First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Risk visualization

Risk visualization can help executives make decisions not only to manage risks but to optimize outcomes and achieve objectives. I have to agree with the author of Are we witnessing the demise of the risk register (and the rise of risk visualisation)? He says, “I loathe risk registers”. So do, but for different reasons. He […]


, ,

Federal budget allocates significant funds towards cybersecurity

The Budget’s proposed investment in the area of cyber security is the largest single investment made in this area by the Canadian federal government. It also sends a strong signal that the government is focused on cyber threats that pose a real risk to the Canadian economy and national security.


, , , , , ,

It’s not about risk management – it’s about the achievement of objectives

I have said many times that it’s not about managing risks: it’s about managing the achievement of objectives. It’s about being successful. Success is measured through the achievement of specified objectives. We improve the likelihood and extent of success if we understand what might happen, both good and bad, as we strive to achieve our […]


, , ,

Supercash for superclusters: Government of Canada commits $950M in funding to five “superclusters” representing 450 Canadian entities

The ISI was launched on May 24, 2017, as part of the Government of Canada’s multi-year Innovation and Skills Plan in order to spark growth and help Canada realize its potential as a global leader in innovation. This was accomplished by encouraging the development of “superclusters”, which are industry-led, not-for-profit entities that have been formed to represent clusters of businesses, research institutions, and other innovators in regional and industry specific areas.


, , , , , ,

Privacy damages awarded for commercial use of a person’s image in a public setting

Organizations which use images for commercial purposes would be wise to seek the consent of all persons appearing in such images, even where the images are made in a public setting.


, , , , , ,

Collaboration between the business risk and IT security teams

Take each of your business objectives and plans. Now, figure out what might result from a technology-related failure (noting that ‘technology’ extends beyond the IT function). Then, what are you going to do about it?


, , , , , ,

Artificial intelligence: The year in review

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.


, , , , ,

Whistleblower protection: Employers need to create a speak-up environment

It is incumbent on Canadian employers to take whatever steps they can to implement systems that would allow whistleblowers to step forward without fear, and speak-up without punishment.


, , , , , , , , ,

The worst audit report I have seen

I have seen a few candidates for this title, but one stands out. This is how I described it in my best-selling book, World-Class Internal Audit: Tales from my Journey:


, , , , ,

Technology law highlights: 2017 Year in Review

Here, in no particular order, are some of the year’s highlights as chronicled by McCarthy Tétrault’s bloggers:


, , , , , ,

Fintech regulatory developments: 2017 year in review

As predicted in our 2016 year-end report, 2017 proved to be a busy year for Fintech in Canada, with a number of important regulatory developments. With the dawn of 2018, we look back to summarize some of 2017’s most notable Fintech regulatory developments in Canada, as well as developments to watch for in 2018.


, , , , , , ,

Artificial intelligence and the protection of personal information in Canada: The priority for 2018

“When I look at myself, I am discouraged, when I compare myself to others, I panic…” This distorted saying summarizes the interactions in 2017 between artificial intelligence (AI) and personal information. While the number of AI projects and successes continues to mount in Canada, especially in Montréal, discussions on “the after” remain embryonic: how can […]


, ,

Phishing losses exceed $224,000.00 after insurer denies coverage

In August 2010, someone called The Brick’s accounts payable (AP) department, pretending to be from Toshiba Canada. The caller said he was new to Toshiba and needed some payment details. The Brick employee faxed the payment information to the number which the caller provided.


, , , , , , , , , , ,

Keeping an eye on employees – Guidance from BC’s Office of the Information and Privacy Commissioner

If you decide that you need to keep an eye on your employees, you’ll want to take into consideration this guidance from BC’s Office of the Information and Privacy Commissioner. As technology becomes more inexpensive, accessible and ubiquitous, we are seeing an increase in employers’ use of surveillance tools. While workplace monitoring has its benefits, […]


, , , ,

Canadian Anti-Money Laundering Law: What you need to know about compliance program requirements

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is Canada’s financial intelligence unit. Among other things, it is responsible for the enforcement of Canadian AML Law. In December 2017, FINTRAC released a revised guidance document relating to the compliance program requirements.


, , , , ,

Previous Posts