First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Backup and Disaster Planning

New reports on the cost and incidence of cyber breaches

A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.

 

, , , , , , ,

How often should you assess risk?

I recently listened to a new video by my friend, Alex Sidorenko. In How often [should] the risk assessments be performed, he makes some solid points, including:

 

, , ,

A board that would fail any test of its governance practices

I am planning a meeting with the CRO from a company during which I had planned to share some of the principles of effective risk management, based on what is considered world-class, and the governance of risk management by the board.

 

, , , , , , ,

Selecting a framework for managing risk

arol Williams has a website, ERM Insights, where she writes about risk management (I prefer to talk about the management of risk, rather than risk management, to ensure we are talking about how the organization addresses what might happen, i.e., risk, rather than talking about a function or team).

 

, , , , , , , ,

Are we taking risk, making a decision, or gambling?

We gamble all the time, but we don’t think of it that way. We think we are making decisions, not gambling – and often don’t see it as taking risk either.

 

, , ,

The cyber heat map

Vince Dasta of Protiviti makes a good point (pun intended – as will be explained shortly) in Cyber Risk Assessment: Moving Past the “Heat Map Trap”.

 

, , ,

A management risk committee

A question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects.

 

, ,

Hyperventilating about cyber – Part I

It’s hard to see a survey these days that doesn’t include cyber as one of the top risks faced by organizations around the world. But should it be?

 

, , ,

Excellent advice for all of us involved in managing risk

The International Federation of Accountants (IFAC) has published a first class document, Enabling the accountant’s role in effective enterprise risk management.

 

, , ,

Transforming risk management in 2019 and beyond

The consideration of risk is integrated into the setting and then the execution of strategies through daily decisions.

 

, ,

Department of Finance Canada issues consultation paper on open banking

On January 11, 2019, the Department of Finance Canada released a consultation paper seeking the views of Canadians on the potential benefits and risks of an open banking system.

 

, , ,

Stop managing and start taking risk

Success in business is taking the right level of the right risks. It all comes down to helping leaders make informed and intelligent decisions.

 

, , , , ,

Why is internal audit not seen positively?

One of the findings in a new report by Deloitte, their 2018 Global Chief Audit Executive research survey, is that only 33% of CAEs believe their function is seen positively.

 

, ,

People still don’t know how to assess cyber risk!

Why do the consultants keep advising management and the boards to consider cyber risk as if it is separate from all other business risks?

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2018

This year on the Inside Internal Controls blog we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit, and business management.

 

, , , , ,

Previous Posts