First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

The worst audit report I have seen

I have seen a few candidates for this title, but one stands out. This is how I described it in my best-selling book, World-Class Internal Audit: Tales from my Journey:

 

, , , , ,

Technology law highlights: 2017 Year in Review

Here, in no particular order, are some of the year’s highlights as chronicled by McCarthy Tétrault’s bloggers:

 

, , , , , ,

Fintech regulatory developments: 2017 year in review

As predicted in our 2016 year-end report, 2017 proved to be a busy year for Fintech in Canada, with a number of important regulatory developments. With the dawn of 2018, we look back to summarize some of 2017’s most notable Fintech regulatory developments in Canada, as well as developments to watch for in 2018.

 

, , , , , , ,

Artificial intelligence and the protection of personal information in Canada: The priority for 2018

“When I look at myself, I am discouraged, when I compare myself to others, I panic…” This distorted saying summarizes the interactions in 2017 between artificial intelligence (AI) and personal information. While the number of AI projects and successes continues to mount in Canada, especially in Montréal, discussions on “the after” remain embryonic: how can […]

 

, ,

Phishing losses exceed $224,000.00 after insurer denies coverage

In August 2010, someone called The Brick’s accounts payable (AP) department, pretending to be from Toshiba Canada. The caller said he was new to Toshiba and needed some payment details. The Brick employee faxed the payment information to the number which the caller provided.

 

, , , , , , , , , , ,

Keeping an eye on employees – Guidance from BC’s Office of the Information and Privacy Commissioner

If you decide that you need to keep an eye on your employees, you’ll want to take into consideration this guidance from BC’s Office of the Information and Privacy Commissioner. As technology becomes more inexpensive, accessible and ubiquitous, we are seeing an increase in employers’ use of surveillance tools. While workplace monitoring has its benefits, […]

 

, , , ,

Canadian Anti-Money Laundering Law: What you need to know about compliance program requirements

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is Canada’s financial intelligence unit. Among other things, it is responsible for the enforcement of Canadian AML Law. In December 2017, FINTRAC released a revised guidance document relating to the compliance program requirements.

 

, , , , ,

Identifying, assessing, and evaluating risk is the easy part

COSO ERM 2017 talks about strategy selection, which is a very important decision, and how you need to assess each option. The selection process includes understanding what might happen under each option (risks and opportunities in their language), weighing all the pros and cons, and then choosing the one that makes the most business sense.

 

, , , , , , ,

Québec Court of Appeal confirms application of French language requirements for websites

On December 20, 2017, in 156158 Canada inc. v. Attorney General of Québec, 2017 QCCA 2055, the Québec Court of Appeal confirmed the constitutional validity of the provisions of the Québec Charter of the French Language (the CFL) that require the joint or predominant use of French in commercial advertising, packaging and publications, including websites.

 

, , , ,

Key developments in Canada’s economic sanctions and export controls during 2017 & what to expect in 2018

This article begins with a summary of parliamentary recommendations to improve Canada’s sanctions regime, and then launches into reforms that have already taken shape, such as the creation of a publicly-accessible sanctions database and the adoption of a new Magnitsky Law. Second, it discusses recent updates to Canada’s export controls and economic sanctions laws. Third, we explore Canada’s preparations to join the Arms Trade Treaty with Bill C-47, including expected developments in 2018.

 

, , , , , , ,

The state of information or cyber security today

Senior management must understand the state of information or cyber security today and how it affects enterprise objectives and the delivery of value to customers and other stakeholders. A number of recent publications talk to this topic.

 

, , , , , , , , , ,

Is asking about risk culture the right question?

If you don’t have a consistent attitude towards taking risk among the few members of the executive team, how can you expect to have a consistent attitude among the population of employees and decision-makers?

 

, , ,

Canadian Competition Bureau releases final fintech report

The Bureau’s final fintech report is intended as guidance for financial services sector regulators and policymakers. The following are the key takeaways, which were covered in more detail when the draft report was issued.

 

, , , ,

Risk and game theory

game theory

The Cuban Missile Crisis is frequently cited as an example of the use of Game Theory. I am talking about the situation confronting the Kennedy government when they found that the USSR had installed missiles in Cuba that were capable of hitting American cities with nuclear weapons. Here is a link to a summary of […]

 

, , , , , , , , , , , , , , ,

Do we understand what a risk event is?

COSO ERM talks about the possible effect of an event on objectives, and in common parlance we are talking about something happening that has an effect on the organization. (COSO thinks of risk as the possibility of that event occurring; ISO talks about risk as the effect of what might happen on objectives.)

 

, , , ,

Previous Posts Next posts