First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Oh those trademark scammers

Never hesitate to enquire as to whether a solicitation received by email or mail regarding your Intellectual Property is legitimate. It is important to read the fine print to a solicitation to determine whether or not it comes from the CIPO.

 

, , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

 

, , , , , , , ,

Employee misconduct and social media

As technology continues to blur the line between personal and professional life, employers increasingly find themselves dealing with the impact of social media on the employment relationship.

 

, , ,

How well did COSO address comments on the ERM draft?

My impression is that COSO only tinkered with the draft. But, have they done enough to move practices forward, in the right direction? Will this update change the percentage of executives answering the piercing question by Deloitte, “Does risk management support, at a high level, the ability to develop and execute business strategies”, up from 13% close to 80%?

 

, , , , , ,

Which are the best principles for effective risk management?

I will let you decide which is the best set of principles: which is clearer in setting expectations for the effective management of risk and which is better as a basis for assessing the maturity of risk management.

 

, , , ,

Conducting an internal investigation? Here are 4 things to consider

search-warrant

Many internal investigations (such as harassment claims, fraud, misuse of company assets, etc) often involve the use of digital devices and may require a forensic analysis of those devices to find evidence of an employee’s actions.

 

, , ,

Three cybersecurity trends driving the Bank of Canada’s call for cybersecurity to be treated as a ‘public good’

As the level and sophistication of cyber-attacks continue to grow, there will be a mounting pressure on regulators to continue to develop coordinated, meaningful, mandatory minimum standards that are enforceable against all financial institutions and FMIs as well as their service providers.

 

, , , , , ,

Limitation periods and emails: Can an email signature extend a limitation period?

Potential debtors and defendants should proceed cautiously when exchanging emails with potential creditors and claimants knowing that such emails may extend potential limitation periods.

 

, , , ,

Is the COSO ERM update a success or failure?

Recently, COSO published an update to their 2004 ERM Framework. The product, retitled Enterprise Risk Management: Integrating with Strategy and Performance, is available from the AICPA or IIA.

 

, , , , ,

Expectation of privacy and electronic messaging: The Supreme Court of Canada to dot the “i’s”

It is best to remain abreast of developments in this matter, in order to clearly identify and be up-to-date on any guidelines concerning the disclosure of the content of messages between individuals in a judicial context.

 

, , , , , , ,

The root compliance problem: Shadow process

Sometimes I revisit my compliance roots in the world of Sarbanes-Oxley – a place much more concerned with financial reporting than corporate ethics and culture, I know. Yet lessons from one group that can help the other still abound.

 

, , , , , ,

A conversation about risk with a CEO

Leaving the word “risk” out of a risk discussion with an executive can prove to be a positive way forward when asking what can go right for a project rather than what might go wrong.

 

, , , ,

What HR needs to know about investigating an employee’s digital activity

You’ve been asked to review the digital activity of an employee. Your company has some concerns, and wants you to investigate. With the amount of enterprise-level technology and controls that most companies now have, shouldn’t that be fairly straightforward?

 

, , , ,

Major changes to Canada’s export and technology transfer controls coming into force shortly

The Government of Canada has announced that a new version of the Guide to Canada’s Export Controls (the “Guide”) will come into effect on August 11, 2017. The Guide lists the goods and technology subject to export and technology transfer controls.

 

, , , , , , , ,

Previous Posts