Advice for boards and audit on monitoring the effectiveness of risk management

Businesses should not be afraid of the 8th European Company Law Directive, say two European associations who understand it thoroughly. The systems of control and risk management that it mandates will not act as a brake on entrepreneurial activity but underpin it, if they are effectively embedded in an organisation.

This is the message today for boards and audit committees from the Federation of European Risk Management Associations (FERMA) and European Confederation of Institutes of Internal Auditing (ECIIA), as they launch their joint Guidance on the 8th EU Directive for boards and audit committees. (Available in full from the FERMA and ECIIA websites).

FERMA and ECIIA have produced the Guidance because they believe that board members, especially those who sit on the audit committee, will find it useful to have practical and focused advice from practitioners on their duties under art. 41 of the Directive.

This article requires the audit committee to “monitor the effectiveness of the company’s internal control, internal audit where applicable, and risk management systems...”

As FERMA and ECIIA explain, this seems a rather simple statement, but “what to monitor” and “how to monitor” are considerably more complex. Guidance for boards and audit committees sheds light on the “what” and “how”.

The Guidance

Gives an overview on the role and responsibilities for effective risk management and control assurance for the board/audit committee, CEO and senior management, operational management and monitoring and assurance functions;

Clarifies the recommended interaction between internal control, risk management and internal audit;

Suggests good practices for board and audit committee oversight as regards the risk management processes, internal control system and internal auditing function.

Peter den Dekker, President of FERMA, said: “A good risk management system is like management systems on a racing car - they help it to go faster, further and more safely.

“What’s new with the 8th EU Company Law Directive is that there is a clear responsibility given to boards of directors and to their audit committees. Senior management is expected to be involved in risk management and risk taking. Directors have to give direction depending on the risk appetite of shareholders.”

Claude Cargou, President of ECIIA, commented: “The duty assigned to the board and its audit committee by Art 41 of the 8th Directive translates the expectations of capital markets for transparent and reliable information on significant current and evolving risks and on the way these risks are managed.

“Internal auditing provides objective and independent assurance on the effectiveness of organisation-wide risk and control systems. As such, it becomes one of the cornerstones of good organisational governance, supporting boards and audit committees to effectively assume their fiduciary responsibilities towards the company’s stakeholders and the public.”

Paul Taylor, FERMA board member and one of the authors of the Guidance, said: “The Guidance is practical, focussed and user friendly.”