First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Systems and Data Management

A CIO talks business sense about cyber security and the CISO

Every so often, I see an interesting piece on Forbes.com. This time it is How To Talk To the Board About Cybersecurity. A CIO shares his experience working with boards and advice on that challenge for CISOs. Here are some useful comments (with my highlights):

 

, , , , ,

A proactive approach to cyber risk management

It is not sufficient to say that cyber risk is high, medium, or low. The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.

 

, ,

How to assess the effectiveness of risk management

Internal auditors are expected, according to the IIA Standards and some governance codes, to assess the effectiveness of risk management.

 

, , ,

Financial Stability Board delivers report on financial stability implications of decentralised financial technologies

On June 6, 2019, the Financial Stability Board (the “FSB”), an international body that coordinates the work of national financial authorities, published a report on “Decentralised financial technologies” in response to a request by the Japanese presidency of the G20.

 

, , , , , , ,

Dramatic changes to the CRA Charities Listing

CRA has recently updated its Charities Listing and the most notable change is the fact that they have reduced the amount of information available on each Canadian registered charity.

 

, , , , ,

OECD principles on artificial intelligence released

On May 22, 2019, the Organization for Economic Cooperation and Development (OECD) approved the OECD Recommendation on Artificial Intelligence.

 

, , ,

New reports on the cost and incidence of cyber breaches

A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.

 

, , , , , , ,

Is internal audit being distracted by consultants bearing sparkling new toys?

In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.

 

, , , , ,

SWIFT publishes cybersecurity counterparty risk guidelines

On February 15, 2019, the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) published guidelines for assessing cybersecurity counterparty risk for financial institutions (the “Guidelines”).

 

, , , , , ,

Test for patent obviousness not so obvious – Federal Court of Appeal affirms obviousness is a “flexible, contextual, expansive, and fact-driven inquiry”

In late January, in two decisions released simultaneously, the Federal Court of Appeal affirmed the broad and factually-suffused nature of the obviousness inquiry.

 

, , , , , , ,

Department of Finance Canada issues consultation paper on open banking

On January 11, 2019, the Department of Finance Canada released a consultation paper seeking the views of Canadians on the potential benefits and risks of an open banking system.

 

, , ,

Transparency & trust: The underlying themes of top 10 ethics & compliance trends

As we prepare for the publication of our 2019 Top 10 Ethics & Compliance Trends Report, a common thread has become evident: transparency.

 

, , , , ,

Costco reports a material weakness in internal control. But is it really?

In an Oct. 4th news release, Costco Wholesale announced its operating results for the 4th quarter and full year expecting to report a material weakness in internal control.

 

, , ,

Ten considerations for a cybersecurity incident response plan

If you ask a group of cybersecurity experts what should be included in a Cybersecurity Incident Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of those answers contain similar themes including these ten important considerations your organization should be aware of when creating and managing a CIRP.

 

, , , , ,

Deloitte Internal Audit 3.0 has major flaws

Earlier this year, Deloitte published Internal Audit 3.0, The future of Internal Audit is now. It’s great that they are encouraging internal audit departments to change so they can meet modern demands, but their presentation that they are offering something novel and disruptive is way off the mark.

 

, , ,

Previous Posts