First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Leadership and Management

Beyond due diligence: Ongoing third party risk management

There is something in a name. More people in the compliance industry, when referring to third-party due diligence, are labeling it “Third Party Risk Management.” I like it because it is more accurate.

 

, , , , , ,

Is internal audit being distracted by consultants bearing sparkling new toys?

In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.

 

, , , , ,

Proposed changes to anti-corruption rules for federal government procurement and real estate leasing

The federal government’s rules around the integrity of the procurement process also apply to real estate, in particular, the possibility that leases with the federal crown as tenant can be terminated for breach of anti-corruption provisions.

 

, , , ,

Ombudsperson for responsible enterprise

The federal government has appointed Sheri Meyerhoffer as the Ombudsperson for Responsible Enterprise. The Ombudsperson for Responsible Enterprise (CORE) reviews allegations of human rights abuses against Canadian companies operating abroad.

 

, , ,

Are we taking risk, making a decision, or gambling?

We gamble all the time, but we don’t think of it that way. We think we are making decisions, not gambling – and often don’t see it as taking risk either.

 

, , ,

Behind the corporate veil: New ownership record rules in Canada

boardroom-meeting

On December 13, 2018, Bill C-86 received royal assent. This Bill contains a series of amendments to the CBCA pertaining to the tracking and recording of “individuals with significant control” (“ISCs”) over a corporation.

 

, , , ,

Expert answers for questions on retaliation in the workplace

Competition law

The NAVEX Global Master Class on Retaliation in the Workplace generated a plethora of thoughtful questions and discussion points from our attendees.

 

, , , ,

The wonder and joy of internal auditing

More than 17 years ago, The IIA’s magazine published an article of mine, The new age of internal auditing. I made some provocative comments, including:

 

, ,

A warning on “meaningful” compliance with FTC orders

Compliance professionals — we need to talk about the Federal Trade Commission. The folks there are unhappy with the quality of your work.

 

, ,

Talking about software for GRC

The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

 

, , , , , , ,

Those lists of greatest risks all miss the BIG one

When something goes wrong, 99.999999% of the time it’s because somebody made a poor decision (at least in hindsight). The risks associated with a poor decision could have major ramifications.

 

, , ,

The cyber heat map

Vince Dasta of Protiviti makes a good point (pun intended – as will be explained shortly) in Cyber Risk Assessment: Moving Past the “Heat Map Trap”.

 

, , ,

A management risk committee

A question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects.

 

, ,

Focusing board attention on management

Rather than trying to make sure themselves that everything is right, the board should focus its limited time on gaining comfort that it has the right management team in place, a team capable of getting things right.

 

, , , ,

The positive side of risk

So how should we talk about the good stuff if we reserve the word ‘risk’ for the bad?

 

, , ,

Previous Posts