|Organisations must develop a comprehensive system of oversight that knits together corporate governance, risk and control if they are to meet their strategic objectives, says the European Confederation of Institutes of Internal Auditing (ECIIA) in a report approved by the Board on May 21, 2012.|
Under the 8th European Company Law Directive, audit committees are responsible for making sure internal control and risk management systems are effective. But too many businesses still do not know whether they have the right controls in place to manage risk, or even whether those controls are effective, says the document.
The guidance – Corporate Governance Insight: Reinforcing audit committee oversight over global assurance and internal audit – provides advice to businesses on how to strengthen the Board and Audit Committee’s oversight role and avoid duplication of control functions and the poor communication of risk.
“Oversight is best placed to answer the Board’s strategic and operational challenges when they are based on solid foundations,” says ECIIA president Carolyn Dittmeier. “That entails every organisation adopting a single, well-defined framework for their risk management and internal control systems – such as the one offered by the Enterprise Risk Management model.”
She said that too many organisations had focused their efforts on a narrow range of risk areas – such as legal or financial risks – following the changing needs of regulators in the wake of the financial crisis. But she warned that this approach could place disproportionate emphasis on the allocation of resources in these areas, at the expense of achieving a truly global corporate governance system.