First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

corporate culture

What does your risk management activity seek to achieve?

It is essential to understand what an organization needs and how critical the management of risk is before settling on a design, let alone trying to implement or upgrade risk management.

 

, , , , , , ,

What do audit committees think about risk and audit?

I am encouraged by the latest KPMG report, their 2017 Global Audit Committee Pulse Survey. I am encouraged because KPMG appears to be asking the right questions and getting intelligent answers.

 

, , , , , , ,

The crown jewels and risk management

When considering information security or cyber risk, you usually concentrate on risk to the ‘crown jewels’ – those information assets and services that are most vital to the enterprise.

 

, , , , , , ,

Toshiba scandal stresses need for strong corporate governance

The current CEO and one former CEO of Toshiba Corp. resigned this week in connection with the accounting scandal the company has been embroiled in since May. Senior executives are alleged to have pressured subordinates to meet unachievable financial targets, leading the company to overstate its earnings by more than USD $1.2-billion between 2008 and 2014.

 

, , , , , , , , , , , , , , ,

Primacy of purpose is the most important factor in the effectiveness of a corporate website

When it comes to websites focus on the objective you want to achieve, achieve the hell out of it, and punt on all the rest. Once you lock in on what you want your website to achieve it will become a vastly more important resource to your business.

 

, , , , , , , , , , , , , ,

When a privacy policy is not enough!

Does your organization have an IT risk management program in place that draws upon various stakeholders to identify and prioritize privacy risks and related mitigations? Does your IT risk management program maintain appropriate records and provisions for access to information and privacy? And, have you implemented a privacy policy, only to find out that during internal audits there was a lack of compliance?

 

, , , , , , , , ,