First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT, Privacy and Security

Allegations and investigations

What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.

 

, , , , , ,

Compliance with the Quebec language requirements for display of trademarks to be ‎mandatory on November 24, 2019‎

This information bulletin addresses the language requirements pertaining to display, in a language other than French, of trademarks on real estate in Quebec.

 

, , ,

KPMG studies ERM and gets some things right but misses the key point

There’s some good material in KPMG’s Enterprise Risk Management Benchmarking Study, subtitled Evolving to an active, integrated and agile approach amidst change and disruption.

 

, , , , ,

The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

 

, , , , , , , ,

Do risk appetite statements add value?

Whilst the majority of firms had risk appetite statements that were set by the Board and which were supported by relevant metrics, 50% of respondents noted that their risk appetite statements did not link to the firm’s strategy or to the actual underlying risk the firm faced, and did not provide a forward looking view of risk.

 

, , ,

We need to preserve and protect whistleblowing in this time of challenge

Now more than ever, compliance officers, executive teams and boards of directors must think more about how to support an internal reporter, even at the “mechanical” level of protecting their identity.

 

, , , , ,

Failure to [Coin]Launch – Caution for crypto-asset consultants, advisers and service providers

CoinLaunch carried on business as a cryptoasset consultant, offering marketing and promotional services to prospective token issuers.

 

, , ,

Legal considerations in tech lending

With a booking tech industry in Canada, growing technology companies need capital and, as a result, there has been growth in financing tech enterprises.

 

, , , , , ,

Cyber and the board

There’s an interesting article in the Harvard Law School Forum on Corporate Governance and Financial Regulation. What the Capital One Hack Means for Boards of Directors has some interesting insights that merit the attention of risk, cyber, audit, and governance practitioners.

 

, , , , , , , , ,

A CIO talks business sense about cyber security and the CISO

Every so often, I see an interesting piece on Forbes.com. This time it is How To Talk To the Board About Cybersecurity. A CIO shares his experience working with boards and advice on that challenge for CISOs. Here are some useful comments (with my highlights):

 

, , , , ,

FATF issues guidance on virtual assets

FATF issues guidance on virtual assets

 

, , , , ,

5 practical principles for policy & procedure management

Many failures in business today could be addressed or even prevented with better policy management. Data breaches, workplace accidents, employee misconduct, third-party incidents, customer complaints, and more are often traced to policies that were absent, ineffective, or out of sight, out of mind.

 

, , , ,

A proactive approach to cyber risk management

It is not sufficient to say that cyber risk is high, medium, or low. The leaders of the organization need to be able to figure out what is the right level of resources to allocate to cyber defense and response; what is the right level of attention at board and executive committee level; and what should be communicated to shareholders and others.

 

, ,

Final amending regulations issued under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act

anti-money laundering

On July 10, 2019, final amending regulations were issued amending each of the existing regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

 

, , , , , ,

How to assess the effectiveness of risk management

Internal auditors are expected, according to the IIA Standards and some governance codes, to assess the effectiveness of risk management.

 

, , ,

Previous Posts