First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

, , , ,

Canada publishes a somewhat consolidated economic sanctions list

On October 13, 2017, Global Affairs Canada published the country’s first consolidated list of blacklisted individuals and entities under the Special Economic Measures Act (“SEMA”), known as the “Consolidated SEMA Sanctions List”. The Consolidated SEMA Sanctions List is intended to provide a single accessible website for members of the public to search for individuals and entities listed under SEMA sanctions regulations.

, , , , ,

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

, , , , , ,

Bill 141 – Proposed amendments to the Act respecting the Autorité des marchés financiers with regard to whistleblowing

Following the example of the Ontario Securities Commission, the Authority implemented a whistleblower program in June 2016. Contrary to Ontario, Quebec’s program does not give financial awards to whistleblowers, but it does guarantee a framework that ensures confidentiality and protects whistleblowers against reprisals. However, no legislative amendment guaranteeing these protections has been introduced until now.

, , , , , ,

“Swipe card” records inadmissible to prove time theft

An employee was terminated for time theft because his time cards did not align with the ‘swipe card’ records showing when he entered and exited the building. But did the employer collect the data in accordance with privacy laws?

, , , , ,

Getting risk management right

In this commentary on a recent article by Doug Anderson, an advisor on behalf of the IIA on the COSO ERM update project, examples are provided on getting risk management right.

, , , , ,

Ontario Court of Appeal breathes some life into anti-corruption pursuits

The Ontario Court of Appeal’s decision in this case injects new life into anti-corruption pursuits under the CFPOA and is a reminder that individuals may be personally liable for illegal conduct undertaken for a company’s benefit.

, , , ,

High-profile sexual harassment claims show a toxic culture can be a product defect

The rapid demise of the Weinstein Co., once one of the most successful movie studios in Hollywood, should have every CEO wondering: What skeletons does my organization have in the closet? And how could they destroy the value of my company’s brands, or the company itself?

, , , , , ,

Estonian blockchain-based ID card security flaw raises issues about identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.

, , , , ,

Oh those trademark scammers

Never hesitate to enquire as to whether a solicitation received by email or mail regarding your Intellectual Property is legitimate. It is important to read the fine print to a solicitation to determine whether or not it comes from the CIPO.

, , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

, , , , , , , ,

Rules around raffles: Don’t get sent up the river for sending rubber duckies down the river

Raffles (or, properly speaking, raffle lotteries) can be a fun, efficient, and relatively non-labour-intensive means of making moderate amounts of money for a not-for-profit or charity. Did you know, however, that the regulatory framework governing raffles (charitable gaming) ultimately flows from the Criminal Code?

, , , , , , , , ,

Indecent proposal? Whether and how to ask existing employees to sign new employment contracts

Asking existing employees to sign new employment contracts can be a sensitive topic. Employees will undoubtedly wonder why they are being asked to do so. Many will quite rightly assume that the employer’s main motive for having new contracts be signed is to protect the employer – not the employee. Some will sign without issue, while others will refuse to do so.

, , , , , ,

BCCA eyes enforceability of restrictive covenant in IRIS appeal

Restrictive covenants are often a key component of employment agreements and commercial transactions. Enforceability, however, can be challenging, especially in the employment context

, , , , , , , ,

Employee misconduct and social media

As technology continues to blur the line between personal and professional life, employers increasingly find themselves dealing with the impact of social media on the employment relationship.

, , ,

Previous Posts Next posts