Risk Management and Internal Controls

Risk Management is a fundamental part of any modern governance structures. Understanding risks allows organizations to set their risk tolerance levels and implement required internal controls to mitigate these risks and help ensure the organization can meet its strategic objectives.

Samson has significant experience providing audit and advisory services related to risk management and internal controls at the strategic, project, and operational levels in areas such as finance, and IT.

In dealing with various types and sizes of Recipient organizations for your Transfer Payments, you want to ensure that you can limit or manage the financial risks related to your projects or programs. We can help by offering:

  • Financial viability or risk assessments of existing or potential recipients and provide recommendations to address risk identified.
  • Financial capacity assessments of Recipients undertaking a new project.
  • Financial management and control reviews/assessments of recipient organizations.


Mark Dillon, Partner | 819.208.4077 | Email

ERM, also referred to as integrated risk management (IRM), is a process undertaken by an organization to mitigate financial, strategic, operational, and other risks that could have an adverse effect on an organization.

Board members, senior management and leaders in government organizations have a responsibility to be involved in overseeing the management of risks for their organization and to ensure that a robust risk management infrastructure is established and functioning well. Organizations don’t exist to manage risks. They exist to achieve their strategic objectives.

It is sometimes said that “it is difficult to prove the value of risk management activities”. However, it is like buying insurance – you don’t need it until you need it!  Strong risk management programs assist organizations in either avoiding risks and their associated financial, operational or reputational exposures, or in being adequately prepared for the risks they will incur.

There have been many spectacular corporate failures over the years (ex. Enron, Bre-X, Lehman Brothers, Nortel) and these organizations didn’t plan to fail! It is likely that they either did not identify, understand or manage the risks that eventually destroyed their organizations or they were taking risks beyond their organization’s risk appetite.

ERM/IRM Support – How We Can Help You

Our team members have significant experience in designing, implementing and managing robust risk management governance and operating structures. We can work with you in the following areas:

  • Designing and implementing a robust risk management model that is appropriate for the size and complexity of your organization
  • Developing and managing a risk appetite framework
  • Implementing a strong governance structure for your risk management activities, including both Board and Management level ERM policies
  • Measuring and managing Risk Culture
  • A risk management maturity assessment
  • Performing risk workshops to assist with risk identification and assessment processes
  • Strengthening reporting to ensure attention is focussed on the most significant risks that may affect successful achievement of the organization’s strategic objectives


Alain Rocan, Partner | 613.298.1506 | Email

Internal control is designed to assist organizations in achieving their objectives. Monitoring of controls is an ongoing process to periodically assess and sustain the management of internal controls over time in support of continuous improvement.

In the past ten years, Samson has supported its clients to review their significant financial processes and controls, carry out assessments of the effectiveness of their internal controls in place for key business processes, and conducting on-going monitoring for all three areas:

  • Entity-Level Controls
  • IT General Controls
  • Business Processes Controls (including application controls)

The approach proposed by Samson is based on the COSO framework and considers key policy instruments issued by the Treasury Board Secretariat (TBS) for Federal Government Departments and Agencies.


Mathieu Farley, Partner | 613.447.0814 | Email
Daniel Charron, Partner | 613.884.2794 | Email

In most organizations, strategic risks are driven from a top-down approach as part of the corporate risk profile process, and cyber/IT is pretty much always identified as a strategic risk.  On the other hand, the IT team may be conducting detailed technical risk assessments that is often difficult to reconcile with the top down perspectives.

We have developed cyber risk management frameworks that provides the foundation to bridge the top down strategic risk view with the bottom up technical view through the establishment of a cyber risk management framework that aligns available cyber risk information available.


Alain Rocan, Partner | 613.298.1506 | Email

Risk workshops are an excellent way to gather risk and control information in a controlled, yet free-flowing session.

We have experience leading dozens of risk workshops with:

  • senior leaders to discuss risks at a strategic level
  • project teams to discuss project risks
  • management teams to discuss operational risks

We use anonymous risk voting technology that allows perspectives to be voiced in a controlled matter, and gather quantitative and qualitative risk information through a repeatable process.


Alain Rocan, Partner | 613.298.1506 | Email

Privacy policy

By agreeing to share certain navigation information with us, you are helping us to improve and offer you an optimal browsing experience. Thank you for your support! Privacy policy

Activate the categories you want to share, thanks for your help! Privacy policy

  • Google Tag Manager
  • Google Analytics
  • None for the moment
  • Google Analytics