First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Leadership and Management

4 reasons why your organization isn’t seeing internal hotline reports

When it comes to effective internal whistleblower hotlines, silence is never a sign of success. It is usually a sign that the compliance program, and its internal reporting systems, are not resonating with employees and is therefore, not effective. In these cases, we have to ask ourselves why?

 

, , , , , , , ,

New guidance for risk committees

A new publication by the Risk Coalition (a group of organizations in the UK that includes their Institute of Directors, a couple of risk management associations, and the organizations for internal and external auditors) merits our attention. Raising the Bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services Sector has some interesting content. For example, it says:

 

, , , , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Managing risk when the board is over-confident

When we talk about confidence in managing risks, we’re really talking about confidence in the effectiveness of your risk management program — and apparently, we have a systemic disconnect between the board and management about that issue.

 

, , , , , ,

The missing link in future-casting M&A due diligence

You don’t just marry your spouse; you marry a family. The same holds true in corporate mergers and acquisitions. You don’t just buy a company, you acquire their culture, risk, and future potential of both. And just like in a marriage, some things don’t come to the surface until that third or fourth family reunion.

 

, , , , , , ,

Silos are thriving even in ERM programs

You are the captain of a ship that is sailing from Singapore to Auckland with a cargo that needs to be kept cold and will lose its freshness if you don’t arrive within a few days of your schedule.

 

, , , , , , ,

Mandatory cybersecurity incident reporting for IIROC investment firms

In November 2019, the Investment Industry Regulatory Organization of Canada released new mandatory reporting requirements for cybersecurity incidents, per IIROC Notice 19-0194. What are the new requirements?

 

, , , , , ,

New report on the cost of a cyber breach

You may be surprised to hear that the average cost of a data breach is just $3.9 million. That sounds far different than indicated by the alarm bells screaming at you from all sides.

 

, , , ,

The essentials of anti-bribery and anti-corruption compliance programs

Organizations at risk of anti-bribery and anti-corruption (ABAC) violations should implement risk-based ABAC compliance programs.

 

, , , , , , , , , , ,

Finally some good advice on risk for boards

While I still disagree in some areas, I applaud Jim DeLoach for his latest piece for the (US) National Association of Corporate Directors, Revamping Risk in the Digital Age. Please read the entire piece, but here are points I especially like, with my highlights:

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2019

This year on the Inside Internal Controls blog, we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit and business management, among others. The top 10 most-read Inside Internal Controls posts for 2019 include

 

How effective is risk management today?

If you want to know how effective risk management is, you should ask the customer and not the provider.

 

, , , ,

‘Green’ governance: CSA outlines expectations regarding governance disclosure and practices in the cannabis sector

Regulatory and legal risks abound in developing business areas, such as the recently legalized cannabis industry in Canada. One of the key challenges for industry participants that are reporting issuers relates to meeting disclosure obligations.

 

, , , ,

The unfiltered truth necessary for effective corporate governance

Corporate governance and “long-termism” are key buzzwords in our modern fiduciary lexicon. Between Q1 2018 and Q2 2019, governance deficiencies were responsible for the highest number of enforcement occurrences across major financial services regulators, according to research from global professional services firm Navigant.

 

, , , ,

What will 2020 risk & compliance benchmarks look like?

It’s that time of year again when risk and compliance professionals from around the world contribute to an industry-defining resource – the annual Definitive Risk & Compliance Benchmark Report.

 

, , ,

Previous Posts