Risk Management in European and American Corporate Law
54 Pages Posted: 8 May 2009 Last revised: 29 Jun 2009
Date Written: April 2, 2009
In recent years, the emphasis in corporate governance has shifted from board composition, independent directors, separating the position of chairperson and CEO, and establishing board committees to “being in control” and risk management issues. However, the corporate law perspective of internal control and risks management does not match up to the multidisciplinary perspective of these themes. This paper analyses the dichotomy between the US and the EU corporate law approaches to internal control and risk management. Lawmakers from the US, the EU, and the EU member states reacted to the scandals between 2000 and 2003 with provisions requiring public companies to have internal control and risk management systems in order to restore public confidence, but the substance of their responses differed. A regulatory framework is put forward in order to address the steps to be taken in establishing an operational internal control and risk management framework and to address the role of the different parties involved from a corporate law perspective. The above mentioned steps are: (1) initiate and identify, (2) assess and operate, (3) monitor, and (4) report on the systems relating to the companies’ risks and uncertainties, strategy, financial reporting, and operations. The parties legally involved include: (1) senior management, (2) board, (3) audit committee, and (4) auditor. The US and the EU regulatory frameworks indicate not only that their corporate law approaches to internal control and risk management are different, but also that both approaches are incomplete – but not necessarily insufficient – in several areas.
Keywords: risk management, corporate law, internal control, COSO, SOX, corporate governance, EU corporate law
JEL Classification: G32, K22, G30, M42
Suggested Citation: Suggested Citation