First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Leadership and Management

COSO ERM explains the flaw in risk appetite statements

Devotion to remaining within risk appetite (if you can even express one that will proactively guide decision-makers) is likely to make you risk averse – and focusing on avoiding harm is the path to avoiding success.

 

, , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

Canada publishes a somewhat consolidated economic sanctions list

On October 13, 2017, Global Affairs Canada published the country’s first consolidated list of blacklisted individuals and entities under the Special Economic Measures Act (“SEMA”), known as the “Consolidated SEMA Sanctions List”. The Consolidated SEMA Sanctions List is intended to provide a single accessible website for members of the public to search for individuals and entities listed under SEMA sanctions regulations.

 

, , , , ,

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

 

, , , , , ,

Bill 141 – Proposed amendments to the Act respecting the Autorité des marchés financiers with regard to whistleblowing

Following the example of the Ontario Securities Commission, the Authority implemented a whistleblower program in June 2016. Contrary to Ontario, Quebec’s program does not give financial awards to whistleblowers, but it does guarantee a framework that ensures confidentiality and protects whistleblowers against reprisals. However, no legislative amendment guaranteeing these protections has been introduced until now.

 

, , , , , ,

Getting risk management right

In this commentary on a recent article by Doug Anderson, an advisor on behalf of the IIA on the COSO ERM update project, examples are provided on getting risk management right.

 

, , , , ,

High-profile sexual harassment claims show a toxic culture can be a product defect

The rapid demise of the Weinstein Co., once one of the most successful movie studios in Hollywood, should have every CEO wondering: What skeletons does my organization have in the closet? And how could they destroy the value of my company’s brands, or the company itself?

 

, , , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

 

, , , , , , , ,

Indecent proposal? Whether and how to ask existing employees to sign new employment contracts

Asking existing employees to sign new employment contracts can be a sensitive topic. Employees will undoubtedly wonder why they are being asked to do so. Many will quite rightly assume that the employer’s main motive for having new contracts be signed is to protect the employer – not the employee. Some will sign without issue, while others will refuse to do so.

 

, , , , , ,

Employee misconduct and social media

As technology continues to blur the line between personal and professional life, employers increasingly find themselves dealing with the impact of social media on the employment relationship.

 

, , ,

How well did COSO address comments on the ERM draft?

My impression is that COSO only tinkered with the draft. But, have they done enough to move practices forward, in the right direction? Will this update change the percentage of executives answering the piercing question by Deloitte, “Does risk management support, at a high level, the ability to develop and execute business strategies”, up from 13% close to 80%?

 

, , , , , ,

Social impact bonds – investing in communities

Social Impact Bonds (SIBs) are an innovative way for organizations to practice Socially Responsible Investing (SRI). Canada joins other jurisdictions like the United Kingdom, the United States and Australia, in investing in SIBs.

 

, , , , , , , , , , , , , , ,

Which are the best principles for effective risk management?

I will let you decide which is the best set of principles: which is clearer in setting expectations for the effective management of risk and which is better as a basis for assessing the maturity of risk management.

 

, , , ,

Is the COSO ERM update a success or failure?

Recently, COSO published an update to their 2004 ERM Framework. The product, retitled Enterprise Risk Management: Integrating with Strategy and Performance, is available from the AICPA or IIA.

 

, , , , ,

Previous Posts