First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Budgeting and Auditing

New guidance for risk committees

A new publication by the Risk Coalition (a group of organizations in the UK that includes their Institute of Directors, a couple of risk management associations, and the organizations for internal and external auditors) merits our attention. Raising the Bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services Sector has some interesting content. For example, it says:

 

, , , , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Managing risk when the board is over-confident

When we talk about confidence in managing risks, we’re really talking about confidence in the effectiveness of your risk management program — and apparently, we have a systemic disconnect between the board and management about that issue.

 

, , , , , ,

Why does internal audit need to be agile?

You don’t have to go very far to hear an internal audit leader talk about agile. Richard Chambers, President and CEO of the IIA, shared this:

 

, , , , , ,

Top 10 most-read Inside Internal Controls posts for 2019

This year on the Inside Internal Controls blog, we’ve been covering some of the hot topics in internal controls, governance, information technology, not-for-profit and business management, among others. The top 10 most-read Inside Internal Controls posts for 2019 include

 

How effective is risk management today?

If you want to know how effective risk management is, you should ask the customer and not the provider.

 

, , , ,

Did risk management fail?

Every so often, something bad happens to an organization and people say that risk management, perhaps governance, failed.

 

, , , ,

How effective is your internal audit function? Is it world-class?

When I became a CAE, I started by benchmarking against firms that had a great reputation, either for their business practices or internal audit departments. That is still a good idea and I recommend it.

 

, , ,

Allegations and investigations

What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.

 

, , , , , ,

Ways to maintain proper books and records

A recent Tax Court of Canada (“TCC”) decision, Promised Land Ministries v. The Queen[1], serves as a reminder to charities of the importance of maintaining proper books and records.

 

, , , , , , ,

KPMG studies ERM and gets some things right but misses the key point

There’s some good material in KPMG’s Enterprise Risk Management Benchmarking Study, subtitled Evolving to an active, integrated and agile approach amidst change and disruption.

 

, , , , ,

The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

 

, , , , , , , ,

Risk and the lemonade stand: how it matters in the simplest settings

This is a ‘risk management’ challenge. What are the parents’ objectives and how would you go about assessing whether the likelihood of achieving them is acceptable and, if not, what actions to take?

 

, , ,

Do risk appetite statements add value?

Whilst the majority of firms had risk appetite statements that were set by the Board and which were supported by relevant metrics, 50% of respondents noted that their risk appetite statements did not link to the firm’s strategy or to the actual underlying risk the firm faced, and did not provide a forward looking view of risk.

 

, , ,

The core principles for effective internal auditing

The IIA has published a new Practice Guide (PG), Demonstrating the Core Principles for the Professional Practice of Internal Auditing.

 

, , , ,

Previous Posts