The staff at First Reference/PolicyPro wishes everyone a very happy Holiday Season and all the best for the
New Year!
IT Controls and IT Governance
Information systems are the backbone of most modern businesses. Because they are so pervasive, a company’s IT organization must be effectively governed, as part of its overall risk management and corporate governance strategy.
Sound corporate governance in an IT organization helps ensure that corporate resources (including human resources) are being efficiently used, that corporate assets (including everything from data, hardware and reputation) are being properly protected, and that relevant laws (such as the Canadian Securities Administrators rules and privacy legislation) are complied with.
However, companies often focus on business process controls, and IT controls can disappear off the radar. As a result, the documentation of IT controls and the assessment of their effectiveness, risk being overlooked entirely.
When it comes to IT controls, CEOs and CFOs are faced with a unique challenge: they are responsible for certifying the existence and effectiveness of the relevant controls but they often lack the technical expertise to do so. Chief Information Officers (CIOs), on the other hand, may not have formal, documented IT controls, and may not be involved in the organization's certification activities.
These are just a few of the messages in an excellent White Paper, IT Control Assessments in the context of CEO/CFO Certification, published by the CICA’s Information Technology Advisory Committee.
For a link to this valuable White Paper, click here.
<< Top of Page
Now Available: Information Technology PolicyPro!
First Reference is very pleased to announce that the newest member of the PolicyPro Library—Information Technology PolicyPro (ITPP)—is now available.
ITPP is a practical and cost-effective resource for developing and maintaining sound IT policies and procedures, designed to help you build a solid IT control framework within your organization.
Ready-to-Use Model Policies and Expert Advice
ITPP includes a comprehensive print manual with more than 50 model IT policies. Each policy is preceded by an Overview, with information about why it’s needed and how to adapt it to your organization. The model policies and procedures in ITPP are tied to the most authoritative IT control frameworks: the CICA’s Information Technology Control Guidelines (ITCG) and the COBIT framework.
PolicyPro Software
All the content of ITPP is incorporated in the PolicyPro software that makes it easy to modify the model policies and print and distribute individual policies or a complete, customized policy manual. The PolicyPro software is fully integrated with Word and Excel, so there’s no new software to learn.
First Reference and the CICA
ITPP is co-published with the CICA, and is written by Jeffrey D. Sherman, M.B.A., C.A., and Steve Goldwasser, B.Sc., leading authorities on business and IT issues.
Try ITPP for 30 days with No Obligation
Like all PolicyPro products, you can preview ITPP for 30 days. Click here to register for your 30-day, no-obligation preview.
Want More Information?
Click here for a fuller description of the features, benefits and content of ITPP.
<< Top of Page
Small Companies Struggle to Comply with CEO/CFO Certification
There’s no question that smaller companies face unique challenges when building a comprehensive internal control framework. Their size often means they have limited financial resources, hands-on senior executives who tend to override controls, and problems with segregation of duties. For small public companies, this means they may have trouble complying with the CEO/CFO certification process as mandated by the Canadian Securities Administrators (CSA).
However, smaller public companies (with less than $500 million in annual revenues) constitute a much bigger percentage of the total issuers on Canadian exchanges, when compared to the U.S. What’s more, the CSA have stated their intention to include venture issuers (which are typically small organizations) within the ambit of the certification process.
A recent article from Deloitte in CEO/CFO Certification News outlines the challenges for these companies, and points the way for them to leverage their size and less complex corporate structures to build modular, sustainable and cost-effective programs to comply with the new rules.
For a link to this useful article, click here.
<< Top of Page
The Evolving Role of the Ethics and Compliance Professional
From the time that the Enron, WorldCom and other financial scandals burst into news headlines, the attention paid to compliance and ethics functions in business has increased exponentially. Yet many companies are still struggling with management approaches to, and staffing concerns surrounding, the ethics and compliance function. “Best practice” in ethics management seems to be elusive.
The Evolving Role of the Ethics and Compliance Professional, by Zachariah Ezekiel, is a Conference Board of Canada report that provides a clear-eyed look at the field based on broad research and the input of ethics and compliance professionals from across Canada. It aims to promote better understanding of the “integrity management” function by reconciling some of the conflicting perspectives on the nature of the corporate ethics and compliance function; by profiling the skills and attributes required by ethics and compliance officers; and by outlining how integrity management should be structured and resourced. The report also reflects briefly on the future evolution of the field.
For a link to this valuable paper, click here.
Note: If you are not a registered user of the Conference Board of Canada’s e-Library, you will need to register, as follows:
- In the Sign In box, enter your email address
- Click Sign In
- Complete the required fields in the Register for an e-Library Account page, and follow the directions to complete your registration
<< Top of Page
Imposing Controls on Spreadsheets
We’ve come a long way since VisiCalc, the first spreadsheet application for the PC, was introduced in 1981. More and more sophisticated programming and algorithmic functionality have been added to successive versions of applications like Lotus 1-2-3 and Microsoft Excel, and now they are used throughout organizations not just for accounting, but for sophisticated forecasting, financial modeling, and reporting.
In the past, this functionality was the domain of mainframe computers. There’s no question that spreadsheet applications are easier to use—even their most sophisticated functions are only an Idiot’s Guide away.
Ironically, though, in this time of increased concern for internal controls and risk management, this ease of use has become a source of risk. After all, if a spreadsheet is easy to build and program, it’s also an easy target for deliberate misuse or innocent error. And if it’s easy to collaborate with your colleagues to build a spreadsheet, it may be simple for unauthorized users to view or modify it.
That’s why it’s vital that your organization consider creating a policy to control spreadsheets. And it’s why Jeffrey Sherman and Stephanie Smith, authors of Finance and Accounting PolicyPro (FAPP) have added a Spreadsheets Policy in the December 2006 update release.
Like all policies in FAPP, the Spreadsheets Policy is preceded by an extensive Overview section that explains why the policy is needed, the risk assessment process that will help you understand the extent of controls required, and the types of controls that are available.
For a PDF version of this Overview, click here.
For more information on Finance and Accounting PolicyPro, and a link to request a 30-day, no obligation preview, click here.
<< Top of Page
An Exporter’s Lexicon
Every profession has its own language, and exporting is no different. Exportsource.ca has recently published a brief article “Speaking of Exports…” by Curtis and Michelle Cook that will give you a head start on “talking the talk.”
Click here for a link to this article.
<< Top of Page
About the PolicyPro Bulletin
Editor: Colin Braithwaite, Managing Editor – PolicyPro.
Please do not reply to this Email.
PolicyPro Bulletin is a complimentary service published by First
Reference Inc. and is sent to you monthly. Each issue of the PolicyPro Bulletin provides headlines and summaries of news that affects internal controls and policies in Canada.
Please forward this Bulletin to your colleagues.
Please send any comments or suggestions about the PolicyPro Bulletin to editor@policypro.ca. For information about the PolicyPro Library, visit www.PolicyPro.ca. For information about First Reference and our HR-related products, visit www.firstreference.com.
To read our Terms of Use, Disclaimer, Privacy Policy and other legal matters, visit PolicyPro.ca.
This
publication is written for informational purposes only and should NOT
be relied upon as legal advice or opinions. The reader should always
obtain legal advice from a qualified lawyer or other qualified
professional, which will be responsive to the case or circumstance of
the individual. Please note that the content provided in this Bulletin
or any content contained in or made available through any third party
website linked to from this Bulletin, is provided "as is" without representations or warranties of any kind. All
representations and warranties in respect of Content or Third Party
Content, express or implied, including, without limitation any
representations to warranties or conditions regarding accuracy,
timeliness, completeness, non-infringement, merchantability or fitness
for any particular purpose are hereby disclaimed.
PolicyPro Bulletin ISSN: 1718-5866 Copyright ©2006, First Reference Inc., All Rights Reserved. |
