Business risk analysis – Part II

Business risk analysis – Part II

How a Part-Time CFO Will Conduct Risk Analysis on Your Business

The CFO Centre will provide you with a highly experienced senior CFO with ‘big business experience’ for a fraction of the cost of a full-time CFO.

This means you will have:

  • One of Canada’s leading CFOs, working with you on a part-time basis
  • A local support team of the highest calibre CFOs
  • A national and international collaborative team of the top CFOs sharing best practice (the power of hundreds)
  • Access to our national and international network of clients and partners

With all that support and expertize at your fingertips, you will achieve better results, faster. It means you’ll have more confidence and clarity when it comes to decision-making. After all, you’ll have access to expert help and advice whenever you need it.

In particular, your part-time CFO will work closely with you to take on the burden of designing the roadmap for the business.

Although our review process will reveal areas of weakness you specifically require help with, we take a very proactive approach to finding out where we can best help you. In other words, we don’t expect you to tell us what you need because that way, you are left to do the thinking. We work through a detailed methodology to ensure that no stone is left unturned.

Your part-time CFO will work with you to understand the risk profile of the business and of the shareholders. Too many initiatives launching or running concurrently can be problematic.

By managing the company’s risk profile and the risk profiles of the shareholders the whole business can be brought into alignment and can operate as a unit rather than as a set of individual parts.

When our part-time CFOs look at ‘risk’ in your business, they also work with you to:

  • Identify future risk areas across the business and share that information with key employees.
  • Include significant risk areas in the business plan.
  • Test assumptions to find weaknesses in the business plan.
  • Evaluate alternative scenarios and approaches which may lead to improved outcomes.
  • Consider contingency plans in case things go wrong.
  • Provide forecasts based on risk analysis.
  • Provide your organization with an elevated sense of credibility (with a high calibre CFO as part of the team) your organization will be perceived by funders and other third parties as a much ‘lower risk’.
  • Act as a sounding board to discuss and critique your plans.
  • Liaise with funders when circumstances change.
  • Test the effectiveness of your marketing.
  • Test the effectiveness of your operating procedures.
  • Identify problem areas before they become unmanageable.
  • Correct mistakes quickly before they cost too much.
  • Develop incentive schemes for staff to lower the risk of losing key members of the team. After all, replacing employees is a costly enterprise. The average fee for replacing a departing staff member is £30,614 [$56,000], says Oxford Economics and income protection providers Unum.
  • Coach you and your department heads through the implementation process.
  • Safeguard all intellectual property including patents.
  • Implement hedging strategies where there are financial risks such as currency or interest rate exposure.
  • Improve resourcing to strengthen performance.
  • To re-engineer the business as and when the competitive landscape changes.
  • Improve customer relations where they pose a threat to the business.
  • Use our own experience and the experience of the wider CFO Centre team and expanded contact network to help surround you with the best possible team.
  • Help you achieve your work/life balance objectives (careful planning is key to freeing up your time and energy).
  • Guide you through the business growth stages so you know what to expect and how to deal with changes.
  • Help create a clear roadmap for delegating responsibilities and tasks out to your team to create more time and space for developing the business.
  • Help communicate the business objectives to your family where appropriate (it can often help to have a third party involved who understands the needs and concerns of your family).
  • Devise a reporting structure which acts as an early warning system for problems.
  • Liaise with lawyers to understand possible legislative changes and ensure compliance.
  • Investigate existing insurances and make sure that you are adequately covered if things do not go according to plan.
  • Look into hedging strategies for borrowing abroad for example to fund overseas subsidiaries.
  • Reduce your personal risk by looking into other types of security/funding.


It is never possible in business to eliminate risk or worry, but it is possible to create a framework and implement systems which lower your exposure to risk. That in turn allows you to focus primarily on growing your business.

Knowing that you have a framework in place to mitigate risk means that you can free up time and mental energy.

Lower your risk today!

Let one of The CFO Centre’s part-time CFOs help you with business risk analysis. To book your free one-to-one call with one of our part-time CFOs get in touch on:
tel: 1-800-918-1906
email: [email protected]

Business Risk Analysis

Business Risk Analysis

Business risk analysis is an essential part of the planning process. It reveals all the hidden hazards, which occupy the business owner’s mind on a subconscious level but which have not been carefully considered and documented on a conscious level.

Conducting and regularly reviewing business risk analysis brings huge benefits to a company. In this article, you will see:

  • What are the risks facing your company?
  • How to conduct a business risk analysis
  • How a part-time CFO will conduct a risk analysis on your business

Not understanding the risks your company faces can bring your company to its knees, as a 2011 report, ‘The Road to Ruin’ from Cass Business School revealed. 

Alan Punter, a visiting Professor of Risk Finance at Cass Business School, said the detailed survey of 18 business crises during which enterprises came badly unstuck revealed that in simple terms, directors were often unaware of the risks they faced.¹

This report makes clear that there is a pattern to the apparently disconnected circumstances that cause companies in completely different areas to fail. In simple terms, directors are often too blind to the risks they face.

“Seven of the firms collapsed and three had to be rescued by the state while most of the rest suffered large losses and significant damage to their reputations,” he said.

“About 20 Chief Executives and Chairmen subsequently lost their jobs, and many Non-Executive Directors (NEDs) were removed or resigned in the aftermath of the crises. In almost all cases, the companies and/or board members personally were fined, and executives were given prison sentences in four cases.”

“One of our main goals was to identify whether these failures were random or had elements in common. We studied a wide range of corporate crises, including those suffered by AIG, Arthur Andersen, BP, Cadbury Schweppes, Coca-Cola, EADS Airbus, Enron, Firestone, Independent Insurance, Northern Rock, Railtrack, Shell, and Société Générale.”

“And our conclusion? To quote Paul Hopkin of Airmic, the Risk Management Association that commissioned the research: ‘This report makes clear that there is a pattern to the apparently disconnected circumstances that cause companies in completely different areas to fail. In simple terms, directors are often too blind to the risks they face.’”

A lot of business owners spend an unhealthy amount of their time worrying about what might go wrong but don’t have a formal risk management framework in place.

It is dangerous not knowing what might go wrong:

  • When the money might run out.
  • Whether a new product launch is viable.
  • Whether a competitor has the resource and motivation to drive you out of business.
  • What risks are involved in penetrating a new market.
  • How the market is changing (and how it will react to your future plans/products/services).
  • Whether a recession will change the playing field.

It is also dangerous not knowing your internal risks:

  • What products are delivering the greatest profit?
  • What happens if key members of your team decide to leave?
  • Are you likely to reach market saturation?

What are the risks facing your business?

Business risks can be broken up into the following:

  • Strategic risks – risks that are associated with operating in a particular industry.
  • Compliance risks – risks that are associated with the need to comply with laws and regulations.
  • Financial risks – risks that are associated with the financial structure of your business, the transactions your business makes and the financial systems you already have in place.
  • Operational risks – risks that are associated with your business’ operational and administrative procedures.
  • Market/Environmental risks – external risks that a company has little control over such as major storms or natural disasters, global financial crisis, changes in government legislation or policies.²

The ‘shoot, fire, aim’ approach favoured by many entrepreneurs is great for making things happen quickly but often jeopardizes the long-term stability of the business.

What is needed is a balance.

Once the business understands the risks, it means that it can move forward decisively and confidently. It’s hard to do this when there is a cloud of confusion hanging over the business.

Where to start…

You need to identify potential risks to your business. Once you understand the extent of possible risks, you will be able to develop cost-effective and realistic strategies for dealing with them.

Categories of risk

  • Financial: This category includes cash flow, creditor and debtor management, budgetary requirements, tax obligations, remuneration and other general account management concerns.
  • Organizational: This relates to the internal requirements of a business and issues associated with its effective operation.
  • Equipment: This covers the equipment used for the conduct and operations of the business. It includes equipment maintenance, general operations, depreciation, safety, upgrades, and general operations.
  • Legal & regulatory compliance: This category includes compliance with legal requirements such as legislation, regulations, standards, codes of practice and contractual requirements. It also extends to compliance with additional ‘rules’ such as policies, procedures, or expectations, which may be set by contracts, customers or the social environment.
  • Security: This category includes the security of the business premises, assets and people, and extends to the security of technology, information and intellectual property.
  • Operational: This covers the planning, operational activities, resources (including people) and support required within the operations of a business that result in the successful development and delivery of a product or service.
  • Reputation: This entails the threat to the reputation of the business due to the conduct of the entity as a whole, the viability of product or service, or the conduct of employees or other individuals associated with the business.
  • Service delivery: This relates to the delivery of services, including the quality and appropriateness of service provided, or the manner in which a product is delivered, including customer interaction and after-sales service.
  • Commercial: This category includes the risks associated with market placement, business growth, diversification and commercial success. This relates to the commercial viability of a product or service and extends through establishment to retention and then the growth of a customer base.
  • Project: This includes the management of equipment, finances, resources, technology, timeframes and people associated with the management of projects. It extends to internal operational projects, projects relating to business development, and external projects such as those undertaken for clients.
  • Safety: This category includes the safety of everyone associated with the business. It extends from individual safety to workplace safety, public safety and to the safety and appropriateness of products or services delivered by the business.
  • Stakeholder management: This category relates to the management of stakeholders (both internal and external) and includes identifying, establishing and maintaining an appropriate relationship.
  • Strategic: This includes the planning, scoping and resourcing requirements for the establishment, sustaining and/or growth of the business.
  • Technology: This includes the implementation, management, maintenance and upgrades associated with technology. This extends to recognizing the need for and the cost benefit associated with technology as part of a business development strategy.

Before you begin to identify the types of risks you face, you need to assess your business. Consider your critical business activities, including your staff, key services and resources, and the things that could affect them (for example, illness, natural disaster, power failures, etc.).

In particular, consider:

  • The records and documents you need every day
  • The resources and equipment you need to operate
  • The access you need to your premises
  • The skills and knowledge your staff have that you need to run your business
  • External stakeholders you rely on or who rely on you
  • The legal obligations you are required to meet
  • The impact of ceasing to perform critical business activities
  • How long your business can survive without performing these activities.

Doing this assessment will help you to work out which aspects your business could not operate without.

Identify the risks

Look at your business plan and determine what you could not do without and what type of incidents could have an adverse impact on those areas. Ask yourself whether the risks are internal or external. When, how, why and where are risks likely to occur in your business? Who might be affected or involved if an accident occurs?

Ask ‘What if?’ questions. What if your company’s critical documents were destroyed? What if you lost access to the internet? What if you lost your power supply? What if one of your key staff members resigned? What if your premises were damaged? What if one of your best suppliers went out of business? What if services you rely on, such as communications  or roads, were closed?

Think about what possible future events could affect your business. Consider what would lead to such events happening. What would the outcome likely be? This will help you identify risks that could be external to your business.

Assess your processes

Evaluate your work processes (use inspections, checklists, and flow charts). Identify each step in your processes and think about the associated risks. What would stop each step from happening? How would that affect the rest of the process?

Consider the worst case scenario

By thinking of the worst possible things that could affect your company can help you to deal with smaller risks. Once you’ve identified risks relating to your business, you’ll need to analyze their likelihood and consequences and then come up with options for managing them. You need to separate small risks that may be acceptable from significant risks that must be managed immediately.

Analysing the level of risk

To analyse risks, you need to work out the likelihood of it happening (frequency or probability) and the consequences it would have (the impact) of the risks you have identified. This is the level of risk, and you can calculate it using the following formula: Level of risk = consequence x likelihood

Level of risk is often described as low, medium, high or very high. Assign each risk a likelihood rating from 1 (being very unlikely) up to 4 (being very likely). You can use a rating level higher than 4.

You should also assign each risk a consequence rating from 1 (being low) to 4 (being severe). Again, you can use more than four levels.

Once you’ve assigned each risk a likelihood and a consequence rating, calculate the level of risk. You then need to create a rating table for evaluating the risk (which means making a decision about its severity and ways to manage it).

You need to consider:

  • How important each activity is to your business
  • The amount of control you have over the risk
  • Potential losses to your business
  • The benefits or opportunities presented by the risk

When you’ve identified, analysed analysed and then evaluated your risks, you need to rank them in order of priority. You can then decide how you will treat unacceptable risks. To do that, you will need to consider.

To do that, you will need to consider:

  • The method of treating the risk
  • The people responsible for the treatment
  • The costs involved
  • The benefits of the treatment
  • The likelihood of success
  • The ways to measure the treatment’s success

To do that, you will need to consider:

  • Avoid the risk
  • Reduce the risk
  • Transfer the risk
  • Accept the risk

¹ ‘ The Road to Ruin’, Punter, Alan, Financial Director,, Aug 18, 2011One of our main goals was to identify whether these failures were random or had elements in common.

Establish Internal Controls – Part II

Establish Internal Controls – Part II

How a part-time CFO can create internal controls for you 

The CFO Centre will provide you with a highly experienced senior CFO with ‘big business experience’ for a fraction of the cost of a full-time CFO. This means you will have:

  • One of Canada’s leading CFOs, working with you on a part-time basis
  • A local support team of the highest calibre CFOs
  • A national and international collaborative team of the top CFOs sharing best practice (the power of hundreds)
  • Access to our national and international network of clients and partners

Which financial ratios should you track?

Running head here xxx In particular, your part-time CFO will help you to create the necessary controls framework in your business. He or she will:

  • Explain what ‘internal controls’ are and how they will benefit the business going forward.
  • Share proposals about the delegation of duties and responsibilities to employees.
  • Build a plan which creates more time for you to devote to your strengths.
  • Work closely with you to suggest the most appropriate role/responsibilities for you to take on.
  • Create systems across the business for managing various procedures.
  • Install systems for monthly control accounts.
  • Establish monthly KPIs (Key Performance Indicators).
  • Establish processes for creating monthly management accounts.
  • Review computer systems and software to ensure that they are robust and will allow for growth in line with the plan.
  • Establish a system for expenditure and associated authorization/sign-off.
  • Design systems for investment approval.
  • Design systems for new customer approval.
  • Implement control procedures to ensure customers are paying you correctly and on time.
  • Design systems for meetings, including board meetings.
  • Create reports for customer and product profitability analysis.
  • Create a system for cash flow forecasting and monitoring, including early warning system for peaks and valleys.
  • Establish and review budgeting forecasts.
  • Review government grants and incentives regularly.
  • Design a system for receiving quality advice from third parties regarding tax, Human Resources, IT, and Health and Safety on a regular basis.
  • Review insurances to ensure the best possible coverage to limit risk.
  • Establish Human Resource systems.
  • Design and implement relevant Shareholders Agreement.
  • Design and implement credit control procedures.
  • Translate all figures and data in a way which makes sense to you.
  • Ensure brands and IP are protected.
  • Oversee the installation of new systems.


Putting the right systems in place allows you to see the business from a much clearer vantage point. Decisions to grow the business can be made in the knowledge that the underlying model is scalable and robust.

A part-time CFO from The CFO Centre will work with you to redesign your company’s architecture and give you some space to move in. That will allow you to go from working in a job to managing a stable, healthy business.


Establish internal controls to protect your company now!

Without internal controls, your company is vulnerable. A part-time CFO can help you to create a strong internal control environment. Book your free one-to-one call with one of our part-time CFOs now:
tel. : 514 906-8839
email : [email protected]

Establish Internal Controls

Establish Internal Controls

Internal controls are the procedures and methods used to help companies to achieve their performance and profitability targets and prevent the loss of resources/assets. They are also used to ensure financial reporting is accurate and reliable and that the company is compliant with regulations and laws.

In other words, internal controls can help your company achieve its goals, and limit the internal and external risks and threats you’re likely to encounter.

Every business will feel the pain of not being in control at some point in the growth cycle and, therefore, implementing internal controls in a measured and methodical manner will become essential at some stage.

It’s better to establish internal controls now rather than continuing to operate without them. Not only do they give you more time and freedom but they enable you to manage and control the business rather than allowing the business to control you. In these articles, you will see:


  • The essential elements of an internal control system
  • The benefits of an internal control system
  • The main reasons companies don’t use internal controls
  • How a part-time CFO can create internal controls for you

Many SME owners mistakenly believe that internal controls are the domain of publicly listed companies or government departments but they are just as critical for small to medium sized businesses too. 

Michelle Long, author and financial consultant, says internal controls are necessary for SMEs to reduce the risk of fraud.

“Without any controls or oversight, it is like leaving the door unlocked with the cash register drawer open hoping that no one will steal any money,” she says in a report for Intuit.¹

“Even employees who are honest can be tempted when they see large sums of money right in front of them,” says Long. “This is especially true if the business owner has not implemented any access controls or set up shared control over the company finances.”

“Also, without internal controls, a business owner can never know if their information is complete, accurate, or reliable. Time should be taken to set-up, implement and review a policy of internal controls. Once the policy has been established, management should ensure that the controls are being followed.”

The need to have robust internal controls is highlighted by the case of the Royal Bank of Scotland (RBS), which fell victim to a rogue trader in Hong Kong.

In 2014, the RBS was fined $850,000 by Hong Kong financial regulators after “seriously inadequate” internal systems and controls failed to detect a rogue trader hiding losses totalling tens of millions of dollars.²

The employee was found to have hidden losses of $46 million over a three-year period by regularly cancelling or amending transactions that had been entered into RBS’s internal trading systems.

A subsequent investigation by the Hong Kong Securities and Futures Commission (SFC) found that RBS’ risk management and internal controls within its Emerging Markets Rates business were “deficient and failed to prevent misconduct.”

The losses suffered by RBS are small compared with the staggering $6.8 billion losses announced by French banking group Société Générale (SocGen) in 2008. There too a rogue trader was found to have hidden enormous trading losses. The Paris-based trader used his “in-depth knowledge” of the bank’s fraud control systems to circumvent internal checks.³

This was a lone man who built a concealed enterprise within the company, using the tools of Société Générale, and who had the intelligence to escape all control procedures.Your Balance Sheet shows what your company owes and what it owes at a given time.- DANIEL BOUTON, FORMER SOCGEN CHAIRMAN

SocGen’s Chairman, at the time Daniel Bouton, said: “This was a lone man who built a concealed enterprise within the company, using the tools of Societe Generale, and who had the intelligence to escape all control procedures.”

It’s not enough to create internal controls: they need to be regularly reviewed to ensure they are keeping pace with the company’s growth. Pressure to create, develop and innovate means that old systems can quickly become redundant and need rethinking and rebuilding. This is really one of the biggest headaches a business owner faces. Creating products is easy by comparison.

You have probably experienced a shift from knowing every last detail about the inner workings of your business in the early days to losing a lot of control over the processes which allow the business to operate.

In other words, you have become removed from the day to day operating procedures. This means you probably can’t see what is going on in the way that you would like to or, at least, you can’t see as much as you would like to see. This can manifest itself in different ways. You might not realize that your customers are not paying since you don’t have a system for alerting you to such occurrences or you might have several unproductive employees but have neither the tools to identify these employees nor the time to do anything about it.

Instead, you are frustrated with your staff because you want them to fix the problem (using their own initiative). They, in turn, are frustrated with you for not providing them with clear job descriptions and responsibilities.

It may be that your cash flow is very poor or you are accumulating excess inventory. It may be that you are always turning up for meetings unprepared because the work it would take to uncover the information you need to run a good meeting would just take too long to collect.

You probably initiate a lot of the activity in the business (creating policies, signing CRA documentation, sending off legal forms necessary for compliance) but you may not have the systems set up to manage these various projects going forward. This means that your head is full of concerns which rear their head at the very point at which you have the least time to deal with them. Usually, by then the problem has escalated.

All of this leads to a feeling of being disorganized and overwhelmed. If you were able to delegate the work and feel confident that your business had a stable framework, you would feel much happier about redoubling your growth efforts (a lot of business owners we work with hold themselves back because they instinctively know the business lacks the systems and structure to grow in a manageable way).

The essential elements of an internal control system

There are five key elements in a good internal control system:

  • Separation of duties. Key duties and responsibilities in authorizing, processing, recording, and reviewing transactions and events should be separated among individuals. This not only protects employees but prevents and detects both unintentional and intentional errors. It also encourages better job performance.
  • Authorization. Every transaction must be authorized and carried out by people acting within the scope of their authority. This will help prevent invalid transactions.
  • Documentation. Every transaction (event or activity) must be documented. It helps ensure that assets are properly controlled. It also helps to ensure each transaction is accurate and complete.
  • Supervision. Competent supervision must be provided to ensure the objectives of the internal controls are achieved.
  • Reconciliation. This ensures the accuracy and validity of your records. It also means that discrepancies can be resolved quickly and that unauthorized changes don’t occur.

To be effective, internal controls must be appropriate, must function consistently as planned, and must be cost-effective.

An effective control environment will ensure the following:

  • The effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations
  • Safeguarding of assets.

The benefits of an internal control system

Having an internal control system in your organization will help:

  • Prevent errors and irregularities from occurring. If they do occur, they will be detected quickly.
  • Ensure that errors that do occur are minimized and resolved quickly.
  • Safeguard employees by clearly outlining their responsibilities and roles; by providing checks and balances; and from being accused of errors, irregularities, or fraud.

The main reasons companies don’t use internal controls

The owners don’t realize such controls are necessary

Forensic accounting expert Steve Dawson says placing your faith in people’s honesty leaves you vulnerable to fraud.

“Believing you don’t need internal controls because you don’t have evil people working for you is irrelevant,” he says.⁴

“Evil people don’t represent the majority of fraud instances: desperate people do. Remember that 95 percent of those I have investigated are truly decent people who rationalize their fraud because of a severe financial crisis. They are able to take advantage of the company simply because their position has weak internal controls.”

One of The CFO Centre’s part-time CFO’s recalls how one of her clients was nearly sent to the wall because its CEO had stolen large amounts of money.

“I got involved immediately after they discovered the fraud. In the first 6 months, it was very doubtful whether the business had any future because of all the money which had been stolen. What I was able to do was give the different stakeholders enough confidence to be able to pull together something which secured its long term viability”.

I immediately called the CRA to explain who I was, what I was doing, and what I was going to do. I asked them to give me a few weeks to sort something out, during which I’d provide constant feedback to them.- THE CFO CENTRE’S PART-TIME CFO

“On my first day, we found out that we were under pressure from a large creditor who was planning to force the organization to court because it had a large amount of payables which hadn’t been paid over a long period”.

“I immediately called the CRA to explain who I was, what I was doing, and what I was going to do. I asked them to give me a few weeks to sort something out, during which I’d provide constant feedback to them”.

“The combination of who I was, what I was doing, and how I was going to do it was enough to persuade them to give me some time”.

“The company had another equally large creditor who also wanted to be paid immediately.”

“I put a survival plan together, and luckily there was someone connected to the business who had funds. We persuaded that third party to provide the business with a long-term loan worth several hundred thousand dollars.”

“That allowed us to pay the creditor, to pay the other creditor and to have some money to go forward so we could try to recover the money that had been stolen.”

Lack of time

Creating internal controls does take time. The consequences of not investing energy into creating internal controls, however, are likely to be very damaging to a company.

Philip Ratcliffe, an Internal Audit Consultant, says in a serious case the opportunity cost of the time that management will lose in attending to the consequences of an internal control breakdown can be massive.

“Strategic issues, tactical issues, business development – all these and many more normal concerns of senior management will have to take a back seat until the problem is resolved. Add to this the loss of reputation and of confidence, inside and outside the organization, because news will inevitably leak out however carefully those involved try to prevent it.”⁵

A lower ratio means your company is more financially stable and is probably in a better position to borrow now and in the future.

It’s too difficult

graphic icon - internal business controlCreating internal business controls, which are the systems and frameworks that allow all departments of the business to keep up to speed with changes is plain hard work.

To some extent, this hard work is simply a part of building a fast growing business. That said, a lot of it can also be avoided by understanding business growth cycles and by designing an architecture which means your business is able to grow at a steady pace rather than allowing it periodically to outgrow itself (as you struggle to put out the fires).

Strategic issues, tactical issues, business development – all these and many more normal concerns of senior management will have to take a back seat until the problem is resolved.- PHILIP RATCLIFFE, INTERNAL AUDIT CONSULTANT

¹ ’Internal Controls for Small Businesses to Reduce the Risk of Fraud’, Long, CPA, MBA, Michelle L., Intuit, Intuit Inc., 2009

² ‘RBS reprimanded for systems failures following £25m trading losses: Hong Kong regulator fines bank £450,000’, Finnegan, Matthew, Computerworld UK,, Apr 22, 2014

³ ‘Rogue trader exploits tech knowledge to cost SocGen £3.6bn: Biggest fraud in investment banking history’, Chapman, Siobhan, ComputerWorld UK,, Jan 25 2008

⁴ ‘Internal Control/Anti-Fraud Program Design for the Small Business: A Guide for Companies NOT Subject to the Sarbanes-Oxley Act, Dawson, Steve, (Wiley Corporate F&A), April 13, 2015

⁵ ‘Engaging Senior Management in Internal Control’, Ratcliffe, Philip, QFinance,