First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk assessment

What a CEO needs to hear to invest more in compliance – strategy

Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.

 

, , , , , ,

Trusted advisors and world-class internal auditors

I was recently privileged to receive a signed copy of Richard Chambers’ latest book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors. Richard is the President and CEO of The Institute of Internal Auditors, a veteran of internal audit at the highest level, a friend, and an individual with whom I love to debate the practices of internal auditing and risk management. (I hope I am influencing his views on the imminent update of the COSO ERM Framework.)

 

, , , , ,

The astonishing Wells Fargo fraud

The news about the Wells Fargo staff ‘scam’ (the word used in this article in SC magazine) is mind-boggling. What I found mind-boggling is that (according to CNN Money) Wells Fargo had to fire about 5,300 workers (out of a total staff estimated at 265,000, or 2% of all employees). When 2% of employees were fired, you have to assume that more people knew or should have known. The prevailing Wells Fargo culture in reality was to do what was right for the staff, not the customers!

 

, , , , , , , ,

Survey results: Risk-based internal audit planning

Clearly, the great majority base their audit plan on some combination of (macro) enterprise-level risks and (micro) risks at a lower level of the organization. Somewhat more have weighted their plan towards the micro level than the macro level. So what does this all mean?

 

, , , , , , , ,

Anti-money laundering updates

Final amendments to Regulations to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act released.

 

, , , , , , , , ,

Internal audit and cyber risk

Deloitte has published good work. One of my favorites is their risk-intelligent white paper series. Recently, they released Cybersecurity and the role of internal audit. It has both superior and inferior advice. Let me walk through it.

 

, , , , , , , , , ,

Is it really possible to control employees’ use of company computers?

Policies can help you manage employees’ and others’ use of company IT resources, and dramatically reduce the potential risk to you and your assets.

 

, , , , , , , , , , , , , , , , ,

Developing a corporate compliance program under Canada’s Anti-Spam Legislation (CASL)

CASL is now in force As of July 1st, individuals and organizations who send or receive commercial electronic messages (CEMs) in Canada must comply with Canada’s Anti-Spam Legislation (CASL)’s anti-spam provisions. With CEMs being broadly defined, many organizations, including registered charities and not-for-profit organizations, are caught by CASL. Guidelines to help organizations develop corporate compliance […]

 

, , , , , , , , , , , , , , , , , , ,

How does the new anti-spam legislation affect IT processes?

It should be clear that managing your anti-spam obligations will mean modifying your information technology processes. The CRTC has created comprehensive anti-spam guidelines that demonstrate some of the ways IT will be involved…

 

, , , , , , , , , , , , , , , , , , , ,

Criminal record checks available free to not-for-profit organizations, starting November 30

Starting November 30, 2013, British Columbia’s government will waive the $20 criminal record check fee for not-for-profit organizations that participate in a program that also offers free expert advice. Under BC law, employers in the volunteer and not-for-profit sector must obtain criminal record checks for job and volunteer candidates if they will work with children or vulnerable adults. The province’s criminal record check program aims to alleviate the financial burden associated with the law.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , , ,

COBIT evolves as technology does

CobiT 5 was released in 2012. It takes a higher-level governance approach, focusing on stakeholders and their needs. It incorporates the internal control focus of earlier versions of CobiT but goes beyond them.

 

, , , , , , , , , , , , , , , , , , , ,

Identifying and managing the risks of corporate directorship

Do you know about the types of risk that corporate directors are increasingly facing? I’ve been talking quite a bit about various types of risk, and Earl Altman recently asked on First Reference Talks, When are directors liable to employees for debts of the corporation? A new guide looks at the main sources of risk that directors face and a number of strategies to reduce the risk.

 

, , , , , , , , , , , , , ,