First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Network, Systems and Data Security

Artificial intelligence: The year in review

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.

 

, , , , ,

The worst audit report I have seen

I have seen a few candidates for this title, but one stands out. This is how I described it in my best-selling book, World-Class Internal Audit: Tales from my Journey:

 

, , , , ,

Technology law highlights: 2017 Year in Review

Here, in no particular order, are some of the year’s highlights as chronicled by McCarthy Tétrault’s bloggers:

 

, , , , , ,

Canadian Anti-Money Laundering Law: What you need to know about compliance program requirements

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is Canada’s financial intelligence unit. Among other things, it is responsible for the enforcement of Canadian AML Law. In December 2017, FINTRAC released a revised guidance document relating to the compliance program requirements.

 

, , , , ,

The state of information or cyber security today

Senior management must understand the state of information or cyber security today and how it affects enterprise objectives and the delivery of value to customers and other stakeholders. A number of recent publications talk to this topic.

 

, , , , , , , , , ,

Canadian Competition Bureau releases final fintech report

The Bureau’s final fintech report is intended as guidance for financial services sector regulators and policymakers. The following are the key takeaways, which were covered in more detail when the draft report was issued.

 

, , , ,

Can you manage technology risk in today’s environment?

This is a new world and we need to re-examine traditional techniques for addressing technology risk. Before assessing and testing controls, challenge management on whether they believe effective security is in place and why. An internal audit team can help with this.

 

, , , , , ,

Canadian taxation of cryptocurrency … so far

Cryptocurrency is digital “money” that utilizes encryption techniques to regulate the issuance of units and verify their transfer. Cryptocurrency operates without the participation of a central bank or other government agency.

 

, , , , , ,

Updated: Nova Scotia passes new cyber-bullying legislation

On October 5, 2017, the Nova Scotia Legislature introduced Bill No. 27, the Intimate Images and Cyber-protection Act. The Act comes as Nova Scotia’s previous cyber-bullying legislation, the Cyber-safety Act, was struck down in 2015 by the Nova Scotia Supreme Court on constitutional challenge.

 

, , , , , , , , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

 

, , , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

 

, , , , , , , ,

How well did COSO address comments on the ERM draft?

My impression is that COSO only tinkered with the draft. But, have they done enough to move practices forward, in the right direction? Will this update change the percentage of executives answering the piercing question by Deloitte, “Does risk management support, at a high level, the ability to develop and execute business strategies”, up from 13% close to 80%?

 

, , , , , ,

Conducting an internal investigation? Here are 4 things to consider

search-warrant

Many internal investigations (such as harassment claims, fraud, misuse of company assets, etc) often involve the use of digital devices and may require a forensic analysis of those devices to find evidence of an employee’s actions.

 

, , ,

Three cybersecurity trends driving the Bank of Canada’s call for cybersecurity to be treated as a ‘public good’

As the level and sophistication of cyber-attacks continue to grow, there will be a mounting pressure on regulators to continue to develop coordinated, meaningful, mandatory minimum standards that are enforceable against all financial institutions and FMIs as well as their service providers.

 

, , , , , ,

Previous Posts