First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk

Stop managing and start taking risk

Success in business is taking the right level of the right risks. It all comes down to helping leaders make informed and intelligent decisions.

 

, , , , ,

Why is internal audit not seen positively?

One of the findings in a new report by Deloitte, their 2018 Global Chief Audit Executive research survey, is that only 33% of CAEs believe their function is seen positively.

 

, ,

Internal audit is your third line of defense

In a perfect world, internal controls would be 100% effective once implemented. In reality, organizations needs multiple lines of defense or barriers to guard against the risk that they will not achieve their objectives. The internal audit function is the last of three lines of defense recommended by the Institute of Internal Auditors (IIA) in […]

 

, , , , , , ,

Concerned about risk? #MeToo: A discussion on civil liability, sports and the #MeToo movement

The ever-changing landscapes of political, social and technological advances mean that risk factors for organizations are constantly evolving.

 

, , , , , ,

We’re at a tipping point for third-party risk management

If indeed creating a culture of ethics, integrity and respect is the top objective of more than two-thirds of organizations, we could start seeing the results very soon when it comes to a new wave of investing in third-party systems.

 

, , ,

Good decisions take time and more

Do risk, governance, and audit practitioners consider the problem of decisions where insufficient time was taken to obtain the necessary information, consult with all affected parties, and THINK about the options?

 

, , , ,

The role of internal audit in risk management

If we are stressing that risk management is really all about effective, informed and intelligent decision-making, shouldn’t internal audit start focusing on the quality of decision-making processes?

 

, , ,

So what if the risk is high?

Most organizations cannot afford to reduce every single risk to what some practitioners would deem acceptable. Providing actionable information about all the things that might happen, not by using terms like High, Medium, or Low, but in specific business terms will help evaluate which risks to take.

 

, , , , ,

Are you managing risk or are you managing the organization?

Stop managing risk – manage the business. Stop talking about accepting or managing risk and start talking about taking the right risks through informed and intelligent decisions.

 

, , , , ,

The board and enterprise culture

This article looks at the Board’s involvement in managing enterprise culture. In the corporate context, culture is a system of values, beliefs and behaviors that shape how things get done within the organization.

 

, , , , , , ,

New GRC guidance from OCEG might be missing a crucial point

GRC is “the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity”. A new Guide from OCEG, A Practical Guide About GRC Metrics and Measurement, says, a major part of GRC is about “break[ing] down silos between governance, strategy, performance management, risk management, compliance management, internal audit and other departments”.

 

, , , , ,

When liability waivers are upheld

This case illustrates that waivers can be a complete bar to the right to sue and that participants being provided a waiver have the option to opt out of the activity if they are not comfortable with solely bearing the risk associated with it.

 

, , , , ,

Reporting on risk to the board

Those charged with reporting on risk to the board and to the executive team should understand what they are trying to achieve, what information they need to be successful and how they can help.

 

, , , , , , ,

An idea to help drive effective risk management

We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment. What if the quality of decision-making was a significant factor in assessing performance? Thus affecting compensation and career progression. This idea could help drive effective risk management.

 

, , , , , , , ,

The updated ISO risk management standard merits our attention

Neither the ISO nor the COSO updates will, in my opinion, move the understanding and practice of ‘risk management’ to where they need to be. The updates are small steps when leaps were required.

 

, , , , ,

Previous Posts