Practical guidance on implementing European company law requirements on risk management, internal control and internal audit can help reduce further regulatory attention, according to the Federation of European Risk Management Associations (FERMA) and European Confederation of Institutes of Internal Auditing (ECIIA).


ECIIA - European Confederation of Institutes of Internal AuditingFERMA - Federation of European Risk Management Associations

The two organisations joined forces to produce a best practice guide for senior managers on the EU 8th Company Law Directive, which is published today. This follows Part 1 of the Implementation Guidance on the 8th Company Law Directive for boards and audit committees, released by FERMA and ECIIA in September 2011. Both parts are available free from the FERMA and ECIIA websites.

Previously, there was no advice published for senior managers and executive committees on practical approaches to supporting the board and audit committees in meeting their responsibilities under article 41-2b of the Directive: “Monitoring the effectiveness of internal control, internal audit and risk management systems.”

Carolyn Dittmeier, President of ECIIA, commented: “Today, it is crucial for organisations to think clearly about their internal assurance processes to avoid being subject to additional external regulation. The 8th EU Company Law Directive coupled with our papers gives organisations the necessary guidance to enable them to move forward with a governance framework that provides a risk-aware culture to maximise the opportunities of success.”

Jorge Luzzi, President of FERMA, said: “Good governance depends on managers being conscious that good control reinforces management systems. With this Part 2 of the Guidance, ECIIA and FERMA aim to provide senior executives with practical guidance to be adapted to the culture, activities and organisation of their companies.”

The publication offers guidance drawn from the real-life experience of members of FERMA and ECIIA. It takes senior executives through a series of questions that show how they can support the board in managing risks, and making best use of internal control and assurance from internal audit.

The purpose of FERMA and ECIIA in producing Part 2 of the Guidance is not to deliver definitive answers, but to suggest approaches that senior executives can adapt for their companies.

Sample questions:

Among the general questions the Guidance prompts the executive committee to ask are:

  • Are risk management and control processes in line with the company’s objectives and in accord with the policies in place?
  • Is the independence of risk management, internal control and internal audit guaranteed so that the executive committee is informed of major risks and control activities?
  • Is the executive committee informed of the major risks of the organisation at each level?
  • Do risk management, internal control and internal audit share information on a regular basis and take it into account to identify major risks and key critical processes and to mitigate major risks?

Other sets of questions specifically cover risk management, internal control and internal audit.

Notes to journalists

The 8th European Company Law Directive is 2006/43/EC and specifically deals with statutory audits of annual accounts and consolidated accounts.

Press contacts:

Lee Coppack:, +44 (0)208 318 0330
Florence Bindelle:, +32 (0)2 761 94 31

Carolyn Dittmeier:, +39 377 1 666 333

Download Download ECIIA – FERMA Guidance – Part 1 & Part 2