New FERMA-ECIIA collaboration offers senior executives crucial support on risk management responsibilities

Published on 2017-09-5

FERMA and the European Confederation Institutes of Internal Auditing (ECIIA) have joined forces to provide practical advice for senior managers on how to help their companies meet risk management, internal control and internal audit responsibilities under European law.

The fruit of this collaboration is Part 2 of the Implementation Guidance on the 8th Company Law Directive * for Senior Managers and Executive Committees, which was launched on 14 December in Brussels. It is now available free to download.

This is the second part of the Guidance on the 8th Company Law Directive produced by FERMA and ECIIA. Part 1 for boards and audit committees was published in September 2010 (free to download here). Both cover article 41-2b of the Directive: “Monitoring the effectiveness of internal control, internal audit and risk management systems.”

At the time, FERMA and ECIIA stated that boards and audit committees would need the support of their senior executives to fulfil their responsibilities under the Directive, but that there was no practical implementation guide for management. Part 2 of the Guidance now fills this gap.

FERMA has presented copies of the Guidance to members of the European Commission, and plans to have further discussions with the Commission on its use and wider diffusion.

Jorge Luzzi, President of FERMA, said: “Our collaboration with ECIIA allows us to take advantage of the experience of risk managers and internal auditors to produce practical guidance that senior managers can adapt to the culture, activities and organisation of their companies. Good governance depends on managers being conscious that good control reinforces management systems.”

One of the authors of the Guidance, former FERMA President Marie Gemma Dequae explained: “It may be that today not all companies are already fully aware of the contents of art.41 2.b and how to apply it. The focus of both documents is to give more information on how to improve internal processes and reporting processes to audit committees and boards, so that corporations are able to comply with the monitoring function explained in the article.”

In an environment where the Commission is not generally happy with the way corporate governance is performing in Europe, such compliance can help reduce further unwanted regulatory attention, according to Carolyn Dittmeier, President of ECIIA. She said: “Today, it is crucial for organisations to think clearly about their internal assurance processes to avoid being subject to additional external regulation.”

She added: “The 8th EU Company Law Directive coupled with our papers gives organisations the necessary guidance to enable them to move forward with a governance framework that provides a risk aware culture to maximise the opportunities of success.”

The Guidance is not intended to deliver definitive answers but offers best practice lessons drawn from the real-life experience of members of FERMA and ECIIA. It takes managers through a series of questions that show how they can support the board in managing risks, and making best use of internal control and assurance from internal audit.

Sample questions:

Among the general questions the Guidance prompts the executive committee ask are:

Are risk management and control processes in line with the company’s objectives and in accord with the policies in place?
Is the independence of risk management, internal control and internal audit guaranteed so that the executive committee is informed of major risks and control activities?
Is the executive committee informed of the major risks of the organisation at each level?

Other sets of questions specifically cover internal control and internal audit.