First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Leadership and Management

We’re at a tipping point for third-party risk management

If indeed creating a culture of ethics, integrity and respect is the top objective of more than two-thirds of organizations, we could start seeing the results very soon when it comes to a new wave of investing in third-party systems.

 

, , ,

Emerging risks: who is watching?

Who should be alert and watching for emerging risks: things that might happen (a better expression than the ‘R’ word, ‘risk’, because of its negative impression) that might affect the achievement of enterprise objectives?

 

, ,

Canada moves forward with a remediation agreement regime

It is likely that many organizations will choose to enter into a remediation agreement with the hope of obtaining a stay of the charges and avoiding the risk of a lengthy prosecution and subsequent criminal conviction.

 

, , , ,

Good decisions take time and more

Do risk, governance, and audit practitioners consider the problem of decisions where insufficient time was taken to obtain the necessary information, consult with all affected parties, and THINK about the options?

 

, , , ,

Vicarious liability for the intentional torts of workers

It is not always clear when an organization will be liable for the intentional wrongs committed by its representatives. Recent case decisions underscore the difficulty in determining in what circumstances an organization will be held vicariously liable for the intentional wrongs of its workers as well as the challenges in trying to gauge whether a court will find that there was sufficient connection between such intentional wrong and the worker’s duties.

 

, , , , ,

Why are SOX compliance costs increasing so much?

From a recent survey by Protiviti, the information on how many organizations had to issue a cyber-security disclosure is interesting. Apparently, this generally resulted in an increase on SOX compliance hours – although the reason for a significant increase is not clear.

 

, , , , ,

Jeffrey Sherman to present at GTA Accountants Network | Early-bird rates, CPD hours

The GTA Accountants Network/Finance Network (GTAAN/GTAFN) and First Reference are presenting four special training sessions for CPD hours in November 2018 on governance, risk management, treasury management, effective internal controls and how best to deal with organizational disruption caused by new technologies, disintermediation and demographic changes.

 

Talking about inherent and residual risk

Are organizations unnecessarily risk averse? That can be crippling in many ways, including slowing agility and decision-making as well as failing to take advantage of opportunities.

 

, , ,

The “Weinstein Clause” may mark a new era of social due diligence

To gauge the civility of an organization’s culture, adequate policies and training are not enough. The behavior and accountability of top leadership play a key role. You can’t delegate ethics. And it seems the “Weinstein Clause” indicates that boards are finally beginning to understand that.

 

, , , , , , , , , ,

The Crown pierces the corporate veil: Court imposes liability on individual for fines imposed against a corporate defendant

An Ontario Court has revolutionized the law with respect to whether an individual can be held personally liable for fines imposed against the corporation for breaches of regulatory legislation.

 

, ,

The most important question is WHY

Too often, people do things without asking themselves why they are doing them. It may be because that is what they have always done, what somebody told them to do, or because they read about it in a book or standard.

 

, , , ,

The role of internal audit in risk management

If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?

 

, , ,

What is an internal control, really?

What is a control, at an abstract level: what is it supposed to achieve, and how is it supposed to operate within an organization?

 

, , ,

So what if the risk is high?

Most organizations cannot afford to reduce every single risk to what some practitioners would deem acceptable. Providing actionable information about all the things that might happen, not by using terms like High, Medium, or Low, but in specific business terms will help evaluate which risks to take.

 

, , , , ,

New COSO ERM Guidance for ESG

It is essential to provide leaders with actionable information. Simply rating a risk as high or valuing it at $250,000 is meaningless. Leaders need to be able to make decisions between addressing one risk vs another, and going forward with a project given all the uncertainties related to its success. For that they need clear, detailed information, not a simple risk rating.

 

, , ,

Previous Posts Next posts