First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Accounting Systems and Controls

What does your risk management activity seek to achieve?

It is essential to understand what an organization needs and how critical the management of risk is before settling on a design, let alone trying to implement or upgrade risk management.

 

, , , , , , ,

Department of Finance releases consultation paper on new retail payments oversight framework

On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017.

 

, , , , ,

What do audit committees think about risk and audit?

I am encouraged by the latest KPMG report, their 2017 Global Audit Committee Pulse Survey. I am encouraged because KPMG appears to be asking the right questions and getting intelligent answers.

 

, , , , , , ,

Trusted advisors and world-class internal auditors

I was recently privileged to receive a signed copy of Richard Chambers’ latest book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors. Richard is the President and CEO of The Institute of Internal Auditors, a veteran of internal audit at the highest level, a friend, and an individual with whom I love to debate the practices of internal auditing and risk management. (I hope I am influencing his views on the imminent update of the COSO ERM Framework.)

 

, , , , ,

“Not there yet”: Bank of Canada experiments with blockchain wholesale payment system

The Bank of Canada embarked on Project Jasper to learn more about the feasibility, benefits and challenges of using DLT as the basis for a wholesale interbank payment system. These systems are crucial mechanisms for the financial industry that allow large financial institutions to process payments to each other as well as to and from central banks.

 

, , , , , , , ,

How do we make decisions? Where does ERM fit?

How do you make decisions in your personal life? How do you decide where to live, which car to buy, and where to go for lunch? For many of us, the last is the most difficult decision to make in a day! Consider your current situation and determine whether the decision is acceptable or not in the circumstances. Risk practitioners are often the voice of gloom in the decision-making process, pointing out what could go wrong. Balancing that with the positive outcomes can lead to effective decision-making.

 

, , , ,

Risk appetite in practice

From time to time, I am asked about the best risk management activity I have seen. Perhaps the best overall ERM was at SAP. I wouldn’t say it was perfect but it did include not only periodic reviews but the careful consideration of risk in every revenue transaction (including contracting) and development activity.

 

, , ,

Don’t outsmart yourself: AI and compliance

I’m a big fan of artificial intelligence. The older I get, the more I appreciate that real intelligence needs all the help it can get. Corporate ethics and compliance officers, however, need to pause before betting big on AI as a solution to all our needs.

 

, , , , ,

The current state of risk oversight: Useful or useless?

All the surveys, including this one, report that executives do not believe risk management practices at their organization are making a significant contribution to the development and execution of their strategies.

 

, , , , , , ,

When an acceptable level of risk is not acceptable

We are used to identifying a risk, analyzing the potential consequences and their likelihood, and then establishing a ‘risk level’. We evaluate whether the level of risk is acceptable or not, based on risk appetite, risk criteria, or the like. But is that sufficient?

 

, ,

The sharing economy expands the tax base

The sharing economy has disrupted the traditional taxi, hospitality and other sectors, and is expanding the tax base available to governments and revenue agencies worldwide.

 

, , , , , , , , , , , ,

Lawful access: The Privacy Commissioner reiterates its position

Patricia Kosseim, Senior General Counsel and Director General, Legal Services, Policy, Research and Technology Analysis for the Office of the Privacy Commissioner of Canada, was asked, at the request of Commission’s counsel, to provide an overview of the legislation for protecting privacy in Canada and to answer questions about lawful access issues from a federal perspective.

 

, , , , , , , , ,

Government legal and fiscal measures designed to keep businesses in Quebec

On February 21, 2017, the Quebec government announced a plan to strengthen the Quebec economy as an executive-driven economy. The plan includes the enhancement of existing measures and the development of a number of new fiscal and legal measures designed to keep businesses in Quebec and facilitate the transfer of family businesses, therefore limiting the risk of their sale to foreign interests. The key measures include:

 

, , , , , , , , , ,

Why do so many practitioners misunderstand risk?

My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn’t, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.

 

, , ,

Trump at work, week one

The first week of Trump’s administration has revealed a highly activist White House, hewing with surprising fidelity to campaign promises. The pace of change is materially faster than anticipated and the implications may be felt sooner rather than later.

 

, , , , , , , , , , ,

Previous Posts