the following well presented commentary was taken from the RiskMinds 2009 Risk Managers’ Survey.

….It is a truism to say that the better the internal checks and balances in risk management, compliance, internal audit and non-executive oversight (what might be called “the internal regulatory system”), the less additional supervision and enforcement is required by the regulators themselves to ensure the stability of firms.

The problem has been that regulators’ supervision of these crucial internal control functions has not been intensive enough or consistent enough. If internal risk managers saw the crisis coming, then regulators should also have become aware of this in the course of their supervisory activities.

To support and ensure the significant strengthening of the internal checks and balances, regulators should focus a substantial amount of their supervisory attention on the effectiveness of the internal oversight and assurance functions (i.e. the internal control functions of risk, compliance and internal audit.)

However, to achieve this, policymakers and regulators must also now develop a more detailed approach to assessing and supervising risk management, compliance and internal audit, and work closely with such functions to radically increase their effectiveness.

In conjunction with the industry, regulators need to develop clearer standards of what truly excellent and effective risk management and governance ‘look like’. What is required is a much clearer benchmark of best practice: a platform on which firms can base their own policy setting, oversight and assurance programmes, and regulators their supervisory activity.

RiskMinds 2009 Risk Managers’ Survey

http://www.moorecarter.co.uk/RiskMinds%202009%20Risk%20Managers’%20Survey%20Report.19March2010.pdf