First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

5 practical principles for policy & procedure management

Many failures in business today could be addressed or even prevented with better policy management. Data breaches, workplace accidents, employee misconduct, third-party incidents, customer complaints, and more are often traced to policies that were absent, ineffective, or out of sight, out of mind.

 

, , , ,

A proactive approach to cyber risk management

It is not sufficient to say that cyber risk is high, medium, or low. The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.

 

, ,

Final amending regulations issued under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

anti-money laundering

On July 10, 2019, final amending regulations were issued amending each of the existing regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

 

, , , , , ,

How to assess the effectiveness of risk management

Internal auditors are expected, according to the IIA Standards and some governance codes, to assess the effectiveness of risk management.

 

, , ,

Ontario Court of Appeal confirms nude selfies are not offensive

In Zigomanis v. 2156775 Ontario Inc. (D’Angelo Brands), 2018 ONCA 116, the Ontario Court of Appeal upheld a lower court decision that a professional hockey player’s nude selfies did not offend public morals and decency and there was thus no basis to terminate a promotional contract.

 

, , ,

Ensure secure disposal of hardware

Organizations often make the mistake of considering the disposal of hardware only when they are ready to discard equipment, if at all. Instead, they should plan for hardware disposal throughout the entire systems development lifecycle, from acquisition and testing through to operations.

 

, , , , , , , , , , , , ,

The next generation of internal auditing

I want to congratulate Workiva and Jose Tabuena for Internal Audit’s Guide to Planning, Managing and Addressing Risks. I want to focus on the first piece in that publication, Planning to Do the Right Audits: An Effective Internal Audit Risk Assessment. Here are some excerpts, with comments by me:

 

, , , , ,

Blockchain company and CEO to pay over $1M for misleading investors

The OSC has approved a settlement agreement with NextBlock Global Limited and its founder and CEO, Alex Tapscott, in connection with misleading statements made to prospective investors in 2017.

 

, , , ,

Elevating internal audit’s role

For many years, PwC has shared with us their view of the State of the Internal Audit Profession. They have some useful words, but it is mixed in with an agenda with which I don’t totally agree. I will come to that later. But first, the good stuff:

 

, , , ,

Commissioner of Competition makes his mark: Rare merger challenges

A recent notice of application filed with the Canadian Competition Tribunal is the first contested merger challenge since the Staples / Office Depot transaction in 2015 and the first by the current Commissioner who himself received a permanent appointment as Commissioner only in March 2019.

 

, , ,

Insight into effective risk management

I need to draw your attention to a provocative piece by his firm (presumably by him): The risks of risk management. (My thanks go to Tim Leech for tweeting about it.)

 

, , , , ,

Which way is the true Agile?

When I started this article, I was looking for a catchy, colorful image to depict the “Agile Methodology”. After about 30 minutes, I started to realize that my fruitless search was actually confirming the entire basis of my article; that Agile is now being used as just another catchphrase or gimmick to convey that a project is up to date on the latest and greatest in newer methodologies for IT transformation. However, I hope to show you that Agile is more than just a trendy process and is also not “new” per se, despite how on-trend its adoption is in today’s business automation projects.

 

, , , , , , ,

Making intelligent and informed decisions around cyber

The experts continue to bombard us with their advice, insight, and guidance for addressing cyber.

 

, , , ,

Financial Stability Board delivers report on financial stability implications of decentralised financial technologies

On June 6, 2019, the Financial Stability Board (the “FSB”), an international body that coordinates the work of national financial authorities, published a report on “Decentralised financial technologies” in response to a request by the Japanese presidency of the G20.

 

, , , , , , ,

CEOs are not idiots when it comes to risk management

If you consider the small number of organizations where risk management is considered as providing a strategic advantage, one of these alternatives must be true:

 

, , , ,

Previous Posts