First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Backup and Disaster Planning

Working from home: Cybersecurity checklist

Cyber attacks were a serious risk even before the COVID-19 pandemic. As many organizations have instituted work-from-home procedures, the risk is elevated. The increase of non-standard communications, the use of new and untested remote working arrangements and a heightened level of stress and anxiety all create new vulnerabilities for threat actors to take advantage of. Incorrectly addressed emails, theft of company devices and a massive increase in remote connections all increase the risk of a successful cyber attack.

 

, , , ,

Impact of digitized environments & modern workplaces on internal investigations

One of the hallmarks of a successful investigation is rooted in the expression “knowing what you don’t know.” An experienced investigator knows a lot about a lot of things – different types of fraud, corruption, theft, misconduct, and the psychology underlying what motivates people to violate the trust that has been placed in them.

 

, , , , , , , ,

Time to wake up to risk reality

For 11 years, the ERM Initiative at North Carolina University has surveyed executives (this year they were again all financial executives) about what they call “the current state of risk oversight processes in organizations of all types and sizes to obtain an understanding of the relative maturity of underlying activities executives and boards use to monitor the rapidly changing risk landscape”.

 

, , , , ,

Considerations for directors during the COVID-19 pandemic

boardroom-meeting

The COVID-19 pandemic has affected, and continues to affect, Canadian businesses in a significant manner. As this situation continues to evolve, directors should remain cognizant of their duties and responsibilities as corporations face a range of challenges, including liquidity issues.

 

, , , , ,

Everybody should be familiar with this

Scenario analysis is a method for creating responses to various future events with the aim of reducing uncertainty and maximizing the chances of achieving a desired outcome.

 

, , , , ,

Cyber insurance in the COVID-19 landscape

Cyber insurance provides protection and coverage for the security and privacy of digital information and losses resulting from data breaches.

 

, , , , ,

Fiscal year ends, business continuity, and COVID-19

At the best of times, fiscal year ends are challenging. Organizations with upcoming or recent fiscal year ends will undoubtedly find them particularly challenging. Organizations with robust policies and procedures will likely fare better than those without. Consequently, it will be helpful to start your year end planning as early as you can.

 

, , , , , , , , , , , , , , , , , , , ,

Risk-based cyber risk reporting

I encourage you to subscribe (free) to McKinsey’s frequent reports. Their latest, Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity has some good observations. Unfortunately, their ideas for addressing the problem don’t work for me.

 

, , ,

COVID-19: key issues every organization should consider

Competition law

The COVID-19 pandemic raises critical and unprecedented issues for all organizations. How an enterprise responds to these challenges will influence how it fares through the crisis and its positioning for recovery afterwards. We believe that the issues below warrant special attention by senior management and directors.

 

, , , , , , , , ,

New ERM Guidance from COSO

Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management is based on COSO’s 2017 update of its 2004 ERM Framework. Their intent is to explain how effective ERM can add value to an organization, and to give some guidance on how to implement or upgrade it.

 

, , ,

COVID-19 Considerations from our bankruptcy & restructuring experts

Because of the speed with which the recent adverse circumstances have developed, businesses that may have otherwise been able to adapt may not have had an opportunity to do any meaningful contingency planning.

 

, , , , , ,

COVID-19 – Managing privacy and cyber issues

Privacy laws require that personal information is at all times protected by appropriate security safeguards, and this requirement will continue to apply in connection with COVID-19 work-from-home arrangements

 

, , , , , ,

COVID-19: Insurance considerations for business disruptions in Canada

One key consideration for businesses when facing potential losses as a result of COVID-19 is the availability of insurance coverage for business interruption and related losses.

 

, , , , , ,

Let’s meet – just not in person: Taking your annual shareholder meeting online (in a coronavirus world)

Increased concerns regarding the spread of the coronavirus are prompting companies to look at alternatives to their in-person annual meeting of shareholders, including holding the meeting partly or even wholly online with streamed audio and/or video content. This could potentially accelerate a recent trend in Canada towards considering alternatives to the traditional in-person shareholder meeting, […]

 

, , , , , ,

Which comes first, risk or control?

Can you assess the overall system of internal controls without considering risk management? I don’t think so, and neither does COSO. That is why there is a risk component in their internal control framework.

 

, , ,

Previous Posts