Risk management at the legal level is essential for guarding against bankruptcy or a company failing. Here is an explanation.
Over the last decades, the sudden collapse of large companies such as Swissair contributed to the strengthening of risk management at the legal level. In Switzerland, this led to the amendment of the law on debt collection and bankruptcy adopted by the two Chambers in 2013 (chronology on the parliament’s website). There is no shortage of examples in other countries, such as the Sarbanes-Oxley Act in force since 2002 in the United States or the German Law on Control and Transparency in corporate governance (KonTraG).
According to Swiss law, companies that are subject to ordinary audits must:
- provide information in their annual report on the performance of a risk assessment (Art. 961c CO)
- show that there is an internal control system for the internal audit body, which must draw up a written report on this issue, among others, which is to be submitted to the general meeting (Art. 728a and 728b CO)
Who has to do what?
Sole proprietorships and general and limited partnerships are not legally obliged to draw up an annual report or to provide information on risk assessments. However, all other companies must draw up an annual report with the required information if they exceed two of the three following thresholds in two successive fiscal years (Art. 727 CO):
- CHF 20 million
- Revenue: CHF 40 million
- Number of employees: 250
There is, however, an exception: if the company exceeds the limits specified above but is part of a group that uses the consolidated accounting method in accordance with a recognized reporting standard, and if a qualified minority does not require this information, the company shall not be obliged to provide information on the risk assessment (Art. 961d CO).