First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Decision-making and the practitioner

McKinsey has shared three articles with insights into effective decision-making.

 

, , ,

New reports on the cost and incidence of cyber breaches

A cyber breach can affect an organization in many ways, from trivial to devastating. There is a range of potential effects, each with its own likelihood.

 

, , , , , , ,

Canadian government announces new Digital Charter

On May 21, 2019, the Honourable Navdeep Bains, Minister of Innovation, Science and Economic Development, announced the introduction of Canada’s new Digital Charter. This blog post summarizes the highlights of Minister Bains’ announcement and the principles of the Digital Charter.

 

, , , , , , ,

How often should you assess risk?

I recently listened to a new video by my friend, Alex Sidorenko. In How often [should] the risk assessments be performed, he makes some solid points, including:

 

, , ,

A board that would fail any test of its governance practices

I am planning a meeting with the CRO from a company during which I had planned to share some of the principles of effective risk management, based on what is considered world-class, and the governance of risk management by the board.

 

, , , , , , ,

Upcoming “blackout period” for CIPO online services

As you may be aware, a number of significant changes to the Canadian Trademarks Act will come into force on June 17, 2019.

 

, , , ,

IIROC’s welcome clarification to member firms: e-signatures are permitted

On March 26, 2019, the Investment Industry Regulatory Organization of Canada issued Guidance Note 19-0051 – E-Signature.

 

, , ,

Selecting a framework for managing risk

arol Williams has a website, ERM Insights, where she writes about risk management (I prefer to talk about the management of risk, rather than risk management, to ensure we are talking about how the organization addresses what might happen, i.e., risk, rather than talking about a function or team).

 

, , , , , , , ,

Pot & privacy: BC Privacy Commissioner issues guidance for protection of personal information in cannabis transactions

The Office of the Information and Privacy Commissioner for British Columbia has released a guidance document to help cannabis retailers and purchasers understand their rights and obligations under the Personal Information Protection Act (British Columbia).

 

, , , ,

Is internal audit being distracted by consultants bearing sparkling new toys?

In PwC 2019 State of the Internal Audit Profession Study, they are advising internal auditors to adopt approaches and practices with which I disagree.

 

, , , , ,

CSA and IIROC propose regulatory framework for cryptoasset trading platforms

On March 14, 2019, the Canadian Securities Administrators and the Investment Industry Regulatory Organization of Canada published Consultation Paper 21-402 Proposed Framework for Crypto-Asset Trading Platforms proposing a regulatory framework for platforms that trade cryptoassets.

 

, , , ,

Are we taking risk, making a decision, or gambling?

We gamble all the time, but we don’t think of it that way. We think we are making decisions, not gambling – and often don’t see it as taking risk either.

 

, , ,

The ISACA has traded in COBIT 5 for COBIT 2019 (Part 3 of 3)

The ISACA has traded in the 7-year old COBIT 5 for COBIT 2019. This is the last of a 3-part series examining this change. Read part 1 here and part 2 here.

 

, , , , , , , ,

Assessing the effectiveness of your risk management program

The IIA has published a new Practice Guide, Assessing the Risk Management Process. In IIA-speak, this is recommended but not mandatory guidance for its members.

 

, , ,

The wonder and joy of internal auditing

More than 17 years ago, The IIA’s magazine published an article of mine, The new age of internal auditing. I made some provocative comments, including:

 

, ,

Previous Posts Next posts