti–spam/anti–malware law (CASL) in the world. In less than a year, July 1, 2017, it is going to become even worse. That’s when the private right of action comes into force.

 

, , , , , , , , , , ,

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Cybersecurity best practices for connected cars

Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.

 

, , , , , , , , , , , , , , ,

Closing your business for the holidays

The holidays are quickly approaching. However, leading to that point of unwinding can be stressful for many business owners, with the balancing of family demands and workplace year–end pressures. Regardless of such amounting pressures, businesses should not neglect their responsibilities to employees and clients before closing for the holidays.

 

, , , , ,

Privacy, privilege and wilfulness

On July 26th, 2016, the Supreme Court of British Columbia released an interesting decision that addresses questions regarding: (1) the scope of privilege that applies to work done by lawyers in relation to judicial proceedings; and (2) the interpretation of BC’s Privacy Act with respect to the requirements of “wilfulness”.

 

, , , , , , , , , , , ,

Risk and strategy entwined

Risk Officers have to consider themselves as business executives first and foremost. While their charter may talk about ‘risk’, their job is to help the board and executive team achieve the corporate objectives. They need to put themselves in the shoes of the CEO and board members. They cannot afford only to concern themselves with reasons not to pursue ventures–implying a desire to stay home and vegetate. Think like a CEO, act like a CEO, and talk like a CEO. Provide leadership with the information, process, systems, and so on to make effective decisions that lead to success.

 

, , ,

Previous Posts