First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

managing risk

Survival of the fittest: How can technology help small businesses thrive?

Canada’s failure rate for small and medium sized businesses is staggeringly high. Around one half of small and medium sized businesses survive past five years, while 15% don’t last a year. Today’s smaller businesses face a daunting task. The complexities of today’s market have created new risks, and myriad laws and regulations that can overwhelm just about any sized business.


, , ,

Always-on risk and strategy management

Always-on strategy complements the annual [strategy] process by giving senior leadership a regular forum in which to monitor and discuss issues that warrant continual attention, including those identified during the annual process and during the course of the year.


, , , , ,

PwC does better on risk management

If you don’t focus on the achievement of objectives, but instead manage individual risks, how do you know whether you are likely to achieve them – or the possibility of exceeding them?


, , , , , ,

Risk management in review

PwC’s latest Risk In Review study makes some very interesting points. It carries the title of “Managing risk from the front line” and I recommend downloading and reading it.


, , , , ,

The current state of risk management

But here is the key question. If the leaders of the organization are not persuaded that risk management is adding value by enabling success, and believe that there are better ways to invest scarce resources, why should we surprised that the risk management activity is under–funded?


, , , , ,

Risk management guidance: Time for a leap change

Even though both COSO ERM and ISO 31000:2009 are evolving, moving to a greater emphasis on decision-–making and the setting and execution of strategy, the practice of managing risk continues to lag. I have written in my blogs and spoken in person to thought leaders involved in both COSO ERM and ISO 31000 updates about the need to take a huge leap forward. When the practice is seen as failing to contribute to success, and limited to a compliance function, something dramatic has to happen.


, , , , ,

Risk management: What academics fail to understand

How do you expect a CEO to believe risk management enables success when all the CRO gives him is a list of what could go wrong? He needs help to see what might happen, both good and bad, and what to do about it—in other words, risk management needs to be seen by the CEO as helping him or her get where he or she needs to go. Do you share my view? If so, how do we move both the practitioner and academic community?


, , , , , ,

Cyber risk and audit

Clearly, cyber risk and audit is the topic of the day, if not the year and decade. The leader of Protiviti’s IT audit practice, David Brand, has weighed in with “Ten Cybersecurity Action Items for CAEs and Internal Audit Departments”. He has some valuable ideas that merit consideration, not only by internal auditors, but by security professionals, boards, risk officers, and more broadly among the executive group. I will let you read his post and suggested action items.


, , , , , , , ,

Some authoritative guidance on risk management and the three lines of defense

The King Code of Corporate Governance has been a fine source of principles and practice for governance, including risk, assurance, and compliance, ever since its initial release. In this post, I want to talk about two areas I find interesting in the draft Code.


, , , , , , , , , ,

Managing risk means opening your eyes every day

On the surface, it is good news that the majority of Canadian CFOs are confident in their management of risk and believe that employees understand the risks to the organization. 72% feel that their strategy is aligned with their risk appetite. But, do the authors of the study understand what effective risk management entails?


, , , , , , ,

Why have a shareholders’ agreement?

Ultimately, a Shareholders’ Agreement is a method of managing risk and establishing mechanisms to resolve problems before they arise.


, , , , , , , , ,

Using internal control to prevent fraud

Anti-fraud controls mainly apply to the general area of accounting (purchasing, revenue, payroll, banking and treasury, inventory, assets, etc.), but they will also involve many specific areas of operations, such as sales, payments, expenses, receivables, travel, suppliers, taxes, promotions and much more.


, , , , , , , , , , , , , ,

A few words about tax risk

I have the privilege of offering our readers information on a diverse range of important topics that few people really want to talk about, like tax risk.


, , , , , , , , , , , , , , , , , , , ,