mkli's picture

In 2008 the 8th directive of the European Commission will be implemented by the respective national law in most European Countries. This is currently producing a heated discussion and much fear of an European Sarbanes Oxley Environment with all the negatives the SOA brought when implemented in the USA. To put it bluntly this is not the case. The 8th directive is mainly addressing the environment and proceedings of auditing companies. Only very limited regulation addresses the companies in Europe directly.

In article 41 (2nd paragraph) the tasks of the audit committee which every company of public interest is required to have are described: Control of the financial accounting process, Check the effectiveness of the internal control system, eventually of the internal audit system and the risk management system, monitor the annual financial audit. Furthermore the International Accounting Standards (IFRS) are noted as standard for auditing. There are no direct regulations on approaches comparable to section 404 of the Sarbanes Oxley Act defined, the shape of the internal control system is not defined but also not limited. However, out of this tasks those companies will be hard pressed which have no documented internal control system and no documented internal assessment of the same, not speaking about a risk management system. Typically the internal audit processes are much better documented. Positive about this is that an integrated Solution like the ARIS Solution for Governance, Risk & Compliance already today comprises all necessary elements to cope with the needs coming with “EURO-SOX”. Companies that already use such a solution are on the safe side and are able to concentrate on the main tasks at hand: ensure compliance and reduce risks in daily business.

Read More:

Tags: GRC