First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Backup and Disaster Planning

The cyber heat map

Vince Dasta of Protiviti makes a good point (pun intended – as will be explained shortly) in Cyber Risk Assessment: Moving Past the “Heat Map Trap”.

 

, , ,

A management risk committee

A question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects.

 

, ,

Hyperventilating about cyber – Part I

It’s hard to see a survey these days that doesn’t include cyber as one of the top risks faced by organizations around the world. But should it be?

 

, , ,

Excellent advice for all of us involved in managing risk

The International Federation of Accountants (IFAC) has published a first class document, Enabling the accountant’s role in effective enterprise risk management.

 

, , ,

Transforming risk management in 2019 and beyond

The consideration of risk is integrated into the setting and then the execution of strategies through daily decisions.

 

, ,

Department of Finance Canada issues consultation paper on open banking

On January 11, 2019, the Department of Finance Canada released a consultation paper seeking the views of Canadians on the potential benefits and risks of an open banking system.

 

, , ,

Stop managing and start taking risk

Success in business is taking the right level of the right risks. It all comes down to helping leaders make informed and intelligent decisions.

 

, , , , ,

Why is internal audit not seen positively?

One of the findings in a new report by Deloitte, their 2018 Global Chief Audit Executive research survey, is that only 33% of CAEs believe their function is seen positively.

 

, ,

People still don’t know how to assess cyber risk!

Why do the consultants keep advising management and the boards to consider cyber risk as if it is separate from all other business risks?

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2018

This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management.

 

, , , , ,

Who takes cyber risk?

Who is taking cyber risk? Is it the board and top management who are deciding how much scarce resource to invest in breach prevention, detection and response? Or is it the business leaders whose initiatives are damaged or worse should there be a security incident?

 

, ,

The basics of risk management

I want to congratulate David Hillson (a.k.a. the Risk Doctor) for his video explaining his view of risk management basics. In Risk management basics: What exactly is it?, he takes less than five minutes to sum up risk management with six questions:

 

, , ,

Security breach notification and reporting requirements are now in force under Canada’s PIPEDA

Canada’s long-awaited federal private-sector data breach notification and reporting requirements came into force on November 1, 2018.

 

, , , , ,

UK government guidance on risk and cyber: the very good and the very bad

The National Cyber Security Center (NCSC) is a part of the UK’s Government Communications Headquarters (GCHQ). If you are like me, you may have only heard about GCHQ in an unflattering context, that of working with US intelligence agencies to spy on foreign heads of state and hack foreign agencies.

 

, ,

Ten considerations for a cybersecurity incident response plan

If you ask a group of cybersecurity experts what should be included in a Cybersecurity Incident Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of those answers contain similar themes including these ten important considerations your organization should be aware of when creating and managing a CIRP.

 

, , , , ,

Previous Posts