First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Leadership and Management

A proactive approach to cyber risk management

It is not sufficient to say that cyber risk is high, medium, or low. The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.

 

, ,

CCAA and BIA amendments to come into force November 1, 2019

Bill C-97 including certain proposed amendments to the Bankruptcy and Insolvency Act (BIA) and the Companies’ Creditors Arrangement Act (CCAA) received Royal Assent on June 21, 2019.

 

, , , ,

How to assess the effectiveness of risk management

Internal auditors are expected, according to the IIA Standards and some governance codes, to assess the effectiveness of risk management.

 

, , ,

The next generation of internal auditing

I want to congratulate Workiva and Jose Tabuena for Internal Audit’s Guide to Planning, Managing and Addressing Risks. I want to focus on the first piece in that publication, Planning to Do the Right Audits: An Effective Internal Audit Risk Assessment. Here are some excerpts, with comments by me:

 

, , , , ,

Blockchain company and CEO to pay over $1M for misleading investors

The OSC has approved a settlement agreement with NextBlock Global Limited and its founder and CEO, Alex Tapscott, in connection with misleading statements made to prospective investors in 2017.

 

, , , ,

Elevating internal audit’s role

For many years, PwC has shared with us their view of the State of the Internal Audit Profession. They have some useful words, but it is mixed in with an agenda with which I don’t totally agree. I will come to that later. But first, the good stuff:

 

, , , ,

My organization’s code of conduct is good – How can I make it great?

Competition law

If your code of conduct isn’t a document you’re proud to share with your employees, customers, board and C-suite—or if your organization has recently had a big change (merger or acquisition, a change in leadership or other significant shift) that requires a code of conduct refresh—you have an opportunity to take your code of conduct from good to great.

 

, , , , ,

Making producers pay – from product stewardship to innovative EPR programs

To date, Canada has focused on two approaches for managing products and their packaging at end-of-life: (1) extended producer responsibility or “EPR”, and (2) product stewardship programs. For the most part, these programs (which cover various categories) fall under provincial jurisdiction.

 

, , , , , , , , , , , ,

Insight into effective risk management

I need to draw your attention to a provocative piece by his firm (presumably by him): The risks of risk management. (My thanks go to Tim Leech for tweeting about it.)

 

, , , , ,

Overseas claims for foreign environmental harm: Vedanta and the Canadian context

Last month, in Vedanta Resources PLC & Another v. Lungowe & Others, the UK Supreme Court allowed Zambian citizens to proceed with a claim in the UK against a UK-based mining company for environmental contamination allegedly caused by its Zambian subsidiary. As our colleague Lee McBride has recently written, this landmark decision will be of particular interest to multinational parent companies headquartered in the UK.

 

, , , , , , ,

Which way is the true Agile?

When I started this article, I was looking for a catchy, colorful image to depict the “Agile Methodology”. After about 30 minutes, I started to realize that my fruitless search was actually confirming the entire basis of my article; that Agile is now being used as just another catchphrase or gimmick to convey that a project is up to date on the latest and greatest in newer methodologies for IT transformation. However, I hope to show you that Agile is more than just a trendy process and is also not “new” per se, despite how on-trend its adoption is in today’s business automation projects.

 

, , , , , , ,

Making intelligent and informed decisions around cyber

The experts continue to bombard us with their advice, insight, and guidance for addressing cyber.

 

, , , ,

CEOs are not idiots when it comes to risk management

If you consider the small number of organizations where risk management is considered as providing a strategic advantage, one of these alternatives must be true:

 

, , , ,

If risk management is the answer, what is the question?

We need to stop coming up with new words and phrases when all we need to address is the effectiveness of management. So stop talking about ERM, IRM, or even objective assurance, and start thinking about how to obtain reasonable assurance that the management of the organization, including how it sets objectives and makes related execution decisions, is effective.

 

, , , , , , ,

How to draft exclusive vs. non-exclusive jurisdiction clauses

Learn why you need to review your contracts and advocacy practices with Not-for-Profit PolicyPro

Non-exclusive jurisdiction clauses identify a jurisdiction that the parties agree may hear their disputes but accept that, in the appropriate circumstances, courts in other jurisdictions may have jurisdiction over a dispute.

 

, , ,

Previous Posts