First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Leadership and Management

Compliance training makes the slope a little less slippery

That recent academic research finding that strong internal reporting correlates to better business outcomes is welcome news for corporate compliance professionals, with all sorts of implications for how to run a compliance program smartly.

 

, ,

Talking about risk and opportunity

Some talk about opportunity as “the other side of the coin” from risk. COSO views the two words, risk and opportunity, as one is good and the other is bad. ISO seems them differently, defining risk as the effect on objectives. That effect could be positive or harmful.

 

, ,

Concerned about risk? #MeToo: A discussion on civil liability, sports and the #MeToo movement

The ever-changing landscapes of political, social and technological advances mean that risk factors for organizations are constantly evolving.

 

, , , , , ,

Treating cyber as a business problem

Cyber risk can only be communicated to leadership in a way that is meaningful and actionable, enabling them to make informed and intelligent decisions, if it is done using business language.

 

, , , ,

Deloitte Internal Audit 3.0 has major flaws

Earlier this year, Deloitte published Internal Audit 3.0, The future of Internal Audit is now. It’s great that they are encouraging internal audit departments to change so they can meet modern demands, but their presentation that they are offering something novel and disruptive is way off the mark.

 

, , ,

Uniting risk management with strategic planning

Who can argue that the consideration of what might happen (what some refer to as risk) should be part of the strategic planning process? Objectives and strategies should be set only after thinking carefully about where you are, what is happening around you, and what may happen in the future.

 

, ,

We’re at a tipping point for third-party risk management

If indeed creating a culture of ethics, integrity and respect is the top objective of more than two-thirds of organizations, we could start seeing the results very soon when it comes to a new wave of investing in third-party systems.

 

, , ,

Emerging risks: who is watching?

Who should be alert and watching for emerging risks: things that might happen (a better expression than the ‘R’ word, ‘risk’, because of its negative impression) that might affect the achievement of enterprise objectives?

 

, ,

Canada moves forward with a remediation agreement regime

It is likely that many organizations will choose to enter into a remediation agreement with the hope of obtaining a stay of the charges and avoiding the risk of a lengthy prosecution and subsequent criminal conviction.

 

, , , ,

Good decisions take time and more

Do risk, governance, and audit practitioners consider the problem of decisions where insufficient time was taken to obtain the necessary information, consult with all affected parties, and THINK about the options?

 

, , , ,

Vicarious liability for the intentional torts of workers

It is not always clear when an organization will be liable for the intentional wrongs committed by its representatives. Recent case decisions underscore the difficulty in determining in what circumstances an organization will be held vicariously liable for the intentional wrongs of its workers as well as the challenges in trying to gauge whether a court will find that there was sufficient connection between such intentional wrong and the worker’s duties.

 

, , , , ,

Why are SOX compliance costs increasing so much?

From a recent survey by Protiviti, the information on how many organizations had to issue a cyber-security disclosure is interesting. Apparently, this generally resulted in an increase on SOX compliance hours – although the reason for a significant increase is not clear.

 

, , , , ,

Jeffrey Sherman to present at GTA Accountants Network | Early-bird rates, CPD hours

The GTA Accountants Network/Finance Network (GTAAN/GTAFN) and First Reference are presenting four special training sessions for CPD hours in November 2018 on governance, risk management, treasury management, effective internal controls and how best to deal with organizational disruption caused by new technologies, disintermediation and demographic changes.

 

Talking about inherent and residual risk

Are organizations unnecessarily risk averse? That can be crippling in many ways, including slowing agility and decision-making as well as failing to take advantage of opportunities.

 

, , ,

The “Weinstein Clause” may mark a new era of social due diligence

To gauge the civility of an organization’s culture, adequate policies and training are not enough. The behavior and accountability of top leadership play a key role. You can’t delegate ethics. And it seems the “Weinstein Clause” indicates that boards are finally beginning to understand that.

 

, , , , , , , , , ,

Previous Posts