First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Systems Acquisition, Maintenance and Disposal

Contractual considerations in robotic process automation and artificial intelligence outsourcing

RPA and AI technologies can be a game-changer for your organization from a commercial perspective, but procuring those technologies and managing the new risk landscape requires a fundamental shift in mindset vis-à-vis a traditional outsourcing contract.

 

, , , , , ,

Canadian developments in digital identity

search-warrant

Digital identity is increasingly becoming a hot topic globally and Canada is no exception. For example, amendments to the Bank Act (and equivalent legislation in respect of federal insurance companies and federal loan and trust companies) have recently been introduced permitting federally regulated financial institutions to provide “identification, authentication or verification services”.

 

, , , , , ,

Collective agreement, not software, drives employee entitlements

Organizations must carefully and proactively determine user requirements and document them with great specificity when designing or evaluating software options to manage payroll and benefits within their companies.

 

, , , , , , , , , , , , , , , , ,

Improve internal controls over fixed assets (Part 2)

A failure to satisfy proper cut-off, completeness, existence, accuracy and ownership are common problems arising from weak or non-existent fixed asset policies. The overarching approach to satisfying these issues is to design and implement internal controls in proper policies and procedures.

 

, , , , , , , , , , , , , , , , , , , ,

Talking sense about technology risk and cyber

You have to have sponsorship from the CEO and throughout the company to really understand and diagnose IT risks, data security risks and business risks, and then prioritize them.

 

, , , ,

Improve internal controls over fixed assets (Part 1)

Many organizations face challenges with recording and physically safeguarding fixed assets. Organizations must also meet disclosure and other requirements when they prepare audited or other financial statements, corporate tax returns (applicable to for-profit organizations) and T3010 Registered Charity Information Returns (applicable to charitable organizations). Accounting processes and procedures must facilitate these activities.

 

A step-by-step guide to creating a cybersecurity plan

The first step is easily accomplished by reviewing a few definitions. The second step is trickier. The third step may involve a lot of work, but you can start with six straightforward steps.

 

, , , , , , , , , , , , ,

Risk and game theory

game theory

The Cuban Missile Crisis is frequently cited as an example of the use of Game Theory. I am talking about the situation confronting the Kennedy government when they found that the USSR had installed missiles in Cuba that were capable of hitting American cities with nuclear weapons. Here is a link to a summary of […]

 

, , , , , , , , , , , , , , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Conducting an internal investigation? Here are 4 things to consider

search-warrant

Many internal investigations (such as harassment claims, fraud, misuse of company assets, etc) often involve the use of digital devices and may require a forensic analysis of those devices to find evidence of an employee’s actions.

 

, , ,

Processes to support information technology effectiveness reviews

This blog post reminds organizations that they should take the time to conduct information technology effectiveness reviews, to evaluate and improve the IT department’s role in achieving the organization’s goals.

 

, , , , , , , ,

What do audit committees think about risk and audit?

I am encouraged by the latest KPMG report, their 2017 Global Audit Committee Pulse Survey. I am encouraged because KPMG appears to be asking the right questions and getting intelligent answers.

 

, , , , , , ,

The future of risk management

The Institute of Risk Management has a great feature where they have asked people around the world, including a number of luminaries, about the future of risk management.

 

, , , ,

The future of securities regulation of distributed ledger technologies

The following discussion provides a general description of blockchain and distributed ledger technologies (DLT) and the current state of the regulatory landscape in Ontario. To date, the Ontario Securities Commission has not explicitly categorized a blockchain token or coin (which are further discussed below) as an investment contract or other type of security under section […]

 

, , , , , ,

Canadian government suspends CASL private right of action

The Canadian federal government has announced that it has suspended the coming into force of the private right of action under Canada’s anti-spam legislation (CASL), originally scheduled to come into force on July 1, 2017.

 

, , , , , , , ,

Previous Posts