First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Why is internal audit not seen positively?

One of the findings in a new report by Deloitte, their 2018 Global Chief Audit Executive research survey, is that only 33% of CAEs believe their function is seen positively.

 

, ,

Standing Committee on Finance releases recommendations on Canada’s anti-money laundering and anti-terrorist financing regime

anti-money laundering

Recently, the House of Common’s Standing Committee on Finance released its report titled, “Confronting Money Laundering and Terrorist Financing: Moving Canada Forward” (the “Report”). The Report was released pursuant to the Standing Committee’s mandate under Standing Order 108(2), which directed the Committee to study the Proceeds of Crime (Money Laundering) and Terrorist Financing Act1 (“PCMLTFA”) and was […]

 

, ,

People still don’t know how to assess cyber risk!

Why do the consultants keep advising management and the boards to consider cyber risk as if it is separate from all other business risks?

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2018

This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management.

 

, , , , ,

Influencer marketing: Understanding disclosure best practices

From the Instagram model advertising gifted products to the geek blogger paid to review video games, influencer advertising is now everywhere. Digital marketing is rapidly evolving (the world even saw its first CGI influencer earlier this year), and regulators are adapting accordingly.

 

, , ,

Stricter impaired driving laws are in force next week

Stricter impaired driving laws are set to come into force next week.

 

, , , ,

Bill introducing changes to IP legislation receives swift approval from parliament

Bill C-86, the Budget Implementation Act, 2018, No. 2, (the “Bill”) which makes a number of changes to the Trademarks Act, the Patent Act and the Copyright Act as well as introducing the College of Patent Agents and Trademark Agents Act became law in Canada after receiving Royal Assent on Dec. 13, 2018.

 

, , , ,

Who takes cyber risk?

Who is taking cyber risk? Is it the board and top management who are deciding how much scarce resource to invest in breach prevention, detection and response? Or is it the business leaders whose initiatives are damaged or worse should there be a security incident?

 

, ,

Five tips for compliance with new privacy consent guidelines

Privacy compliance is top of mind, not the least of all because of GDRP and Canada’s new mandatory breach notification rules. While you are updating your practices and procedures, do not forget that the Guidelines for obtaining meaningful consent (the “Guidelines”) will apply starting on January 1, 2019.

 

, ,

Costco reports a material weakness in internal control. But is it really?

In an Oct. 4th news release, Costco Wholesale announced its operating results for the 4th quarter and full year expecting to report a material weakness in internal control.

 

, , ,

Libel by tweet: Ontario Court of Appeal upholds dismissal of Twitter libel claim under anti-SLAPP legislation

A recent decision from the Ontario Court of Appeal (ONCA) adds to the growing body of Canadian case law confirming that tweets certainly can be libelous, though protections exist for comments on matters the court finds to be of public interest, including through anti-SLAPP legislation.

 

, , , , ,

The basics of risk management

I want to congratulate David Hillson (a.k.a. the Risk Doctor) for his video explaining his view of risk management basics. In Risk management basics: What exactly is it?, he takes less than five minutes to sum up risk management with six questions:

 

, , ,

Mistakes to avoid in conducting effective workplace investigations

Experience has shown us time and again that, of all the elements contributing to effective investigations, investigators consistently dedicate insufficient time and effort in a few critical areas; four to be exact.

 

, ,

Security breach notification and reporting requirements are now in force under Canada’s PIPEDA

Canada’s long-awaited federal private-sector data breach notification and reporting requirements came into force on November 1, 2018.

 

, , , , ,

UK government guidance on risk and cyber: the very good and the very bad

The National Cyber Security Center (NCSC) is a part of the UK’s Government Communications Headquarters (GCHQ). If you are like me, you may have only heard about GCHQ in an unflattering context, that of working with US intelligence agencies to spy on foreign heads of state and hack foreign agencies.

 

, ,

Previous Posts