Thanks to Jim Hamilton for drawing my attention to a recent report on Internal Controls -- A Review of Current Developments by the International Federation of Accountants. Jim blogged about the report here last week.
IFAC's report is available through their website with a free registration. The report recognizes the close linkage between internal controls and corporate governance. Ultimately, corporate directors are charged with managing a company's risks. At the request of the London Stock Exchange, the Institute of Chartered Accountants in England and Wales (ICAEW) issued what is referred to a Turnbull guidance regarding a principles-based system of internal controls. The board of directors must establish policies relative to internal controls, and the company's management must implement those policies.
The IFAC report also notes the international impact of the Sarbanes-Oxley Act on internal controls. SOX requires, for example, audit committees comprised of independent directors, CEO and CFO certifications, codes of conduct, whistle-blower protection and a higher level of board and audit committee involement in internal controls.
The IFAC report also discusses COSO guidance on Enterprise Risk Management (a subject about which I blogged last week here).
Also of interest is the section of the IFAC report on internal controls developments in Hong Kong, South Africa, and The Netherlands (at pages 10-13 of the IFAC report).
The IFAC report concludes that, just as with accounting standards and corporate governance principles, there has been a fair amount of convergence on internal controls issues. Even though the U.S. takes a rules-based rather than a principles-based approach, companies in other countries may end up following the U.S. approach because of registration with the SEC.