guidance on implementing European company law requirements on
risk management, internal control and internal audit can help
reduce further regulatory attention, according to the
Federation of European Risk Management Associations (FERMA)
and European Confederation of Institutes of Internal Auditing
organisations joined forces to produce a best practice guide
for senior managers on the EU 8th Company Law Directive, which
is published today. This follows Part 1 of the Implementation
Guidance on the 8th Company Law Directive for boards and audit
committees, released by FERMA and ECIIA in September 2011.
Both parts are available free from the FERMA and ECIIA
there was no advice published for senior managers and
executive committees on practical approaches to supporting the
board and audit committees in meeting their responsibilities
under article 41-2b of the Directive: "Monitoring the
effectiveness of internal control, internal audit and risk
Dittmeier, President of ECIIA, commented: "Today, it is
crucial for organisations to think clearly about their
internal assurance processes to avoid being subject to
additional external regulation. The 8th EU Company Law
Directive coupled with our papers gives organisations the
necessary guidance to enable them to move forward with a
governance framework that provides a risk-aware culture to
maximise the opportunities of success."
Luzzi, President of FERMA, said: "Good governance depends on
managers being conscious that good control reinforces
management systems. With this Part 2 of the Guidance, ECIIA
and FERMA aim to provide senior executives with practical
guidance to be adapted to the culture, activities and
organisation of their companies."
publication offers guidance drawn from the real-life
experience of members of FERMA and ECIIA. It takes senior
executives through a series of questions that show how they
can support the board in managing risks, and making best use
of internal control and assurance from internal audit.
purpose of FERMA and ECIIA in producing Part 2 of the Guidance
is not to deliver definitive answers, but to suggest
approaches that senior executives can adapt for their
Among the general questions the
Guidance prompts the executive committee to ask
risk management and control processes in line with the
company's objectives and in accord with the policies in
- Is the
independence of risk management, internal control and
internal audit guaranteed so that the executive committee is
informed of major risks and control activities?
- Is the
executive committee informed of the major risks of the
organisation at each level?
- Do risk
management, internal control and internal audit share
information on a regular basis and take it into account to
identify major risks and key critical processes and to
mitigate major risks?
sets of questions specifically cover risk management, internal
control and internal audit.