First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

information technology

Processes to support information technology effectiveness reviews

This blog post reminds organizations that they should take the time to conduct information technology effectiveness reviews, to evaluate and improve the IT department’s role in achieving the organization’s goals.

 

, , , , , , , ,

Managing company communications with AI

Could AI have helped Google identify the ‘diversity memo’ sooner? This post looks at how AI could help other companies avoid these and many other complications around employee communication.

 

, , , ,

Internal audit and cyber risk

Deloitte has published good work. One of my favorites is their risk-intelligent white paper series. Recently, they released Cybersecurity and the role of internal audit. It has both superior and inferior advice. Let me walk through it.

 

, , , , , , , , , ,

IT-guy writes script to delete records…and wipes phone despite director’s pleas to “stop!”

Employers have been cautioned to be wary of insiders with the potential to cause the organization great harm. For instance, employers are often advised that if they are terminating IT personnel they should do so with pay in lieu of notice, instead of working notice. A recent hearing in Manitoba illustrates the insider risks associated with IT roles.

 

, , , , , , , , , ,

Privacy Commissioner examines cyber security

The increasing cyber security threat continues to raise a series of privacy risks for organizations. The Office of the Privacy Commissioner of Canada (OPC) has been regularly focusing on cyber security in letters of findings and guidance and, most recently, in a report, entitled “Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities”.

 

, , , , , ,

Creating a BYOD policy for millennials, baby boomers and everyone in-between

Bring your own device (BYOD), in theory, is a beautiful thing. Employees are free to use their personal devices at work, allowing for more efficiency and flexibility. Not to mention that employers save on outfitting an entire company with PCs, phones and tablets, while at the same time getting a more reachable employee.

 

, , , , , , , , , , , ,

Why should I monitor IT effectiveness and how do I do it?

The two definitive studies by COSO identify monitoring as a critical component of internal control and risk management. Monitoring refers to both ongoing monitoring processes to ensure that a system functions as it is supposed to (including management and review aspects), as well as ad hoc special studies and audits to review the system…

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

The Privacy Commissioner’s case for reforming PIPEDA

With 10 years of experience as Privacy Commissioner of Canada behind her, and her term reaching its end, Jennifer Stoddart has released a report titled “The Case for Reforming the Personal Information Protection and Electronic Documents Act” which describes how to modernize Canada’s private-sector privacy legislation to ensure it is able to meet the current and future challenges of the digital age and protect Canadians’ right to privacy.

 

, , , , , , , , , , , , , , , , , , , ,

BYOD: you’re probably already doing it, but are you doing it smart?

By now, countless businesses have had to address some issue relating to an employee using her or his personal digital device for work purposes (“bring your own device” or BYOD). An employee wants to access the office wireless network on her laptop so she can work while away from her desk; another wants to store and view work documents on his tablet; another just wants to check her work email from her smartphone. These are just a few of the many ways workers are using personal digital devices to perform work-related tasks.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

Dear Mr. / Mrs. Doe – Please pay up!

What do you do if an anonymous blogger has defamed you online? The first thing you do is…

 

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

Take testing activities up a level

In a 2009 blog post, Dr. James Whittaker suggested all managers out there need to ask themselves what they’ve done lately to make their testers (e.g., software engineers, system analysts and anyone else who may be involved in testing activities) more creative.

 

, , , , , , , , , , , , , , , , , ,

The control of the personal data ecosystem belongs to the individual

A recent release from the Information and Privacy Commissioner of Ontario on the Personal Data Ecosystem praises organizations taking initiatives to integrate the socio-economic benefits of personal information while maintaining privacy and confidentiality. The Commissioner, Dr. Cavoukian, also co-authored a paper with researchers from the United States and the United Kingdom that delineates the systems […]

 

, , , , , , , , , , , , , , , ,

COBIT evolves as technology does

CobiT 5 was released in 2012. It takes a higher-level governance approach, focusing on stakeholders and their needs. It incorporates the internal control focus of earlier versions of CobiT but goes beyond them.

 

, , , , , , , , , , , , , , , , , , , ,

How well is your IT department positioned for the future?

Ideally your IT processes are effective and efficient, and the department itself is viewed favourably by its customers, employees, and management. If at all possible, your IT department is positioned well enough to meet future needs and you have a good grasp on what you are doing to develop opportunities to answer present and future challenges.

 

, , , , , , , , , , , , ,

IT, an emerging global profession

it global profession

In an emerging global IT profession a major contributor in Canada and around the world is CIPS – Canada’s Association of Information Technology Professionals…

 

, , , , , , , , , , , , , , , , , , ,

Previous Posts