Backup and Disaster Planning Tab added to ITPP

We’re pleased to announce a major addition to Information Technology PolicyPro (ITPP)—a new tab, Chapter 11 – Backup and Disaster Planning. The tab will be added in ITPP’s September update, Release 2007-03.

The new tab begins with a comprehensive introduction, followed by seven policies:

• 11.01 – Disaster Planning Team
• 11.02 – Disaster Notification Procedures
• 11.03 – Identification of Critical Processes
• 11.04 – Backup Schedule
• 11.05 – Backup Files Stored Onsite
• 11.06 – Backup Files Stored Offsite
• 11.07 – Offsite Processing Agreements

As with all PolicyPro products, each policy includes a ready-to-use model policy as well as an overview. A policy overview includes:

• An introduction to what control objectives the policy addresses (from COBIT and the CICA’s IT Control Guidelines)
• A background of the policy area, including what specifics the policy should include
• Any legislative or internal control framework requirements
• Links to further information (search terms and website links)

For a link to more information about ITPP, click here.

<< Top of Page

Although the answer to this question may seem self-evident, you could be in for a surprise. If you have contracted the job of building your company’s website to an outside contractor, you must pay close attention to ensure that all copyrights are properly assigned from the developer to you, and that you own the rights to all the images used.

In a recent article “Who Owns the Contents of your Business Website” in Lang Michener's InBrief newsletter, Alison Hayman, an associate in the firm’s Intellectual Property Group in Toronto, discusses the issue in more detail. For a link to the article, click here.

For a ready-to-use Corporate Website policy see OM6.05 in Operations and Marketing PolicyPro (OMPP). For more information about OMPP, click here.

<< Top of Page

We came across this useful article about “skimming schemes” on an small business blog recently. It does a good job categorizing the various kinds of way that fraudsters steal from small businesses.

Regardless of the scheme used, properly designed and applied internal controls can thwart a dishonest employee. And Finance and Accounting PolicyPro (FAPP), with its combination of expert advice and ready-to-use model policies in areas such as the Revenue Cycle, the Purchasing Cycle, Inventory and Costing, Payroll, Banking and Treasury, and Fixed Assets is a terrific way to close any loopholes that might exist in your organization.

For more on FAPP, click here.

<< Top of Page

It takes money to save money, and small and medium-sized businesses often lack the financial and technical resources to implement energy-saving improvements.

Now Natural Resources Canada's Office of Energy Efficiency offers a couple of programs that can help.

If you have not yet started a new energy efficiency project, the ecoENERGY Retrofit Incentive for Buildings offers a payback of $10 per gigajoule of energy saved, up to 25 percent of eligible project costs.

The ecoENERGY Incentive for Industry program is designed to help industrial facilities overcome financial barriers to improving the energy efficiency of their operations. Under this program NRCan will provide a financial incentive of up to 25 percent of project costs to a maximum of $50,000 per application and $250,000 per corporate entity to help small- and medium-sized industrial facilities implement energy-saving projects.

For more information about these programs, click here.

Speaking of energy conservation, Release 2007-03 of Operations and Marketing PolicyPro (OMPP), published this month, contains a new policy on just this topic. For more information on OMPP, click here.

<< Top of Page

ICOFR in the CICA Handbook

In previous issues of the PolicyPro Bulletin, we wrote about the new risk-based audit methodology that requires auditors to understand and evaluate the client’s system of internal control. This understanding enables the auditor to identify the specific controls that will prevent, detect and correct material misstatements and meet the requirement to report any significant deficiencies to management.

The CICA Professional Engagement Manual (PEM) has already been significantly revised to reflect the new standards. Now the Auditng and Assurance Standards Board (AASB) has released an exposure draft entitled “An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements.” This exposure draft will, after comments have been received, become a new section of the CICA Handbook. Click here for the exposure draft.

In response to the new risk-based audit, over the past year Finance and Accounting PolicyPro (FAPP) has been expanded to include cross references that link the model policies to both the COSO Internal Control—Integrated Framework (ICIF) as well as the CICA Professional Engagement Risk Evaluation forms in PEM.

For auditors, the cross references to these two, commonly-used risk assessment frameworks make it possible to evaluate whether any specific internal control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. What’s more, they identify the specific policies and procedures that can be used to meet control objectives or mitigate identified risks. Click here for more detailed information about Finance and Accounting PolicyPro.

<< Top of Page

Privacy Concerns with Street-Level Photography

It was only a matter of time until software developers found a way to bring the aerial views provided on sites like Google Maps down to ground level. Google’s Street View is just such a technology, using vehicle-mounted cameras to provide detailed images of streetscapes. Although images of Canadian streets are not available yet, Street View is rapidly building a database of images of U.S. cities.

Jennifer Stoddart, Privacy Commissioner of Canada, has issued a statement and written letters to Google and Immersive Media, a Calgary-based company that is a leader in this “geoimmersive” technology. The Commissioner reminds these companies that, as soon as individuals can be identified in the streetscape images, their privacy rights are jeopardized. She writes that, pursuant to the Personal Information Protection and Electronic Documents Act (PIPEDA), businesses that wish to collect, use or disclose personal information about people:

• Generally require individuals’ consent
• May only use or disclose that information for the purpose for which individuals gave consent

Even with consent, under PIPEDA businesses are required to limit the collection, use and disclosure of personal information to purposes that a reasonable person would consider appropriate under the circumstances. Furthermore, individuals have a right to see the personal information that businesses hold about them, and to correct any inaccuracies.

For a link to the Commissioner’s statement click here.

<< Top of Page

About the PolicyPro Bulletin

Editor: Colin Braithwaite, Managing Editor – PolicyPro.

Please do not reply to this Email.

PolicyPro Bulletin is a complimentary service published by First Reference Inc. and is sent to you monthly. Each issue of the PolicyPro Bulletin provides headlines and summaries of news that affects internal controls and policies in Canada.

Please forward this Bulletin to your colleagues.

Please send any comments or suggestions about the PolicyPro Bulletin to editor@policypro.ca. For information about the PolicyPro Library, visit www.PolicyPro.ca. For information about First Reference and our HR-related products, visit www.firstreference.com. To read our Terms of Use, Disclaimer, Privacy Policy and other legal matters, visit PolicyPro.ca.

This publication is written for informational purposes only and should NOT be relied upon as legal advice or opinions. The reader should always obtain legal advice from a qualified lawyer or other qualified professional, which will be responsive to the case or circumstance of the individual. Please note that the content provided in this Bulletin or any content contained in or made available through any third party website linked to from this Bulletin, is provided "as is" without representations or warranties of any kind. All representations and warranties in respect of Content or Third Party Content, express or implied, including, without limitation any representations to warranties or conditions regarding accuracy, timeliness, completeness, non-infringement, merchantability or fitness for any particular purpose are hereby disclaimed.

PolicyPro Bulletin ISSN: 1718-5866 Copyright ©2007, First Reference Inc., All Rights Reserved.