First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Pot & privacy: BC Privacy Commissioner issues guidance for protection of personal information in cannabis transactions

The Office of the Information and Privacy Commissioner for British Columbia has released a guidance document to help cannabis retailers and purchasers understand their rights and obligations under the Personal Information Protection Act (British Columbia).

 

, , , ,

Is internal audit being distracted by consultants bearing sparkling new toys?

In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.

 

, , , , ,

CSA and IIROC propose regulatory framework for cryptoasset trading platforms

On March 14, 2019, the Canadian Securities Administrators and the Investment Industry Regulatory Organization of Canada published Consultation Paper 21-402 Proposed Framework for Crypto-Asset Trading Platforms proposing a regulatory framework for platforms that trade cryptoassets.

 

, , , ,

Are we taking risk, making a decision, or gambling?

We gamble all the time, but we don’t think of it that way. We think we are making decisions, not gambling – and often don’t see it as taking risk either.

 

, , ,

The ISACA has traded in COBIT 5 for COBIT 2019 (Part 3 of 3)

The ISACA has traded in the 7-year old COBIT 5 for COBIT 2019. This is the last of a 3-part series examining this change. Read part 1 here and part 2 here.

 

, , , , , , , ,

Assessing the effectiveness of your risk management program

The IIA has published a new Practice Guide, Assessing the Risk Management Process. In IIA-speak, this is recommended but not mandatory guidance for its members.

 

, , ,

The wonder and joy of internal auditing

More than 17 years ago, The IIA’s magazine published an article of mine, The new age of internal auditing. I made some provocative comments, including:

 

, ,

Talking about software for GRC

The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

 

, , , , , , ,

The ISACA has traded in COBIT 5 for COBIT 2019 (part 2 of 3)

The ISACA has traded in the 7-year-old COBIT 5 for COBIT 2019. This is the second of a 3-part series exploring COBIT 2019.

 

, , , , , , , ,

Osler submission to OECD on public consultation document addressing the tax challenges of the digitalisation of the economy

Osler made a submission [PDF] to the OECD in response to its February 13, 2019 public consultation document on the possible solutions to the tax challenges of digitalization (the 2019 Public Consultation Document).

 

, ,

The cyber heat map

Vince Dasta of Protiviti makes a good point (pun intended – as will be explained shortly) in Cyber Risk Assessment: Moving Past the “Heat Map Trap”.

 

, , ,

SWIFT publishes cybersecurity counterparty risk guidelines

On February 15, 2019, the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) published guidelines for assessing cybersecurity counterparty risk for financial institutions (the “Guidelines”).

 

, , , , , ,

A management risk committee

A question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects.

 

, ,

Test for patent obviousness not so obvious – Federal Court of Appeal affirms obviousness is a “flexible, contextual, expansive, and fact-driven inquiry”

In late January, in two decisions released simultaneously, the Federal Court of Appeal affirmed the broad and factually-suffused nature of the obviousness inquiry.

 

, , , , , , ,

Previous Posts