First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

risk management

Board oversight during the COVID-19 pandemic: A checklist for directors

The global COVID-19 pandemic and its rapid evolution has placed enormous pressure on organizations as they seek to adapt to the situation and communicate their response. It is crucial that boards and management collaborate to find the best way forward for the organization.

 

, , , , , , ,

Time to wake up to risk reality

For 11 years, the ERM Initiative at North Carolina University has surveyed executives (this year they were again all financial executives) about what they call “the current state of risk oversight processes in organizations of all types and sizes to obtain an understanding of the relative maturity of underlying activities executives and boards use to monitor the rapidly changing risk landscape”.

 

, , , , ,

Everybody should be familiar with this

Scenario analysis is a method for creating responses to various future events with the aim of reducing uncertainty and maximizing the chances of achieving a desired outcome.

 

, , , , ,

COVID-19 – FSRA provides some regulatory relief

Ontario’s provincial pension plan regulator, the Financial Services Regulatory Authority of Ontario, recently published a communication detailing its response to the COVID-19 pandemic.

 

, , , ,

COVID-19: key issues every organization should consider

Competition law

The COVID-19 pandemic raises critical and unprecedented issues for all organizations. How an enterprise responds to these challenges will influence how it fares through the crisis and its positioning for recovery afterwards. We believe that the issues below warrant special attention by senior management and directors.

 

, , , , , , , , ,

New ERM Guidance from COSO

Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management is based on COSO’s 2017 update of its 2004 ERM Framework. Their intent is to explain how effective ERM can add value to an organization, and to give some guidance on how to implement or upgrade it.

 

, , ,

COVID-19 Considerations from our bankruptcy & restructuring experts

Because of the speed with which the recent adverse circumstances have developed, businesses that may have otherwise been able to adapt may not have had an opportunity to do any meaningful contingency planning.

 

, , , , , ,

Which comes first, risk or control?

Can you assess the overall system of internal controls without considering risk management? I don’t think so, and neither does COSO. That is why there is a risk component in their internal control framework.

 

, , ,

A new code sets back the status and practice of internal auditing

he Chartered Institute of Internal Auditors (the UK affiliate of the global Institute of Internal Auditors) is usually a thought leader, promoting and explaining best and leading internal auditing practices. For example, they have done excellent work on [enterprise] risk-based auditing.

 

, , ,

Entering the era of operational resilience

Operational resilience is the ability of a business to tolerate shocks and maintain normal operations. Those shocks can be all sorts of things — IT failures, natural disasters, terrorism, cyberattacks — but they’re typically sudden shocks, happening within hours or even minutes, that threaten your company’s ability to provide whatever it is you provide to customers.

 

, , , ,

Risk and consequences

I like to think that effective risk management helps the managers of an organization, at all levels, make the informed and intelligent decisions necessary for success – reliably achieving enterprise objectives considering all the things that might happen, both positive and negative.

 

, , , ,

New guidance for risk committees

A new publication by the Risk Coalition (a group of organizations in the UK that includes their Institute of Directors, a couple of risk management associations, and the organizations for internal and external auditors) merits our attention. Raising the Bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services Sector has some interesting content. For example, it says:

 

, , , , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Managing risk when the board is over-confident

When we talk about confidence in managing risks, we’re really talking about confidence in the effectiveness of your risk management program — and apparently, we have a systemic disconnect between the board and management about that issue.

 

, , , , , ,

Finally some good advice on risk for boards

While I still disagree in some areas, I applaud Jim DeLoach for his latest piece for the (US) National Association of Corporate Directors, Revamping Risk in the Digital Age. Please read the entire piece, but here are points I especially like, with my highlights:

 

, , , , , ,

Previous Posts