First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Jeffrey Sherman

Jeffrey D. Sherman, BComm, MBA, CIM, FCA, is a director or CFO of several public companies and has had over 20 years of executive management experience. He is the author of Finance and Accounting PolicyPro, Not-for-Profit PolicyPro and Information Technology PolicyPro (guides to governance, procedures and internal control, all published by First Reference and the CPA). Read more

How does IT recovery planning differ from business continuity planning?

Backup and disaster planning should be evaluated as part of an organization’s overall risk management process. There are two elements to disaster planning…

 

, , , , , , , ,

Refresher on financial statistics and metrics

Insufficient data analysis is often caused by too much information, not too little. A few well chosen statistics that highlight critical trends and pinpoint areas that require follow-up may be much more useful…

 

, , , , , , , , , , , , , , ,

How long is it? Records retention basics

What are the time limits for those boxes accumulating dust in the archives? Does all backup material need to be kept or just the final product? Who is actually making sure that this happens?

 

, , , , , , , , , , , , , , , , , , , ,

Is it really possible to control employees’ use of company computers?

Policies can help you manage employees’ and others’ use of company IT resources, and dramatically reduce the potential risk to you and your assets.

 

, , , , , , , , , , , , , , , , ,

Supporting and controlling not-for-profit revenues

It’s a rare not-for-profit that isn’t spending a great deal of its time and attention scrabbling for revenue. In fact, it hardly needs to be said that effective generation and management of revenue flows are almost always critical success factors for not-for-profits.

 

, , , , , , , , , , , , ,

How does the new anti-spam legislation affect IT processes?

It should be clear that managing your anti-spam obligations will mean modifying your information technology processes. The CRTC has created comprehensive anti-spam guidelines that demonstrate some of the ways IT will be involved…

 

, , , , , , , , , , , , , , , , , , , ,

When should data be encrypted?

When the environment cannot be controlled, encrypting the data is necessary to protect the data against unwarranted disclosure or unauthorized and undetected modification. Note that the Internet is considered a hostile environment…

 

, , , , , , , , , , , , , ,

Using internal control to prevent fraud

Anti-fraud controls mainly apply to the general area of accounting (purchasing, revenue, payroll, banking and treasury, inventory, assets, etc.), but they will also involve many specific areas of operations, such as sales, payments, expenses, receivables, travel, suppliers, taxes, promotions and much more.

 

, , , , , , , , , , , , , ,

Internal control system: How is your accountability?

coso-updated-framework

In COSO’s updated Internal Control – Integrated Framework, one of the 17 principles they present is that the organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Have you considered how your control system enforces accountability?

 

, , , , , , , , , , , , , , , , , , , , , , ,

Generally accepted accounting principles for interim reporting

In many small and even medium-sized companies, financial reporting during the year does not include all of the adjustments made at the year-end (often in connection with the audit or review of the annual financial statements by an independent professional accountant).

 

, , , , , , , , , , , , , , , , , , , , , ,

What critical elements should appear in every third-party service provider contract?

Whenever data leaves the control perimeter of a company, there is a risk that the data will not be protected at the same level of security that is required by company policy. It is essential that data created, stored, manipulated or transmitted by a third party on the company’s behalf be accorded the level of protection that is defined by the company’s standards and policies.

 

, , , , , , , , , , , , , , , , ,

What is the CRA policy on political advocacy activities carried out by registered charities?

Registered charities have special concerns when it comes to the legal and administrative application of the Income Tax Act. To maintain charitable status under the Act, a charity must devote substantially all of its resources to charitable purposes and activities—and avoid excessive political activity…

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Previous Posts