We were on the forefront with Sarbanes Oxley and implemented risk management and related internal controls at major corporations like American Express, World Bank, Federal Home Loan Bank of Chicago, Colgate and others.
That expertise was needed by companies who were subject to Japan's Financial Instruments and Exchange Act, a/k/a JSOX. The principles of Risk Management and Internal Controls were similar, the details of each act was different. We implemented risk management and internal controls for a Japan-based international pharmaceutical company.
We were then called on to assist in healthcare, with emphasis on hospitals, to implement Risk-Based Internal Audit to comply with the Office of Inspector General and other regulatory agencies. At one hospital we moved them from Controls-Based Internal Audit to RBIA which resulted in cost savings and increased productivity.
With Controls-Based Internal Audit, controls in place to monitor a process are audited and if issues are found, another control is implemented to fix the errored control. RBIA identifies the RISKS, then determines what controls are necessary to mitigate those risks, accounting for the severity of the risk and the risk tolerance.
In dealing with risk to comply with Sarbanes-Oxley (U.S. “SOX”), Financial Instruments and Exchange Act (Japan “JSOX”), Law 262 (Italy), Loi de Sécurité Financière (France), C-SOX (Canada), Corporate Law Economic Reform Program Act (Australia) or any other similar law in any country, companies would be wise to address their risks with a useful mnemonic – the 4 T’s: Treat, Transfer, Terminate and Tolerate.