About the newsletter
Become a contributor
Terms of use
Privacy policy
About the Internal Control Library
Take a trial
Help Desk
How to subscribe
Change email address
Contact us


Volume 4, Issue 5           

  1. Federal budget passes
  2. Creating shared value
  3. Anti-spam legislation update
  4. Charity law checklist
  5. Electronic funds transfers
  6. Modern quality management
  7. HST in BC – again
  8. Manitoba update
  9. Policies update


Federal budget passes on second try

The new Conservative government has some big plans for the next four years. In the process of meeting its budget goal of eliminating the deficit by 2014–15, the government will make significant changes to public services. At the same time, the government will continue with its previous budget promise to reduce corporate tax from 16.5 percent this year to 15 percent in 2012. (The small business rate remains at 11 percent.) The House of Commons passed the budget bill (C-3, An Act to Implement Certain Provisions of the 2011 Budget as Updated on June 6, 2011) on June 14, Senate passed it a week later, and it received royal assent on June 26.

Other measures that might interest you include:

  • The EcoENERGY Retrofit program will continue for one year. Individuals and organizations that upgrade their homes or facilities to improve their energy efficiency can apply to the program for financial help.
  • The budget eliminates mandatory retirement age for federally regulated employees.
  • The government will attempt to encourage small businesses to create jobs with a temporary "hiring credit".
  • A new "helmets to hardhats" initiative will help military veterans transition to jobs in the construction trades.

A quick search of Google will net all the budget analyses you could want.

The Canadian Press offers a brief list of budget highlights.

<< Top of Page

Renegotiating value and values – do we have a choice?

After preparing the last issue of Inside Internal Control, I came across the concept of "shared value" in the Harvard Business Review (subscription), which seems like another expression of Natural Step Canada's rethinking of corporate social responsibility.

Harvard professors Michael Porter and Mark Kramer write:

The capitalist system is under siege. In recent years business increasingly has been viewed as a major cause of social, environmental, and economic problems. Companies are widely perceived to be prospering at the expense of the broader community.


A business needs a successful community, not only to create demand for its products but also to provide critical public assets and a supportive environment.

Harvard researcher David Weinberger responds that shared value is great—"when it works." But in reality, shared value will require great sacrifice from business.

Suppose doing the right Shared Value thing requires closing plants, raising prices, becoming less competitive, reducing profits? Should an automobile manufacturer abruptly exit a lucrative market for high-performance gas guzzlers, luxury gas guzzlers, and cheap gas guzzlers on the grounds that expensive fuel-efficient cars are better for us all?

Porter and Kramer add:

We are suggesting that social and environmental factors carry genuine economic implications for business strategy—both costs and benefits—and that these considerations, long resisted by businesses, must be included in corporate decision-making. … It is possible for businesses to help solve social and environmental problems in ways that increase profitability or accentuate competitive advantage. … there is much more business opportunity in solving social problems than in causing them.

It seems hopeful that a serious debate over the greater role of business in society is underway, and I'm going to look more closely at shared value in the near future.

<< Top of Page

Anti-spam law may be in force this autumn – organizations can prepare

Canada's anti-spam legislation, which received royal assent in December, still awaits proclamation to come into force. What news!

Well, I do have an update. There is no set date for proclamation of the Electronic Commerce Protection Act (Bill C-28); rather it will come into force when the government publishes final regulations. The Canadian Radio-Television and Telecommunications Commission (CRTC) released the draft Electronic Commerce Protection Regulations for public consultation on June 30. The consultation period ends August 29, 2011. The finals might come in September, but business law firm Osler predicts that winter is more likely.

A recent McMillan LLP privacy bulletin says:

The general rule is that express, "opt-in" consent must be obtained from intended recipients, subject to a proviso that "implied" consent may be used within specifically defined circumstances such as a contractual relationship with a recipient.

This provision makes the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) look like a walk in the park. Further:

The bottom line is that most organizations which currently maintain PIPEDA-compliant e-mail contact lists likely will discover that those lists are not grandfathered under the new legislation and that they will need to be re-qualified by fresh, opt-in consent. If they do not have such consent today, they will need to take steps prior to the effectiveness date, since following that date they will not be permitted to contact persons on their lists by electronic means (unless they fall within an excepted or implied consent category), even for purposes of seeking consent.

No matter the compliance status of an organization's electronic contact lists, in many cases it will have to re-obtain consent from a contact to communicate with the person by electronic means.

<< Top of Page

Canadian charity law checklist features compliance issues

Charity and non-profit lawyer Mark Blumberg offers a compliance checklist for Canadian charities via the GlobalPhilanthropy.ca charity assistance project.

The 16-page checklist covers numerous important compliance topics, including:

  • Filing your T3010 registered charity information
  • Ensuring your T3010 is correct and complete
  • Ensuring your donation receipts are correct
  • Religious school tuition receipts
  • Fraudulent tax receipts
  • Charity gifting tax shelters
  • Acting outside legal objects
  • Non-charitable activities
  • Avoiding gifts to non-qualified donees
  • Fundraising costs and practices
  • Failure to meet disbursement quota
  • Political activities
  • Unrelated business activities
  • Transactions with directors
  • Employment issues
  • Keeping adequate books and records
  • Maintaining legal status
  • Provincial charitable registration
  • Internal financial controls
  • Basic risk management
  • Governance

While a checklist like this can be a valuable tool, organizations should consult a more comprehensive resource before acting. Not-for-Profit PolicyPro and its internal control peers, Finance & Accounting PolicyPro and Information Technology PolicyPro, offer just that.

<< Top of Page

Sure you know EFTs, but do you know EFTs?

No doubt you've heard that a chain is only as strong as its weakest link. In the world of electronic funds transfers (EFTs), this maxim holds doubly true. It applies to security systems and the networks they run on (including the Internet) as well as the users of those systems and networks. A security system can only defend a network if it offers sufficient coverage and controls. Absent such controls, users can, intentionally or accidentally, access, change or steal data that they are not authorized to see.

After all, it's just bits of data travelling super-fast across transmission wires—or even through the air if there's a wireless component along the way—in and out of servers…

In just one simple example, I know I feel a bit strange when I insert my "chip" credit card to pay for something and don't need to sign for it; and I feel downright uneasy when I simply pass my card over the reader and don't even have to enter my PIN. I do it anyway. My uneasiness isn't due to a lack of trust in the systems in place. I understand there are significant potential risks associated with these activities, but I don't understand those risks particularly well. Moreover, I don't understand the systems themselves. Imagine expanding the example above across the entire Internet.

Increasingly, businesses and consumers are being asked to undertake transactions using interfaces that they do not understand. There is no easy way around this, since most people don't even understand the basic workings of the computers, cellphones and kitchen gadgets they use on a daily basis. But that doesn't mean organizations can't implement controls to prevent or reduce the risk of data and financial loss and identity theft. In fact, businesses are bound by law to protect their data and that of their customers.

Regardless of their legal obligations, organizations need to control their paper and electronic financial transactions for the sake of their operations. As with controlling paper transactions, the two main reasons for keeping track of EFTs are accuracy and security. Accuracy is mainly a matter of accounting controls; security requires authorization and other technical controls. With paper transactions, we're usually confident that our cash is not counterfeit and that the signatures on cheques haven't been forged.

Unfortunately, conducting transactions electronically makes both accuracy and security more challenging. Accuracy with EFTs still comes down to accounting, but electronic security is an uphill battle against criminals both organized and unorganized, but all with various nefarious intentions.

The latest sample policy in Finance & Accounting PolicyPro offers a clear outline of EFT transmission procedures, including initiation, authorization and confirmation, as well as an EFT Requisition and Authorization Form and a template for an EFT payment record rubber stamp. FAPP offers numerous other sample policies to control all aspects of accounting. Information Technology PolicyPro, another key volume in First Reference's Internal Control Library, provides detailed sample policies on network security and other salient issues related to electronic commerce and operations.

Do you report your EFTs to FINTRAC?

Chances are you're no stranger to electronic funds transfers, the subject of the latest release of Finance & Accounting PolicyPro. Broadly speaking, an EFT can mean any type of standard non-paper payment, including debit and credit card payments, email or wire money transfers (both domestic and international) and direct payroll deposits. Most organizations handle at least some of these transactions every day. The key question for businesses is: How do you keep track of these electronic transfers and, if necessary, register them with the Financial Transactions and Reports Analysis Centre of Canada?

What's that, you ask? The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is watching, and if your organization falls into any of the following categories, you'd better understand your EFT reporting obligations:

  • Financial entities — banks (i.e., those listed in Schedule I or II of the Bank Act) or authorized foreign banks with respect to their operations in Canada, credit unions, caisses populaires, trust companies, loan companies and agents of the Crown that accept deposit liabilities
  • Money service businesses — organizations engaged in foreign exchange dealing; remitting or transmitting funds by any means or through any individual, entity or electronic funds transfer network; or issuing or redeeming money orders, traveller's cheques or other similar negotiable instruments
  • Casinos

In addition:

Registered charities may be authorized to carry on business temporarily as a casino for charitable purposes. If this type of business is carried out in the establishment of a casino for no more than two consecutive days at a time under the supervision of the casino, the activities are considered to be the supervising casino's. In this case, the supervising casino is responsible for the requirements explained in this guideline related to the charity casino.

FINTRAC, in case you don't know, is an independent agency of the federal government that "gathers, analyzes, assesses, and discloses financial intelligence" in order to "facilitate the detection, prevention and deterrence of money laundering, terrorist activity financing and other threats to the security of Canada". The agency has the power to assess penalties on organizations that don't comply, including stiff fines and imprisonment. For example, failing to report a large cash transaction or an electronic funds transfer can result in a fine of up to $500,000 for the first offence and $1 million for subsequent offences; and failing to meet record-keeping requirements could mean a fine of up to $500,000 and/or five years in prison.

See Finance & Accounting PolicyPro for more details on EFTs and what they mean for your business.

<< Top of Page

Modern quality management, part three

Continuing with our series on modern quality management, here are a few more how-to suggestions from the Project Management Body of Knowledge and Information Technology PolicyPro.

Plan quality

Each and every person should always plan to achieve quality. The Project Management Body of Knowledge (PMBOK) says to plan quality:

  • As an input to and integrated part of the project charter and plan
  • As a constraint (along with scope, schedule, cost, etc.) to be managed by a project manager
  • By drawing on a variety of inputs (e.g., scope, schedule and cost performance baselines, stakeholder and risk registers, enterprise factors and process assets) and quality planning tools and techniques
  • With the support of a project management office

Perform quality control

Similar to planning for quality, each and every person should consider their own quality control. PMBOK suggests performing quality control throughout every project to identify causes of poor process or product quality and recommend or take corrective action. Quality control activities should be performed by a quality control department or similar organizational unit.

Ensure compliance to best practice principles

Organizations should plan quality and perform quality control with the intention of ensuring compliance with best practice principles.

Information Technology PolicyPro (ITPP) provides underlying principles that can help you determine the suitability of processes and related policies and procedures. Listed below are a few associated Planning and Data management principles.


  • Maintain strategic and tactical plans and related processes to ensure plans are appropriately created, reviewed, approved and updated
  • Ensure appropriate communication channels and feedback loops are in place to compare actual results with plans
  • Identify the quantitative and qualitative levels of acceptable risk

Data management

Policies should ensure cost-effective controls so that:

  • Data is entered correctly and appropriately
  • Data is captured with minimal loss
  • Any losses can be detected
  • Detected losses can be reconstructed
  • All data may be stored as required for ease of authorized access and to prevent loss after capture
  • Data can be protected against unauthorized access or changes

See ITPP for details, and look for more how-to modern quality management suggestions in the next edition of Inside Internal Control.

<< Top of Page

British Columbia HST update

The BC government's promise to reduce the Harmonized Sales Tax to 10 percent has been affirmed by the federal government. If the harmonized tax passes the upcoming referendum, the HST rate will decline from 12 percent today to 10 percent by July 2014.

For more information on the HST, visit www.hstinbc.ca.

<< Top of Page

Manitoba proposes changes to protect investors

Like Alberta, Manitoba isn't quite ready to jump on the national securities regulator train. But also like Alberta, the province's opposition to joining the proposed national securities scheme doesn't mean it isn't serious about regulating securities! Manitoba's government has introduced amendments to The Securities Act to strengthen protections for investors and improve the integrity of the province's financial system. In fact, part of the intention behind the proposed amendments is to allow for better alignment of Manitoba's securities regulation with other provinces and territories.

The amendments would allow the Manitoba Securities Commission to:

  • Oversee the activity of the oversight body that audits the financial statements of securities vendors in Manitoba including information sharing, appeal rights, public reporting and the power to initiate hearings
  • Strengthen its ability to enforce orders issued by another provincial/territorial regulator or court to prevent improper or illegal activity from taking place in Manitoba
  • Prosecute an insider of a public company who has used private or non-public information to trade in the security of the public company, regardless of the company's status as a securities vendors in Manitoba
  • Regulate the activities of credit-rating agencies, in collaboration with other provinces, to ensure these organizations operate ethically

Read the province's news release here.

<< Top of Page

Policy updates

The current release of Finance & Accounting PolicyPro (2011-03) consists of a new policy, FN 5.11 – Electronic Funds Transfer. It covers the procedures to be used when making an electronic funds transfer (EFT) payment through a web-based banking system. Electronic funds transfers are often a cost-effective and efficient means of disbursing or receiving funds. However, since they do not leave the same audit trail as paper-based disbursements (such as cheques), alternative controls may be required.

The new policy also includes an EFT Requisition and Authorization Form and a template for an EFT payment record rubber stamp.

Not-for-Profit PolicyPro release 2011-02 includes a replacement of policies NP 5.05 – Compensation and Working Conditions and NP 1.06 – Taxes and Charitable Returns. NP 5.05 has been updated and refreshed. NP 1.06 was revised to clarify whether not-for-profits have to file income tax returns.

<< Top of Page

About Inside Internal Control

Editor: Adam Gorley

Please do not reply to this email.

Inside Internal Control is a complimentary service published by First Reference Inc. and is sent to you monthly. Each issue provides headlines and summaries of news that affects internal controls and policies in Canada.

Please forward Inside Internal Control to your colleagues.

Please send any comments or suggestions about Inside Internal Control to the editor. For information about the Internal Control Library, click here. For more information about First Reference, including our terms of use, disclaimer, privacy policy and other legal matters, visit www.firstreference.com.

This publication is written for informational purposes only and should NOT be relied upon as legal advice or opinions. The reader should always obtain legal advice from a qualified lawyer or other qualified professional, which will be responsive to the case or circumstance of the individual. Please note that the content provided in this Bulletin or any content contained in or made available through any third party website linked to from this newsletter, is provided "as is" without representations or warranties of any kind. All representations and warranties in respect of content or third party content, express or implied, including, without limitation any representations to warranties or conditions regarding accuracy, timeliness, completeness, non-infringement, merchantability or fitness for any particular purpose are hereby disclaimed.

If you no longer wish to receive this newsletter, you may unsubscribe here.

Inside Internal Control ISSN: 1916-4866

Copyright ©2008–2011 First Reference Inc. All rights reserved.


Finance & Accounting Policy Pro
Finance & Accounting

Information Technology PolicyPro
Not-for-Profit PolicyPro

Follow us on Twitter  Check us out on Facebook  Read more on our blog
www.firstreference.com Take a trial