Systems Acquisition, Maintenance and Disposal
I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.
If someone asked you “where” your cloud storage is, would you know the answer? The “cloud” is the common term used when data is stored remotely but yet accessible (to your multiple devices) through the internet. Given that the data is now ‘remote’ we often receive questions from clients as to whether keeping books and records in this way meets their obligation under the Income Tax Act.
Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.
In December 2015, over 50 WTO members, including Canada, gathered at the Nairobi Ministerial Conference, and agreed to the expansion of the Information Technology Agreement (ITA), a WTO agreement that aims to eliminate tariffs on IT products. The ITA was originally concluded by 29 participants in 1996. It now has over 82 participants, representing around 97 per cent of world trade in IT products.
The Federal Court of Appeal has provided some guidance on the recently–recognized tort of intrusion upon seclusion and the as–yet–unrecognized tort of publicity given to private life.
Clearly, the great majority base their audit plan on some combination of (macro) enterprise-level risks and (micro) risks at a lower level of the organization. Somewhat more have weighted their plan towards the micro level than the macro level. So what does this all mean?
I am going to use a metaphor involving the board game of Monopoly to illustrate how I feel about risk management. The players compete to win by either having more money when the game ends (if there is a time limit) or by being the only one left standing after all the others have gone bankrupt. Let’s imagine our executive team is playing a game against its main competitors.