First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Corporate Administration

Do risk appetite statements add value?

Whilst the majority of firms had risk appetite statements that were set by the Board and which were supported by relevant metrics, 50% of respondents noted that their risk appetite statements did not link to the firm’s strategy or to the actual underlying risk the firm faced, and did not provide a forward looking view of risk.

 

, , ,

An ERM horror story

Does it make sense to aggregate risk levels for a variety of risk sources, including cyber, compliance, credit, liquidity, competitor, and internal control over financial reporting?

 

, , , ,

How to assess the effectiveness of risk management

Internal auditors are expected, according to the IIA Standards and some governance codes, to assess the effectiveness of risk management.

 

, , ,

Court has no appetite to pierce corporate veil in restaurant lease decision

Corporate directors and officers may generally only be held personally liable for misconduct on the part of the corporation in limited circumstances where there has been improper or fraudulent conduct.

 

, , ,

Revenue cycle risks and controls: Essential questions you should ask about your company’s sales and receivables

The importance of finance and accounting controls goes far beyond complying with legal requirements. In fact, revenue cycle controls are perhaps the most important component of an organization’s overall internal control framework! Not only are revenue cycle controls an organization’s strongest defense against fraud and loss, they help ensure that decisions are made based on […]

 

Blockchain company and CEO to pay over $1M for misleading investors

The OSC has approved a settlement agreement with NextBlock Global Limited and its founder and CEO, Alex Tapscott, in connection with misleading statements made to prospective investors in 2017.

 

, , , ,

Elevating internal audit’s role

For many years, PwC has shared with us their view of the State of the Internal Audit Profession. They have some useful words, but it is mixed in with an agenda with which I don’t totally agree. I will come to that later. But first, the good stuff:

 

, , , ,

Which way is the true Agile?

When I started this article, I was looking for a catchy, colorful image to depict the “Agile Methodology”. After about 30 minutes, I started to realize that my fruitless search was actually confirming the entire basis of my article; that Agile is now being used as just another catchphrase or gimmick to convey that a project is up to date on the latest and greatest in newer methodologies for IT transformation. However, I hope to show you that Agile is more than just a trendy process and is also not “new” per se, despite how on-trend its adoption is in today’s business automation projects.

 

, , , , , , ,

CEOs are not idiots when it comes to risk management

If you consider the small number of organizations where risk management is considered as providing a strategic advantage, one of these alternatives must be true:

 

, , , ,

If risk management is the answer, what is the question?

We need to stop coming up with new words and phrases when all we need to address is the effectiveness of management. So stop talking about ERM, IRM, or even objective assurance, and start thinking about how to obtain reasonable assurance that the management of the organization, including how it sets objectives and makes related execution decisions, is effective.

 

, , , , , , ,

How to draft exclusive vs. non-exclusive jurisdiction clauses

Learn why you need to review your contracts and advocacy practices with Not-for-Profit PolicyPro

Non-exclusive jurisdiction clauses identify a jurisdiction that the parties agree may hear their disputes but accept that, in the appropriate circumstances, courts in other jurisdictions may have jurisdiction over a dispute.

 

, , ,

Scratching the surface on Facebook and its problems

​Facebook Data Exposure Offers Critical Lesson for Internal Auditors makes some good points, including:

 

, , , , , , ,

Sports and recreation: Risk mitigation and occupiers’ liability

In Ontario, the occupiers’ duties towards people who access their premises is governed by the Occupiers’ Liability Act (“OLA”). The OLA defines an “occupier” as:

 

, ,

Time (again and still) for the IIA Standards to be correct

Internal audit can assist management by facilitating a fraud risk assessment. Management should make the decision both on the level of risk and whether it is acceptable. Internal audit can provide their opinion and advice on both.

 

, , , , , , , , ,

Previous Posts