A risk-based approach to auditing governance processes
Should internal audit departments audit governance processes? Can they effectively assess board operations? Isn’t that the responsibility of the board itself, generally through a governance committee? Are we sufficiently independent, because we report to the audit committee of the board, and do we have the necessary skills?
Norman D. Marks, CPA, CRMA
16 minutes read
June 19, 2024 
Segregate payroll duties … or enable fraud
For every classic payroll fraud, there is a classic internal control to prevent or mitigate the fraud. In the case discussed here, segregation of duties might have prevented the fraud or reduced the likelihood or severity of the fraud.
Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)
Was Silicon Valley Bank a failure of risk management?
I have seen some unfortunate postings on social media and in the news. Self-appointed experts telling us what happened, why, and whose fault it was. There’s a political battle going on as well, with people blaming federal government administrations, regulators, and so on. I’m not going to get into that. But I think it is important for governance, risk, and audit practitioners to understand the situation and its implications.
Norman D. Marks, CPA, CRMA
Operational controls in an environmental management system
Operational controls in an environmental management system (EMS) reduce the risk that the organization will not achieve its environmental objectives. Operational controls are the processes that management implements to provide reasonable assurances that the organization will achieve its environmental objectives.
Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)
Auditing at the speed of risk with an agile, continuous audit plan
Risks and business conditions change all the time, so an annual plan or even one that is updated quarterly won’t lead to auditing what matters today. You audit what used to matter.
Norman D. Marks, CPA, CRMA
Segregation of duties and accounts payable
Segregation of duties strengthens internal controls. Accounts payable or AP is one of the easiest channels for an organization to lose money if internal controls are weak. The AP department’s responsibility to monitor, process, and control payments to creditors is essential to avoiding improper payments. If there is no segregation of duties, internal controls are likely to be weak. If internal controls are weak, the risk of errors and improper payments increases.
Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)
8 essential components of compliance risk management
There are at least 8 essential components of compliance risk management programs. Risk management aims to reduce the likelihood that an organization will not achieve its goals and objectives. Compliance is the obligation to adhere to laws, regulations, contract terms, internal policies, and other requirements. Compliance risk management refers to the organizational procedures, processes and culture that reduce the likelihood of non-compliance.
Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)
Job rotations and vacations as internal controls
Job rotations and vacations continue to be effective internal controls. A September 30, 2020 article in the Scotsman newspaper (the Article) was a recent reminder of this fact. The article explains that embezzlements, which had gone on for more than eight years, began to unravel and were ultimately discovered after the embezzler’s manager announced plans to rotate staff to give them broader experiences.
Apolone Gentles, JD, CPA,CGA, FCCA, Bsc (Hons)
Significant online defamation damages in Canada — are online platforms immune?
If only Canada were to have such clear laws. Here, it is critical for operators of online platforms to understand that this issue remains largely unlegislated and left to the common law; which holds that a person will not be responsible, as a publisher, if the person’s sole participation in the publication of the defamatory material is merely their “innocent” involvement in the purely administrative or mechanical phases of publication.
Occasional Contributors