First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Systems and Data Management

Conducting an internal investigation? Here are 4 things to consider

search-warrant

Many internal investigations (such as harassment claims, fraud, misuse of company assets, etc) often involve the use of digital devices and may require a forensic analysis of those devices to find evidence of an employee’s actions.

 

, , ,

A conversation about risk with a CEO

Leaving the word “risk” out of a risk discussion with an executive can prove to be a positive way forward when asking what can go right for a project rather than what might go wrong.

 

, , , ,

What HR needs to know about investigating an employee’s digital activity

You’ve been asked to review the digital activity of an employee. Your company has some concerns, and wants you to investigate. With the amount of enterprise-level technology and controls that most companies now have, shouldn’t that be fairly straightforward?

 

, , , ,

Major changes to Canada’s export and technology transfer controls coming into force shortly

The Government of Canada has announced that a new version of the Guide to Canada’s Export Controls (the “Guide”) will come into effect on August 11, 2017. The Guide lists the goods and technology subject to export and technology transfer controls.

 

, , , , , , , ,

Six principles for effective risk management

In World-Class Risk Management, I review the eleven principles in the ISO 31000:2009 global risk management standard and condense them to just six.

 

, , , , , , ,

Update from the Canadian Securities Administrators on its Regulatory Sandbox for Fintechs

The week of June 26, the Canadian Securities Administrators (CSA) published some additional information on its CSA Regulatory Sandbox. The CSA Regulatory Sandbox, which was first launched on February 23, 2017, is an initiative of the CSA, designed to support Fintech businesses seeking to offer innovative products, services and applications in Canada.

 

, ,

Processes to support information technology effectiveness reviews

This blog post reminds organizations that they should take the time to conduct information technology effectiveness reviews, to evaluate and improve the IT department’s role in achieving the organization’s goals.

 

, , , , , , , ,

NIST’s recommended password policy evolves

As imperfect a means of authentication as they are, “memorized secrets” like passwords, pass phrases and PINs are common, and indeed are the primary means of authentication for most computer systems. In June, the National Institute of Standards and Technology issued a new publication on digital identity management that, in part, recommends changes to password policy that has become standard in many organizations—policy requiring passwords with special characters.

 

, , , , , , , ,

What do audit committees think about risk and audit?

I am encouraged by the latest KPMG report, their 2017 Global Audit Committee Pulse Survey. I am encouraged because KPMG appears to be asking the right questions and getting intelligent answers.

 

, , , , , , ,

The future of risk management

The Institute of Risk Management has a great feature where they have asked people around the world, including a number of luminaries, about the future of risk management.

 

, , , ,

The right to be forgotten has a three-piece suit tailor-made in Canada? From Quebec to British Columbia

This article aims to situate the debate on the right to be forgotten in light of three major precedents, which apparently evolved in isolation (in different provinces, distinct jurisdictions) and yet have everything in common. Indeed, the right to be forgotten is perhaps not as bare as we have been told; we might even go so far as to say that, for the moment, it has a three-piece suit tailor-made in Canada.

 

, , , , , , , , , , , , , , , , , , , , , , , ,

The future of securities regulation of distributed ledger technologies

The following discussion provides a general description of blockchain and distributed ledger technologies (DLT) and the current state of the regulatory landscape in Ontario. To date, the Ontario Securities Commission has not explicitly categorized a blockchain token or coin (which are further discussed below) as an investment contract or other type of security under section […]

 

, , , , , ,

Former employee steals personal information to purchase smart phones

The Office of the Information and Privacy Commissioner of Alberta has required a payment processing organization to notify individuals pursuant to section 37.1 of the province’s Personal Information Protection Act because there was a real risk of significant harm to those individuals affected by an incident that involved unauthorized access and theft of information of 60 Alberta residents.

 

, , , ,

Canadian government suspends CASL private right of action

The Canadian federal government has announced that it has suspended the coming into force of the private right of action under Canada’s anti-spam legislation (CASL), originally scheduled to come into force on July 1, 2017.

 

, , , , , , , ,

CASL’s soon-to-be-enacted private right of action brings risk of class proceedings

On July 1, 2017, the private right of action under Canada’s Anti-Spam Legislation (CASL) will come into force.

 

, , , ,

Previous Posts Next posts