Maybe so much of the Sarbanes Oxley legistlation has been to simply bring US filers up to par with governance and risk management practices that have been maturing around the globe.
Standard and Poor’s, one of the leading credit rating agencies for capital markets, has begun their analysis of incorporating enterprise risk management (ERM) practices into credit rating – in Australian and New Zealand companies (with one of the longest lived bodies of risk management practice, dating back to 1995).
Though the comment period is now closed, the S&P; ERM Criteria as issued for comment in November 2007 (period closed Feb 1, 2008).
editor note: I could not find conclusions on the comments on the S&P; website, originally scheduled to be published around March 1, 2008. Please share if you happen upon it.