First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Software Acquisition, Implementation and Maintenance

Talking sense about technology risk and cyber

You have to have sponsorship from the CEO and throughout the company to really understand and diagnose IT risks, data security risks and business risks, and then prioritize them.

 

, , , ,

Improve internal controls over fixed assets (Part 1)

Many organizations face challenges with recording and physically safeguarding fixed assets. Organizations must also meet disclosure and other requirements when they prepare audited or other financial statements, corporate tax returns (applicable to for-profit organizations) and T3010 Registered Charity Information Returns (applicable to charitable organizations). Accounting processes and procedures must facilitate these activities.

 

A step-by-step guide to creating a cybersecurity plan

The first step is easily accomplished by reviewing a few definitions. The second step is trickier. The third step may involve a lot of work, but you can start with six straightforward steps.

 

, , , , , , , , , , , , ,

Artificial intelligence: The year in review

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.

 

, , , , ,

Risk and game theory

game theory

The Cuban Missile Crisis is frequently cited as an example of the use of Game Theory. I am talking about the situation confronting the Kennedy government when they found that the USSR had installed missiles in Cuba that were capable of hitting American cities with nuclear weapons. Here is a link to a summary of […]

 

, , , , , , , , , , , , , , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Getting risk management right

In this commentary on a recent article by Doug Anderson, an advisor on behalf of the IIA on the COSO ERM update project, examples are provided on getting risk management right.

 

, , , , ,

Survival of the fittest: How can technology help small businesses thrive?

Canada’s failure rate for small and medium sized businesses is staggeringly high. Around one half of small and medium sized businesses survive past five years, while 15% don’t last a year. Today’s smaller businesses face a daunting task. The complexities of today’s market have created new risks, and myriad laws and regulations that can overwhelm just about any sized business.

 

, , ,

Update from the Canadian Securities Administrators on its Regulatory Sandbox for Fintechs

The week of June 26, the Canadian Securities Administrators (CSA) published some additional information on its CSA Regulatory Sandbox. The CSA Regulatory Sandbox, which was first launched on February 23, 2017, is an initiative of the CSA, designed to support Fintech businesses seeking to offer innovative products, services and applications in Canada.

 

, ,

The future of securities regulation of distributed ledger technologies

The following discussion provides a general description of blockchain and distributed ledger technologies (DLT) and the current state of the regulatory landscape in Ontario. To date, the Ontario Securities Commission has not explicitly categorized a blockchain token or coin (which are further discussed below) as an investment contract or other type of security under section […]

 

, , , , , ,

“Not there yet”: Bank of Canada experiments with blockchain wholesale payment system

The Bank of Canada embarked on Project Jasper to learn more about the feasibility, benefits and challenges of using DLT as the basis for a wholesale interbank payment system. These systems are crucial mechanisms for the financial industry that allow large financial institutions to process payments to each other as well as to and from central banks.

 

, , , , , , , ,

Canadian government suspends CASL private right of action

The Canadian federal government has announced that it has suspended the coming into force of the private right of action under Canada’s anti-spam legislation (CASL), originally scheduled to come into force on July 1, 2017.

 

, , , , , , , ,

CASL’s soon-to-be-enacted private right of action brings risk of class proceedings

On July 1, 2017, the private right of action under Canada’s Anti-Spam Legislation (CASL) will come into force.

 

, , , ,

Don’t outsmart yourself: AI and compliance

I’m a big fan of artificial intelligence. The older I get, the more I appreciate that real intelligence needs all the help it can get. Corporate ethics and compliance officers, however, need to pause before betting big on AI as a solution to all our needs.

 

, , , , ,

The current state of risk oversight: Useful or useless?

All the surveys, including this one, report that executives do not believe risk management practices at their organization are making a significant contribution to the development and execution of their strategies.

 

, , , , , , ,

Previous Posts