First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Network, Systems and Data Security

Cyber and the board

There’s an interesting article in the Harvard Law School Forum on Corporate Governance and Financial Regulation. What the Capital One Hack Means for Boards of Directors has some interesting insights that merit the attention of risk, cyber, audit, and governance practitioners.

 

, , , , , , , , ,

FATF issues guidance on virtual assets

FATF issues guidance on virtual assets

 

, , , , ,

A proactive approach to cyber risk management

It is not sufficient to say that cyber risk is high, medium, or low. The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.

 

, ,

Final amending regulations issued under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

anti-money laundering

On July 10, 2019, final amending regulations were issued amending each of the existing regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

 

, , , , , ,

Ensure secure disposal of hardware

Organizations often make the mistake of considering the disposal of hardware only when they are ready to discard equipment, if at all. Instead, they should plan for hardware disposal throughout the entire systems development lifecycle, from acquisition and testing through to operations.

 

, , , , , , , , , , , , ,

Making intelligent and informed decisions around cyber

The experts continue to bombard us with their advice, insight, and guidance for addressing cyber.

 

, , , ,

Scratching the surface on Facebook and its problems

​Facebook Data Exposure Offers Critical Lesson for Internal Auditors makes some good points, including:

 

, , , , , , ,

Anti-money laundering considerations in cannabis finance

While the right financing structure can be a critical advantage to any cannabis-related business, it is also important to remember that there are legal considerations involved, including in respect of anti-money laundering (AML) matters.

 

, , ,

Time (again and still) for the IIA Standards to be correct

Internal audit can assist management by facilitating a fraud risk assessment. Management should make the decision both on the level of risk and whether it is acceptable. Internal audit can provide their opinion and advice on both.

 

, , , , , , , , ,

New reports on the cost and incidence of cyber breaches

A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.

 

, , , , , , ,

A board that would fail any test of its governance practices

I am planning a meeting with the CRO from a company during which I had planned to share some of the principles of effective risk management, based on what is considered world-class, and the governance of risk management by the board.

 

, , , , , , ,

Talking about software for GRC

The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

 

, , , , , , ,

SWIFT publishes cybersecurity counterparty risk guidelines

On February 15, 2019, the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) published guidelines for assessing cybersecurity counterparty risk for financial institutions (the “Guidelines”).

 

, , , , , ,

Hyperventilating about cyber – Part 2

Is the level of concern about cyber merited? Should organizations and individuals be as worried about the possibility and consequences of a breach as they are advised by the consultants, information security pundits, and in news reports?

 

, , , ,

Hyperventilating about cyber – Part I

It’s hard to see a survey these days that doesn’t include cyber as one of the top risks faced by organizations around the world. But should it be?

 

, , ,

Previous Posts