First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

policies and procedures

How to go beyond the words to craft smarter policies

All of these tips seek to offer ways to make policies and procedures better, but the most important tip is that policies and procedures should not be managed in a vacuum. They are an important element of an effective compliance program without regard to what compliance guidance your organization follows. Ignoring policies can negatively impact compliance conduct, training, monitoring and auditing, investigations – and most importantly and ultimately – the reputation of an organization.

 

, , , , , , ,

Proposed Manitoba accessible employment standards

The Accessibility Advisory Council’s (AAC) is inviting interested stakeholders to provide their views to its initial proposal for accessible employment standards. Therefore, employment is the second of five accessibility standards being developed under the Accessibility for Manitobans Act (AMA).

 

, , , , , , , , , , , , , , , ,

The crown jewels and risk management

When considering information security or cyber risk, you usually concentrate on risk to the ‘crown jewels’ – those information assets and services that are most vital to the enterprise.

 

, , , , , , ,

Sexual harassment: Managing the risk

On the heels of Jian Ghomeshi’s firing from the CBC and the suspension of two Liberal MPs from caucus, Canadians are talking about sexual harassment. Although not a topic that is typically associated with the philanthropic sector, charities and non-profits are not immune from dealing with these types of issues…

 

, , , , , , , , , , , , , ,

Social media – a risky business?

Whether companies choose to embrace or resist social media, it is clear from recent statistics that it is here to stay. Canadians are among the most avid users of social networks with an estimated 82 percent of people across the country active on platforms such as Facebook, Google+ and Twitter. Globally these networks represent an […]

 

, , , , , , , ,

How does the new anti-spam legislation affect IT processes?

It should be clear that managing your anti-spam obligations will mean modifying your information technology processes. The CRTC has created comprehensive anti-spam guidelines that demonstrate some of the ways IT will be involved…

 

, , , , , , , , , , , , , , , , , , , ,

Are you ready for the anti-spam legislation? Part 1

Spam emails—everyone receives them, no one particularly likes them. Some of us delete them. Some of us simply ignore them. But, are they such a problem that requires all Canadian businesses, big or small, to overhaul how they communicate with their customers and potential customers?—You be the judge.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Employee dismissed for cause after breach of privacy policy

In Steel v. Coast Capital Savings Credit Union, the Supreme Court of British Columbia upheld the termination of an employee on a with cause basis after the employee breached the bank’s confidentiality policy

 

, , , , , , , , , , , , , , , , , , , , , ,

Some legal pitfalls of security breaches to your company’s electronic data

The recent loss of a Canadian government hard drive containing personal information of receivers of student loans and the ensuing class action lawsuit are a stark reminder of how easy it is to be exposed to the pitfalls of data security breaches.

 

, , , , , , , , , , , , , , , , , , , , , ,

BYOD: Bring your own device is a growing business trend

iphone-ipad-bring-your-own-device

Since well before Information Technology PolicyPro was first published and for good reasons considering the technologies available at the time, it made sense to restrict devices connected to the corporate network to those owned and controlled by the enterprise and configured by IT. This is no longer the case.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Regulating access to the Internet

While the Internet can increase employee productivity, the potential for employee misuse can create a significant downside. The downside may manifest itself as a decrease in employee productivity when there is excessive personal use of the Internet on company time, using company resources. There must also be consideration for controls on inappropriate employee behaviour such as…

 

, , , , , , , , , , ,

Information technology and modern quality management

Ever wonder what policies you may be missing or which ones should be updated or how to make such improvements quickly?

 

, , , , ,

Identifying and managing the risks of corporate directorship

Do you know about the types of risk that corporate directors are increasingly facing? I’ve been talking quite a bit about various types of risk, and Earl Altman recently asked on First Reference Talks, When are directors liable to employees for debts of the corporation? A new guide looks at the main sources of risk that directors face and a number of strategies to reduce the risk.

 

, , , , , , , , , , , , , ,

Employee expense fraud

Employee fraud is on the rise, as organizations cut back on staff, and their internal controls slacken as a result. However, the monetary loss is just the beginning of the problem. A recent white paper from Grant Thornton LLP notes that, “Failure to crack down on this unethical—and indeed criminal—behaviour blurs the line between right and wrong. It creates a culture of entitlement that can extend across the business. And it can open the door to more significant corporate theft.”

 

, , , , , , , , , ,

Who’s looking at your garbage, and why should you care?

You know what happens when you dump your garbage in the bin, right? The garbage collectors pick it up and take it away, and you don’t worry about it any more. But should you worry about it? A 2009 Supreme Court of Canada decision suggests you might want to.

 

, , , , , ,