First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)

Apolone Gentles is a CPA,CGA and Ontario lawyer and editor with over 20 years of business experience. Apolone is leveraging 20 years of business and accounting experience to build a commercial litigation practice with an emphasis on construction law. She has held senior leadership roles in non-profit organizations, leading finance, human resources, information technology and facilities teams. She has also held senior roles in audit and assurance services at a “Big Four” audit firm. Apolone has also lectured in Auditing, Economics and Business at post-secondary schools. Read more here

Ensure secure disposal of hardware

Organizations often make the mistake of considering the disposal of hardware only when they are ready to discard equipment, if at all. Instead, they should plan for hardware disposal throughout the entire systems development lifecycle, from acquisition and testing through to operations.

 

, , , , , , , , , , , , ,

GAAP closes gaps in interpreting financial information

Generally accepted accounting principles (GAAP) closes gaps in interpreting financial information, by providing rules for the financial reporting road.

 

, , , , , , , , , ,

Effective monitoring of internal controls is critical

If the most serious internal control violation is a failure to implement internal controls in the first place, the failure to monitor existing internal controls is a close contender. Identify where in the organization effective monitoring occurs and leverage those successes.

 

, , , , , , , , , , , ,

Not-for-profit boards need a succession plan for their CEOs/EDs

Notwithstanding the vast differences between for-profit and not-for-profit entities, both need succession plans to quickly and effectively replace CEOs/EDs, whether the departure is planned or abrupt.

 

, , , , , , , , , ,

The ISACA has traded in COBIT 5 for COBIT 2019 (Part 3 of 3)

The ISACA has traded in the 7-year old COBIT 5 for COBIT 2019. This is the last of a 3-part series examining this change. Read part 1 here and part 2 here.

 

, , , , , , , ,

The ISACA has traded in COBIT 5 for COBIT 2019 (part 2 of 3)

The ISACA has traded in the 7-year-old COBIT 5 for COBIT 2019. This is the second of a 3-part series exploring COBIT 2019.

 

, , , , , , , ,

The ISACA has traded in COBIT 5 for COBIT 2019 (Part 1 of 3)

The ISACA has traded in the 7-year-old COBIT 5 for COBIT 2019. This 3-part article explains COBIT 2019, based on published ISACA guidance.

 

, , , , , , , ,

Implement effective governance practices in not-for-profits

There are increasing pressures on not-for-profit boards to implement effective governance practices. The growth in the sector and the increase in financial, cybersecurity, and other risk factors have fuelled pressures on not-for-profits to be more accountable to its members, donors and other stakeholders.

 

, , , , , , , , ,

Internal audit is your third line of defense

In a perfect world, internal controls would be 100% effective once implemented. In reality, organizations needs multiple lines of defense or barriers to guard against the risk that they will not achieve their objectives. The internal audit function is the last of three lines of defense recommended by the Institute of Internal Auditors (IIA) in […]

 

, , , , , , ,

It’s almost year end; avoid cut-off errors

Cut-off errors are common and it is important that you avoid them, particularly at year end when one fiscal year will be closed and finalized for the external audit or as a precursor to starting the new fiscal year.

 

, , , , , , , , ,

Use payroll reports to improve internal controls

Payroll reports, if properly designed, prepared, distributed and reviewed, assist with more than just cost control—they can help to significantly improve several internal controls. Very simply put, internal controls include the activities, processes, policies and procedures which an organization implements to ensure that it meets its objectives.

 

, , , , , , ,

Learn from British Airways’ security breach reporting and notification

British Airways’ experience described in this article underscores that cybersecurity is important, and Canadian entities preparing for mandatory security breach reporting and notification coming into force soon can take lessons from British Airways’ response to a security breach.

 

, , , , , , , , , , ,

Overarching limit on the collection, use and disclosure of personal information

A key takeaway for organizations is that it is not enough to comply with other provisions in PIPEDA, for example, obtaining meaningful consent. Organizations must still show that their purposes for collecting, using or disclosing personal information are those that a reasonable person would consider appropriate in the circumstances.

 

, , , ,

Upcoming deadlines and changes for charities and other not-for-profits

Charities and not-for-profit organizations need to be aware of some upcoming changes to rules and laws.

 

, , , ,

Collective agreement, not software, drives employee entitlements

Organizations must carefully and proactively determine user requirements and document them with great specificity when designing or evaluating software options to manage payroll and benefits within their companies.

 

, , , , , , , , , , , , , , , , ,

Previous Posts