About the newsletter
Become a Contributor
Terms of Use
Privacy Policy
About the Internal Control Library
Take a Trial
Help Desk
How to Subscribe
Change email Address
Contact Us


First Reference
Volume 3, Issue 7           

  1. Toronto Humane Society update
  2. Controls over spreadsheets
  3. Do you need an IT business and implementation strategy?
  4. A broader view of workplace diversity
  5. Does your company use a human resources management system?
  6. Social media: smart practices limit the risk
  7. Payroll policies update


Toronto Humane Society update

We reported earlier this year about The perils of bad governance in the case of the Toronto Humane Society, which faced a raid and subsequent investigation after complaints of serious mistreatment of animals, overcrowding, rampant illness and disease, disgusting workplace conditions and generally poor management. The Ontario Society for the Prevention of Cruelty to Animals removed animals from the premises, confiscated documents, arrested the president and senior management and charged them with animal cruelty and conspiracy to commit an indictable offence, and discharged the board of directors and charged them with "non-criminal" animal cruelty.

That story outlined the potential and significant damage of poor governance practices: legal challenges and charges; fines; dismantling of boards; loss of goodwill, business, sales and staff; and so on.

But the newest development in the case is that the Crown has dropped all of the charges the OSPCA initially made against the humane society's president and management. The Crown's attorney argued that the society executed its raid and investigation in a way that "breached the Charter of Rights and Freedoms' protection against unreasonable search and seizure." As a result, the court would be unlikely to admit any of the extensive evidence that the society had obtained.

So this has turned into a story about the perils of bad investigations and a warning about facing a government or regulatory investigation.

When conducting an investigation into a breach of policy, it is imperative that you follow your own investigation policy in a fair and consistent manner, and that your investigations policy comply with all relevant legislation or regulations. In particular, this means respecting employees' privacy and human rights—avoiding the collection and disclosure of information outside the scope of the investigation and treating all current and former employees in a respectful and non-discriminatory way.

The principles of privacy and non-discrimination also apply if you face an official investigation, but in this case, you will want to focus on limiting your organization's exposure—for example, by making sure your legal counsel is involved and only offering the investigators the information they are legally entitled to, but also respecting the investigators and complying with orders.

Finance & Accounting PolicyPro discusses investigations in a number of contexts throughout. In Volume II — Governance, policy 4.05 – Legal and Regulatory, you can find a Search checklist to help protect your business when you face an investigation.

<< Top of Page

Controls over spreadsheets

In the last issue of Inside Internal Control, I asked Are spreadsheets part of your IFRS conversion plan? But I neglected to mention that Finance & Accounting PolicyPro features a detailed overview and policy on spreadsheets. The recently updated section 7.06 – Spreadsheets of FAPP Volume I notes, "The same features that make spreadsheets useful also make them hard to control." By controlling the information contained within your spreadsheets, you not only enhance the security and quality of that limited information, but also the processes of accounting and administration and any other function that uses spreadsheets.

Spreadsheet control addresses documentation, access control, input control, testing, change and version control, and backup and recovery. The spreadsheet overview and policy in FAPP offer insight into each of these factors and more.

<< Top of Page

Do you need an IT business and implementation strategy?

You already know how important information technology is to your business. You've got a website that pushes your brand and maybe even sells your products; you've got an internal network that connects all of your employees to each other and the documents they need; you've got company email to manage, and maybe a bunch of cellphones and BlackBerrys to keep track of; you've got security cameras, and passwords, and log-ins and keycards; and you've got employee management systems covering attendance, payroll, benefits and more. If any of these fails, you've also got a big problem.

In addition, IT will surely find its way into many more business functions in the coming years. You know that organizations around the world have taken to online social networks to promote their brands and engage and win customers. And the Canadian Payroll Association predicts that organizations will use advanced software to take care of collecting, storing and analyzing data from across their operations, freeing payroll and human resources professionals to take on more strategic roles.

But, despite its importance, it seems that many higher-ups still see IT as the "back-end" of a certain function, and not something that requires a vision all its own, or a place at the directors' table.

The Canadian Institute of Chartered Accountants (CICA) suggests that:

"Many small and medium enterprises (SMEs) have yet to understand the importance and benefits to their business of IT Strategic Planning. Accordingly, SME management often makes ad hoc investments in IT in response to changing market trends or the advice of technical suppliers. As a result, limited financial resources may not be spent on the top priorities. Urgent IT needs may also be required at a time when the company is cash-strapped or had planned on spending its limited funds on other business initiatives."

The institute recommends developing an IT strategy even if the organization hasn't fully developed a general strategic business plan, since developing the two plans together should align priorities and lead to stronger back and front ends, and create "a win-win situation for all stakeholders."

Consider these advantages:

  • Alignment among business objectives, IT objectives and risk management, which ensures that IT has enough money to do what it needs to do to support the business
  • IT has the organization, services, application portfolios, technologies, competencies, processes and methodologies required to maximize its contribution to the organization's strategic business plan
  • Top management are aware of current IT weaknesses, which must be addressed in order for the organization to continue meeting regulatory, industry and customer needs effectively, as well as the security and continuity of its IT infrastructure
  • Streamlined operations via productivity gains
  • A clear roadmap for incorporating future needs, challenges and opportunities

See the CICA's IT Strategic Planning for SMEs (in PDF) for case studies of companies that took on the challenge of developing an IT strategy and let it inform their general direction.

First Reference considers strategic IT planning so important that it is the very first chapter in Information Technology PolicyPro. It's fair to say that all of ITPP is about planning, but chapter 1 in particular covers Strategic planning, Tactical planning, Implementation planning, Site planning, Risk assessment and Risk management. The rest of the book focuses on management, operations and security.

<< Top of Page

A broader view of workplace diversity

Workplace diversity efforts often focus on employees' gender, race or ability. The CICA wants to broaden employers' horizons and help them see the larger picture of diversity. To show employers the way, the institute's Risk Oversight and Governance Board has released a Diversity Briefing: Questions for Directors to Ask. Author Fiona Macfarlane says:

"While many documented examples of diversity focus on race and gender, the concept of diversity is broader and encompasses factors including age, culture, personality, skill, training, educational background and life experience. The influence of a variety of perspectives and viewpoints can contribute to flexibility and creativity within organizations, which can help them thrive in a complex and competitive global economy."

Is she suggesting organizations hire unskilled and inexperienced workers with poor personalities?

Probably not—at least not exactly.

At HRinfodesk.com, we've laid out the business case for workplace diversity a few times before, but the CICA guide adds some nuance to the discussion, suggesting that directors must take diversity to heart and "set the tone at the top". Directors should consider:

  • How does diversity affect an organization's ability to innovate and stay ahead of its competition?
  • How can diversity improve problem solving at all levels and increase the effectiveness of risk management?
  • How will diversity come into play with respect to management succession planning?
  • What is the relationship between board diversity and board effectiveness?

There is no longer a uniform market—in Canada or around the world. Your markets and your employees are diverse and have diverse needs. The key is understanding that your market and your people are factors that continually support each other and push your growth. So when an organization incorporates diversity into its strategic planning, and its directors take on the challenge, it can gain the competitive advantage with its diverse and unique ideas, problem-solving capacity and risk management.

For detailed information on developing a diverse workplace, take a look at the Canadian Human Rights Commission's A Place for All: A Guide to Creating an Inclusive Workplace.

You can find more information and sample policies on Employment principles, Employee relations, Recruitment and selection, Job posting, Religious accommodation, Accommodating disability, Workplace harassment and violence, Dispute resolution, Fitness to work, Flexible work arrangements, Holidays and numerous other issues related to diversity in Human Resources PolicyPro.

Finance & Accounting PolicyPro examines Board structures, the Role, rights and responsibilities of directors, Succession planning and more, in Volume II. Find out more at FirstReference.com.

<< Top of Page

Does your company use a human resources management system?

Human resources management systems (also known as human resources information systems) exist "at the intersection between human resource management and information technology." Usually, this means taking previously disparate HR information and automatically integrating it in such a way that users can gain a clearer picture of what is happening in the company—in a more efficient way than if HR had to gather all of the information from its various sources, and analyze it manually.

This diverse information includes payroll, work hours and overtime, benefits administration, recruiting and development, training and learning, performance records and more. You've probably already automated one or more of these services, either internally or via an external service provider; companies commonly outsource payroll and benefits functions, for example. But even so, can you imagine what you could do if all of those functions were integrated and all of that information could be compared with little effort?

Read more on HRinfodesk.com.

<< Top of Page

Social media make it easy to create controversy, but smart practices can limit the risk

Technology usually helps us function by making daily tasks easier, safer, more efficient and so on. But sometimes a technology comes along that doesn't simply improve the way we do something, it actually creates a new type of behaviour. I think this is the case with online social networking, which allows individuals to broadcast to mass audiences in a way that wasn't available in the past. The question remains, however, as to whether this activity makes life any easier! Some have certainly found it just causes them trouble.

Consider this quote: "I was surprised about the controversy, but I guess you never know who's watching. … It's ridiculous that it would become such a big deal, but you're a professional so you still have to watch what you say." Any professional could have said this after her or his first online faux pas. This was a football player with the Canadian Football League talking about another player who faced a fine from the league for contravening the CFL's social media policy.

Read more about this story on First Reference Talks.

The issue of employee use of social media is continually developing. Employees want to use tools like Facebook, Twitter and LinkedIn; they probably even use them for networking and other business purposes, but they need to have limits, or else they can cause damage to your company's reputation and relationships, and even to your physical IT systems.

Online social networking in the workplace also touches on IT strategy, since employees can often use social media websites and applications without getting permission or costing the company anything. A robust IT implementation strategy will consider online social networking and the ways in which employees can and should use it—and also the controls that will best allow you and your employees to benefit from the diverse advantages of these new communications technologies.

For an international perspective on social media and business, including an overview of the benefits and risks, take a look at Social Media: Business Benefits and Security, Governance and Assurance Perspectives from the Information Systems Audit and Control Association.

<< Top of Page

Payroll policies update

On a final note, we recently updated all of Chapter 4 — Payroll in Volume I of Finance & Accounting PolicyPro. That includes material and sample policies on Employee records, Employee benefits, Salaries, wages and overtime, Commissions, Bonuses, Pension plan (group RRSP), Recognition of costs and Management reporting.

<< Top of Page

About Inside Internal Control

Editor: Adam Gorley

Please do not reply to this email.

Inside Internal Control is a complimentary service published by First Reference Inc. and is sent to you monthly. Each issue provides headlines and summaries of news that affects internal controls and policies in Canada.

Please forward Inside Internal Control to your colleagues.

Please send any comments or suggestions about Inside Internal Control to the editor. For information about the Internal Control Library, click here. For more information about First Reference, including our terms of use, disclaimer, privacy policy and other legal matters, visit www.firstreference.com.

This publication is written for informational purposes only and should NOT be relied upon as legal advice or opinions. The reader should always obtain legal advice from a qualified lawyer or other qualified professional, which will be responsive to the case or circumstance of the individual. Please note that the content provided in this Bulletin or any content contained in or made available through any third party website linked to from this newsletter, is provided "as is" without representations or warranties of any kind. All representations and warranties in respect of Content or Third Party Content, express or implied, including, without limitation any representations to warranties or conditions regarding accuracy, timeliness, completeness, non-infringement, merchantability or fitness for any particular purpose are hereby disclaimed.

Copyright ©2010, First Reference Inc. All Rights Reserved.


Finance & Accounting Policy Pro
Finance & Accounting

Information Technology PolicyPro
Not-for-Profit PolicyPro

  Check us out on Facebook  
www.policypro.ca Take a Trial www.firstreference.com Take a Trial