First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Accounting Systems and Controls

Time (again and still) for the IIA Standards to be correct

Internal audit can assist management by facilitating a fraud risk assessment. Management should make the decision both on the level of risk and whether it is acceptable. Internal audit can provide their opinion and advice on both.

 

, , , , , , , , ,

Effective monitoring of internal controls is critical

If the most serious internal control violation is a failure to implement internal controls in the first place, the failure to monitor existing internal controls is a close contender. Identify where in the organization effective monitoring occurs and leverage those successes.

 

, , , , , , , , , , , ,

Decision-making and the practitioner

McKinsey has shared three articles with insights into effective decision-making.

 

, , ,

The Financial Services Regulatory Authority of Ontario

Effective June 8, 2019, the Ontario government launched the Financial Services Regulatory Authority of Ontario (FSRA), which is a new independent and self-funded regulator of financial services and pensions that is intended to help reduce regulatory burden, among other things.

 

, , , ,

New reports on the cost and incidence of cyber breaches

A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.

 

, , , , , , ,

How often should you assess risk?

I recently listened to a new video by my friend, Alex Sidorenko. In How often [should] the risk assessments be performed, he makes some solid points, including:

 

, , ,

A board that would fail any test of its governance practices

I am planning a meeting with the CRO from a company during which I had planned to share some of the principles of effective risk management, based on what is considered world-class, and the governance of risk management by the board.

 

, , , , , , ,

The accountants’ role in risk management

The International Federation of Accountants (IFAC) has published an interesting and useful piece, Enabling the Accountant’s Role in Effective Enterprise Risk Management.

 

, , , , , ,

Is internal audit being distracted by consultants bearing sparkling new toys?

In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.

 

, , , , ,

CSA and IIROC propose regulatory framework for cryptoasset trading platforms

On March 14, 2019, the Canadian Securities Administrators and the Investment Industry Regulatory Organization of Canada published Consultation Paper 21-402 Proposed Framework for Crypto-Asset Trading Platforms proposing a regulatory framework for platforms that trade cryptoassets.

 

, , , ,

Regulation of online advisors: An international overview

The regulation of online advisors, often referred to as “robo-advisors”, continues to be a hot topic in the financial services industry. Online advisors are digital wealth managers which generate investment recommendations and automatically invest and rebalance funds based on an investor’s risk tolerance.

 

, , , ,

Assessing the effectiveness of your risk management program

The IIA has published a new Practice Guide, Assessing the Risk Management Process. In IIA-speak, this is recommended but not mandatory guidance for its members.

 

, , ,

The cyber heat map

Vince Dasta of Protiviti makes a good point (pun intended – as will be explained shortly) in Cyber Risk Assessment: Moving Past the “Heat Map Trap”.

 

, , ,

SWIFT publishes cybersecurity counterparty risk guidelines

On February 15, 2019, the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) published guidelines for assessing cybersecurity counterparty risk for financial institutions (the “Guidelines”).

 

, , , , , ,

A management risk committee

A question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects.

 

, ,

Previous Posts