First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Budgeting and Auditing

How effective is your internal audit function? Is it world-class?

When I became a CAE, I started by benchmarking against firms that had a great reputation, either for their business practices or internal audit departments. That is still a good idea and I recommend it.

 

, , ,

Allegations and investigations

What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.

 

, , , , , ,

Ways to maintain proper books and records

A recent Tax Court of Canada (“TCC”) decision, Promised Land Ministries v. The Queen[1], serves as a reminder to charities of the importance of maintaining proper books and records.

 

, , , , , , ,

KPMG studies ERM and gets some things right but misses the key point

There’s some good material in KPMG’s Enterprise Risk Management Benchmarking Study, subtitled Evolving to an active, integrated and agile approach amidst change and disruption.

 

, , , , ,

The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

 

, , , , , , , ,

Risk and the lemonade stand: how it matters in the simplest settings

This is a ‘risk management’ challenge. What are the parents’ objectives and how would you go about assessing whether the likelihood of achieving them is acceptable and, if not, what actions to take?

 

, , ,

Do risk appetite statements add value?

Whilst the majority of firms had risk appetite statements that were set by the Board and which were supported by relevant metrics, 50% of respondents noted that their risk appetite statements did not link to the firm’s strategy or to the actual underlying risk the firm faced, and did not provide a forward looking view of risk.

 

, , ,

The core principles for effective internal auditing

The IIA has published a new Practice Guide (PG), Demonstrating the Core Principles for the Professional Practice of Internal Auditing.

 

, , , ,

FSRA targets efficient and streamlined regulation for Ontario credit unions, insurers, pension plans, and mortgage brokers

As previously reported, the Ontario government is moving ahead to support financial regulatory reform including by establishing the Financial Services Regulatory Authority (FSRA), the new Ontario provincial regulator for provincially regulated insurers, credit unions, loan and trust corporations, pension plans, mortgage brokers and certain auto insurance service providers.

 

, , , , ,

An ERM horror story

Does it make sense to aggregate risk levels for a variety of risk sources, including cyber, compliance, credit, liquidity, competitor, and internal control over financial reporting?

 

, , , ,

The five essential elements of internal controls within accounting teams

Accounting departments need to implement the five essential elements of internal controls within their teams. Like it or not, organizations hold their accounting departments to higher standards when it comes to internal controls.

 

, , , , , , ,

Cyber and the board

There’s an interesting article in the Harvard Law School Forum on Corporate Governance and Financial Regulation. What the Capital One Hack Means for Boards of Directors has some interesting insights that merit the attention of risk, cyber, audit, and governance practitioners.

 

, , , , , , , , ,

How to assess the effectiveness of risk management

Internal auditors are expected, according to the IIA Standards and some governance codes, to assess the effectiveness of risk management.

 

, , ,

The next generation of internal auditing

I want to congratulate Workiva and Jose Tabuena for Internal Audit’s Guide to Planning, Managing and Addressing Risks. I want to focus on the first piece in that publication, Planning to Do the Right Audits: An Effective Internal Audit Risk Assessment. Here are some excerpts, with comments by me:

 

, , , , ,

Revenue cycle risks and controls: Essential questions you should ask about your company’s sales and receivables

The importance of finance and accounting controls goes far beyond complying with legal requirements. In fact, revenue cycle controls are perhaps the most important component of an organization’s overall internal control framework! Not only are revenue cycle controls an organization’s strongest defense against fraud and loss, they help ensure that decisions are made based on […]

 

Previous Posts