The European Confederation of Institutes of Internal Auditing (ECIIA) and its member institutes appreciate the work carried out by the Federation des Experts Comptables Europeens (FEE). In particular, ECIIA support FEE'S efforts to provide guidance to companies and regulators while minimising bureaucratic burdens on them.

Risk Management and Internal Control in the EU - FEE Discussion Paper

The detailed response to the questions included in FEE's discussion paper is provided in the attached document. However, ECIIA would like to draw attention to three key points:

1. We urge FEE to restate its paper in terms that are unambiguously those of frameworks encompassing risk management and internal control, not just internal control. The possible frameworks are the COSO Enterprise Risk Management - Integrated Framework, the Australia-New Zealand Risk Management Standard and the Risk Management Standard adopted by the Federation of European Risk Management Associations.

2. We believe a great deal of work remains before the European business community has a set of high level principles and criteria it can use to establish, maintain and report on risk management and internal control processes.

3. We believe that the provision of assurance, firstly by management and then by other assurance providers, is an important part of sound risk management and internal control processes. External or statutory audit is a key assurance provider. However, a professional internal audit activity is also a key and can provide those charged with governance with objective assurance on the risk management framework and on the management of risks as well as with continuous assistance in setting up and improving such frameworks.

Full document > download