First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Budgeting and Auditing

The updated ISO risk management standard merits our attention

Neither the ISO nor the COSO updates will, in my opinion, move the understanding and practice of ‘risk management’ to where they need to be. The updates are small steps when leaps were required.

 

, , , , ,

One objective but multiple risks

Some organizations and consultants are wedded to the idea that the level of risk can be quantified and calculated as the magnitude of a potential effect (or consequence) multiplied by its likelihood.

 

, , ,

Are we doing enough about behavior?

I have written about culture as having many facets. Auditing culture is not just about ethics, or risk-taking. It’s about behavior and what drives it. Are we, as individuals (especially when we are in a position of authority, such as any member of internal audit) doing enough?

 

, , ,

Mitigate the risks associated with IT systems acquisition

Any organization which acquires IT systems must do so carefully. Among other reasons, systems may be costly, they may be critical to business operations, and they may create significant risks (for example a risk of security breaches). The following suggestions will help to mitigate some of the risks associated with IT systems acquisition:

 

, , , , , , , , , , ,

Is it about managing risk?

Managing risk absent the context of your objectives leads you to manage what may be irrelevant and miss what may be crucial.

 

, , , ,

Bill 141 – Proposed amendments to the Act respecting the Autorité des marchés financiers with regard to whistleblowing

Following the example of the Ontario Securities Commission, the Authority implemented a whistleblower program in June 2016. Contrary to Ontario, Quebec’s program does not give financial awards to whistleblowers, but it does guarantee a framework that ensures confidentiality and protects whistleblowers against reprisals. However, no legislative amendment guaranteeing these protections has been introduced until now.

 

, , , , , ,

Should you adopt the updated COSO ERM Framework? My assessment

It has been 13 years since the original COSO ERM Framework and eight years since ISO 31000:2009 was published. The updated COSO ERM Framework was an opportunity for COSO to “leap forward”. But did it?

 

, , , , , , , ,

How well did COSO address comments on the ERM draft?

My impression is that COSO only tinkered with the draft. But, have they done enough to move practices forward, in the right direction? Will this update change the percentage of executives answering the piercing question by Deloitte, “Does risk management support, at a high level, the ability to develop and execute business strategies”, up from 13% close to 80%?

 

, , , , , ,

Small business corporate tax rate reduction 2018

The government news release announcing the reduction in the small business corporate income tax rate did not address whether there would be corresponding changes to the dividend gross-up or non-eligible dividend tax credit rate.

 

, , , , , , , , , , , ,

How good is your chief risk officer?

A chief risk officer requires certain characteristics to succeed at being the leader of risk management in any organization. This article provides a list of critical attributes for such a leader.

 

, , ,

A conversation about risk with a CEO

Leaving the word “risk” out of a risk discussion with an executive can prove to be a positive way forward when asking what can go right for a project rather than what might go wrong.

 

, , , ,

Processes to support information technology effectiveness reviews

This blog post reminds organizations that they should take the time to conduct information technology effectiveness reviews, to evaluate and improve the IT department’s role in achieving the organization’s goals.

 

, , , , , , , ,

Federal Court of Appeal denies CRA routine access to tax accrual working papers

On March 30, 2017, the Federal Court of Appeal (FCA) released its decision in BP Canada Energy Company v. MNR (2017 FCA 61), dealing with whether the Minister of National Revenue (the Minister) could compel the taxpayer to disclose the uncertain tax positions reflected in its tax accrual working papers (TAWPs).

 

, , ,

Positioning risk management to succeed

Jim DeLoach of Protiviti is an old friend. We enjoy discussing risk management over a meal, finding that we agree on far more than we disagree. Where we do disagree, it may be more by way of expressing ourselves, or due to our different positions and perspectives. His work always, in my experience, merits our careful attention and reflection. Jim recently wrote Positioning Independent Risk Management to Succeed: 6 Ways to Support the CRO.

 

, , ,

Internal audit and ERM accused of failing to hit the mark

The consulting firm CEB (now part of Gartner) published a piece in 2014, Executive Guidance: Reducing Risk Management’s Organizational Drag. It has been used recently to support an argument by a critic that both internal audit and ERM are failing.

 

, , , ,

Previous Posts