First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Standing committee released its report on Canada’s Anti-Spam Law

According to Micheal Geist, Professor of Law Canada Research Chair in Internet and E-commerce Law Faculty of Law, Common Law Section Centre for Law, Technology and Society, “the committee has asked the government for a detailed response to the report, which should be forthcoming in the spring. The government can be expected to fully support the enforcement recommendations, but retain flexibility on the recommendations for further clarification

 

, , , , , , ,

Top 10 most-read Inside Internal Controls posts for 2017 and Season’s greetings

We are signing off with a list of the top 10 most-read Inside Internal Controls posts for 2017. This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management among others. The top 10 most-read Inside Internal Controls posts for 2017 include:

 

, , , , , ,

Can you manage technology risk in today’s environment?

This is a new world and we need to re-examine traditional techniques for addressing technology risk. Before assessing and testing controls, challenge management on whether they believe effective security is in place and why. An internal audit team can help with this.

 

, , , , , ,

Canadian taxation of cryptocurrency … so far

Cryptocurrency is digital “money” that utilizes encryption techniques to regulate the issuance of units and verify their transfer. Cryptocurrency operates without the participation of a central bank or other government agency.

 

, , , , , ,

Updated: Nova Scotia passes new cyber-bullying legislation

On October 5, 2017, the Nova Scotia Legislature introduced Bill No. 27, the Intimate Images and Cyber-protection Act. The Act comes as Nova Scotia’s previous cyber-bullying legislation, the Cyber-safety Act, was struck down in 2015 by the Nova Scotia Supreme Court on constitutional challenge.

 

, , , , , , , , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

 

, , , , , ,

Bill 141 – Proposed amendments to the Act respecting the Autorité des marchés financiers with regard to whistleblowing

Following the example of the Ontario Securities Commission, the Authority implemented a whistleblower program in June 2016. Contrary to Ontario, Quebec’s program does not give financial awards to whistleblowers, but it does guarantee a framework that ensures confidentiality and protects whistleblowers against reprisals. However, no legislative amendment guaranteeing these protections has been introduced until now.

 

, , , , , ,

“Swipe card” records inadmissible to prove time theft

An employee was terminated for time theft because his time cards did not align with the ‘swipe card’ records showing when he entered and exited the building. But did the employer collect the data in accordance with privacy laws?

 

, , , , ,

Getting risk management right

In this commentary on a recent article by Doug Anderson, an advisor on behalf of the IIA on the COSO ERM update project, examples are provided on getting risk management right.

 

, , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

 

, , , , ,

Oh those trademark scammers

Never hesitate to enquire as to whether a solicitation received by email or mail regarding your Intellectual Property is legitimate. It is important to read the fine print to a solicitation to determine whether or not it comes from the CIPO.

 

, , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

 

, , , , , , , ,

Employee misconduct and social media

As technology continues to blur the line between personal and professional life, employers increasingly find themselves dealing with the impact of social media on the employment relationship.

 

, , ,

Previous Posts Next posts