First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

New information about cyber risk is alarming

According to the 2018 Sentinel One Global Ransomware Report, it appears that the frequency of attacks are surprisingly high, but the extent of damage is surprisingly low.

 

, ,

CASL enforcement: Recent trend

It can be relatively difficult to read the tea leaves in the CRTC’s approach to CASL enforcement, because there is little public record of those enforcement activities. This was noted by the Standing Committee on Industry, Science and Technology, in its statutory review of the Act. However, what signs do exist suggest that enforcement activities are accelerating. In 2016 and 2017, the CRTC announced only one undertaking in a CASL proceeding. By contrast, in the first quarter of 2018, there have already been two.

 

, , , ,

Overarching limit on the collection, use and disclosure of personal information

A key takeaway for organizations is that it is not enough to comply with other provisions in PIPEDA, for example, obtaining meaningful consent. Organizations must still show that their purposes for collecting, using or disclosing personal information are those that a reasonable person would consider appropriate in the circumstances.

 

, , , ,

Is there an ROI for investing in cyber or information security?

IS ROI on cyber really as high as it may seem at first glance? At some point, it may be better to consider cyber risk as a “cost of doing business”. If you can’t actually reduce the likelihood of a breach, can you at least increase the likelihood of prompt detection and response?

 

, , , , , ,

Casinos, cards and counter-strike: A brief overview of skin gambling in Canada and abroad

In recent years, the gaming industry has seen the rise of so-called “skin gambling” websites. Critics have been quick to raise red flags, citing the need for profound regulation and protective measures shielding children from such platforms. This bulletin explores the practice of skin gambling, including regulatory responses in Quebec and the rest of the world.

 

, , , , , , , , , , , ,

What is an internal control, really?

What is a control, at an abstract level: what is it supposed to achieve, and how is it supposed to operate within an organization?

 

, , ,

Recent SEC settlement is cautionary tale for Canadian public issuers on disclosure of cyberincidents and related risks

The Securities and Exchange Commission’s (SEC) first enforcement action against a public issuer for failure to make timely disclosure of cyberincidents may be a wake-up call for Canadian public issuers and their directors and officers.

 

, , ,

So what if the risk is high?

Most organizations cannot afford to reduce every single risk to what some practitioners would deem acceptable. Providing actionable information about all the things that might happen, not by using terms like High, Medium, or Low, but in specific business terms will help evaluate which risks to take.

 

, , , , ,

Online advisors: Stand-alone investment managers or tools for portfolio managers?

While the use of technology can lower the cost of investment advisory services, the introduction of algorithmic technology or other forms of artificial intelligence into the investment advice process introduces new risks to investors which raises questions.

 

, , , ,

Why do we need risk management?

Risk management is about helping an organization achieve its objectives in the face of uncertainty.

 

, ,

What is your consolidated risk exposure?

This article discusses consolidated risk exposure and different risk management tools.

 

, , , ,

Could the creations of artificial intelligence be entitled to intellectual property protection?

Given the ever changing landscape of AI based technology and legal developments, those involved in AI would be well advised to seek guidance on how to best leverage technological advancement to improve the efficiency and efficacy of their creative processes.

 

, ,

European commission releases proposal to regulate crowdfunding

Crowdfunding Service Providers (CSPs) can provide businesses and individuals with a digital platform to reach out to potential investors for funding. Presently, some EU countries have their own national legislation on crowdfunding while others require CSPs to be licensed and operate under EU frameworks.

 

, , , , ,

Are you managing risk or are you managing the organization?

Stop managing risk – manage the business. Stop talking about accepting or managing risk and start talking about taking the right risks through informed and intelligent decisions.

 

, , , , ,

Québec Court of Appeal confirms application of French language requirements for websites

The Quebec Court of Appeal reaffirmed the jurisprudence as to the constitutional validity of provisions requiring the joint or predominant use of French in Québec in respect of commercial advertising, packaging and publications, including websites.

 

, , ,

Previous Posts