Guidance for Audit Committees: Risk management goes beyond financial reporting and should focus on business performance

On September 1, 2011, the European Confederation of Director’s Association published a document titled Audit Committee Guidance for European Companies.  This document provides an excellent overview of the roles and responsibilities of the audit committee, a mapping to the expectations of the EU 8^th company law directive, and highlights some country specific requirements related to audit committees.  This report also highlights two important topics that should be embraced by all Boards – regardless of geography:

1. Risk management should focus on performance as well as potential loss events
2. The Audit Committee should focus on all enterprise risks – not just those related to financial reporting

This document dedicates an entire section related to the discussion of monitoring the effectiveness of internal control and risk management systems.  According to the report: “It is important that risk management and control are not seen as a burden on the institution, but rather the means by which opportunities are maximized and potential losses associated with unwanted events are reduced. Risks manifest themselves in a range of ways and the effect of risks crystallising may have a positive as well as negative outcome for the institution.  It is vital that those responsible for the stewardship and management of an institution be aware of the best methods for identifying and subsequently managing such risks”.

The report goes on discuss that the remit of the audit committee goes well beyond that of reviewing financial controls and risks and address those risks and controls related to operational and compliance matters.  According to the report:  “Traditionally, audit committees have been concerned with the oversight of internal financial controls.  However, the Directive is drawn much wider in that it imposes a duty on the audit committee to monitor the effectiveness of internal control and risk management systems in their entirety.  This goes beyond the financial reporting processes and encompasses the system of risk and control associated with other areas such as operational matters and compliance with laws and regulations.”

At a time when many Board Audit Committees and internal audit professionals are evaluating changes to the scope of their charter, this ecoDa document provides some solid guidance and provides a good reference point to drive process improvement discussions.