Governance, Risk
& Compliance
The integrity of
the organs shapes
the company.
Good corporate governance is the foundation and the 'big umbrella' for all leadership and oversight activities of your company. And this is independent of legal form and size. The integrity of the organs always shapes the company. The executive management and supervisory bodies set the 'tone from the top' regarding GRC. They are responsible for both setting and adhering to high ethical and professional standards and ensuring a comprehensive legal culture within the organization (compliance).
Schon seit Juni 2021 ziehen Finanzinstitute Environmental Social Governance (ESG)-Risiken zur Bewertung bei der Kreditvergabe heran. Unter dem European Green Deal wird immer noch an der Taxonomie-Verordnung geschliffen, die im Januar 2022 in Kraft trat. Auch die CSRD (Corporate Responsibility Reporting Directive) sorgt ab 2024 nicht nur für einheitliche Standards in der Nachhaltigkeitsberichterstattung, sondern auch für eine stark erweiterte Berichts- und Prüfungspflicht. Verantwortungsvolles Handeln, sprich Nachhaltigkeit in Unternehmen, wird somit auch für kleinere Unternehmen ins Rampenlicht gerückt.
Nicht nur den erfahrenen CSR-Fans, sondern auch Unternehmen, die jetzt neu dazukommen und ihr Reporting sowie Management mit Weitsicht an diesen Gesetzen ausrichten wollen, stehen wir mit Überblick und Mittelstandskompetenz zur Seite - wir schaffen Mehrwert für Ihr Unternehmen, Umwelt und Gesellschaft.
Nicht nur den erfahrenen CSR-Fans, sondern auch Unternehmen, die jetzt neu dazukommen und ihr Reporting sowie Management mit Weitsicht an diesen Gesetzen ausrichten wollen, stehen wir mit Überblick und Mittelstandskompetenz zur Seite - wir schaffen Mehrwert für Ihr Unternehmen, Umwelt und Gesellschaft.
GRC- and Sustainability Strategy
Corporate Governance consists of the four core elements: 'Internal Control System,' 'Risk Management System,' 'Compliance Management System,' and 'Internal Audit.' Numerous recent legislative changes, such as FISG, CRSD/EU Taxonomy, have implications for these core elements and their interaction.
Changes in regulations necessitate transparency and governance in presentations in the annual report, ad-hoc notifications, and negotiations with funders. To operate these systems efficiently and add value for stakeholders and shareholders, the design of a Corporate Governance Strategy is of great importance.
Services in detail
- Analysis of relevant GRC regulations for your company and their interaction.
- The interplay of individual GRC elements such as IKS, RMS, and CMS, and their efficient design.
- GRC communication to the capital market, in the annual report, and in ad-hoc notifications.
- Consideration of GRC aspects in financing negotiations with capital providers.
- Integration of the Supervisory Board or Audit Committees into the GRC structures of the company.
- Maturity and benchmark analysis of GRC elements in the company.
- Adequacy and effectiveness assessment according to IDW PS 980, 981, and 982.
- Creation of incentive systems for specialists and executives.
- Training of the Board of Directors and Supervisory Board in GRC matters.
- Strategic policy management.
- Consultation for the establishment of integrated and cross-departmental GRC/Sustainability processes, structures, and their organizational design.
Regulatory Guide
Every company is affected by the regulations surrounding Governance, Risk & Compliance. However, which laws, which regulatory questions, and which compliance issues specifically apply to each company?
With our GRC consulting, we provide guidance amid regulatory complexity. We offer you a tailor-made guide that gives you an overview of the relevant GRC issues for your company today and in the future. We also advise you on how to meet specific regulatory requirements.
With our GRC consulting, we provide guidance amid regulatory complexity. We offer you a tailor-made guide that gives you an overview of the relevant GRC issues for your company today and in the future. We also advise you on how to meet specific regulatory requirements.
Compliance Management
Compliance stands for the conformity of companies with regulations. It is about adhering to internal and external rules, laws, and regulations. A well-documented Compliance Management System (CMS) is exculpatory in case of an incident – and this applies to companies of all sizes. For instance, the EU Whistleblowing Directive already applies to companies with over 49 employees. Other important developments include the Supply Chain Due Diligence Act. Companies that have established appropriate compliance structures protect both their tangible and intangible values.
Don't worry: A Compliance Management System doesn't have to be a huge structure. After all, it is supposed to help you professionally manage and monitor your risks. In building, auditing, and optimizing this CMS, we are here to assist you with our competent Compliance Management Consulting.
Readiness Assessment
Where do you stand with your CMS? We identify your individual compliance risks and explain how you should ideally proceed.
Introduction and Optimization of Your CMS
Together, we develop customized Compliance Management Systems, including the implementation of policies, codes, and communication. Additionally, we integrate the CMS into risk management and other management systems.
Audit / Certification
Does your CMS meet the requirements of, for example, IDW PS 980? We audit existing management systems and processes and prepare you for certification.
In-house Training
How can this topic be sustainably and long-term embedded in your company? We provide training for relevant professionals and executives using practice-tested and didactically mature modules.
Good to know
Due diligence in the supply chain (LkSG and CSDDD)
- The German Supply Chain Due Diligence Act (LkSG) applies from 2023 to companies with 3,000 or more employees, and from 2024 to companies with 1,000 or more employees. It mandates an analysis of the supply chain for human rights and environmental risks, including preventive measures. Companies must annually report to the Federal Office for Economic Affairs and Export Control (BAFA) on their own business operations and immediate suppliers.
Further information on our consulting services regarding the LkSG can be found in the Sustainability Advisory section.
- The Corporate Sustainability Due Diligence Directive (CSDDD), also known as the EU Supply Chain Law, expands the reporting obligations known from the LkSG to all large companies according to the German Commercial Code (HGB). It also requires a risk analysis of the entire upstream and downstream value chain.
Whistleblower Protection Act (HinSchG)
- Since mid-2023, companies with >249 employees must establish reporting channels for whistleblowers. Starting from the end of 2023, this also applies to companies with >49 employees
Risk Management
Handling risks and eliminating uncertainty is one of the core tasks of management. A systematic and holistic risk management approach involves the identification, assessment, and treatment of risks, integrating the gathered information into the company's control processes.
Enhanced transparency improves decision-making within the company, making it more resilient to individual challenges. Due to the clear benefits, lawmakers impose an obligation on the majority of companies to actively engage in crisis early detection, for example, through the StaRUG.
Does your company have the necessary transparency regarding individual risk capacity? Are you utilizing systematic risk analyses and integrating them into your decision-making processes? Are you prepared for potential risks?
We assist you in establishing and auditing risk management systems, conducting simulation-based risk aggregations (Monte Carlo simulation), and linking risk management with controlling and planning. This way, you can meet requirements such as the Business Judgment Rule.
Die geschaffene Transparenz verbessert die Entscheidungsfindung im Unternehmen und macht es dadurch resilienter gegenüber den individuellen Herausforderungen. Aufgrund der klaren Vorteile nimmt der Gesetzgeber den Großteil der Gesellschaften in die Pflicht eine aktive Krisenfrüherkennung zu betreiben.
Besteht in Ihrem Unternehmen die nötige Transparenz über die individuelle Risikotragfähigkeit? Nutzen Sie systematische Risikoanalysen und integrieren diese in Ihre Entscheidungsprozesse? Sind Sie auf eventuell eintretende Risiken vorbereitet?
Wir unterstützen Sie bei der Einrichtung und Prüfung von Risikomanagementsystemen, bei simulationsgestützten Risikoaggregationen (Monte-Carlo-Simulation) und bei der Verknüpfung des Risikomanagements mit Controlling und Planung, Anforderungen wie der Business Judgement Rule gerecht zu werden.
Besteht in Ihrem Unternehmen die nötige Transparenz über die individuelle Risikotragfähigkeit? Nutzen Sie systematische Risikoanalysen und integrieren diese in Ihre Entscheidungsprozesse? Sind Sie auf eventuell eintretende Risiken vorbereitet?
Wir unterstützen Sie bei der Einrichtung und Prüfung von Risikomanagementsystemen, bei simulationsgestützten Risikoaggregationen (Monte-Carlo-Simulation) und bei der Verknüpfung des Risikomanagements mit Controlling und Planung, Anforderungen wie der Business Judgement Rule gerecht zu werden.
Readiness Assessment
We identify your individual risks and clearly present how you should ideally proceed.
Implementation and Optimization of Your RMS
Together, we develop tailor-made risk management systems and assist you in selecting suitable software. We also help integrate risk management with controlling, planning, and other management systems.
Audit / Certification
Does your risk management system meet the requirements of standards such as IDW PS 981 or IDW PS 340? We support you in the audit and certification process.
In-house Training
How can this topic be sustainably and long-term embedded in your company? We provide training to relevant professionals and executives using proven and didactically sophisticated modules.
Good to know
StaRUG
- Applies to all limited liability companies, regardless of their size, since January 1, 2021.
- Obliges companies to establish an early warning and crisis management system (i.e., risk management system).
IDW PS 340
- Audit standard for the examination of early risk detection systems and determination of risk-bearing capacity
- In its new version, it provides for risk aggregation, which in practice can only be implemented using simulation software.
Internal Control Systems
The increasing flood of regulations and heightened expectations from management and stakeholders for effective, efficient, and secure business processes significantly raise the demands on Internal Control Systems (ICS). Especially digitized corporate processes impose new requirements on internal controls.
Simultaneously, Covid-19 has markedly accelerated the digital transformation in companies. This includes the integration of new technologies and the growing adoption of automation solutions in processes. This leads to new challenges in risk management and a consistent digitalization strategy. The legal and business implementation of ICS is, therefore, a central management challenge to ensure liability mitigation, quality assurance, and resource-efficient value creation.
Special competencies and tools are required to strike the right balance regarding budget, flexibility, and the demanded technical and digital solutions. We assist you in establishing, optimizing, auditing, and outsourcing Internal Control Systems.
Special competencies and tools are required to strike the right balance regarding budget, flexibility, and the demanded technical and digital solutions. We assist you in establishing, optimizing, auditing, and outsourcing Internal Control Systems.
Readiness Assessment
We identify your individual process risks and clearly present which process controls are appropriate for you. The basis for this is the maturity model.
Implementation and Optimization of your IKS
We develop and enhance tailored, appropriate, and efficient control systems. Additionally, we manage your Internal Control System from monitoring through handling to reporting to the company's governing bodies (Outsourcing of Internal Control Systems).
Audit / Certification
We offer conceptual, adequacy, and effectiveness audits according to IDW PS 982.
In-house Training
How can this topic be anchored sustainably and in the long term in your company? We train the relevant specialists and executives using proven and didactically sophisticated modules.
Good to know
Financial Market Integrity Act (FISG)
The FISG obliges the boards of directors of publicly traded stock corporations (via § 91 Para. 3 AktG) to "[...] establish an adequate and effective IKS and RMS with regard to the scope of business activities and the risk situation of the company.“
Information Security and IT Audit
Due to the close integration of all business areas with IT and the rapid development in the field of Industry 4.0 through the networking of customers and suppliers, there is a high vulnerability to external attacks on your company as well as system failures. Setting up Information Security Management Systems (ISMS) and conducting IT audits are intended to uncover and eliminate vulnerabilities before information loss or attacks occur.
We support you in the establishment, examination, and revision of your Information Security Management System as well as in the Internal Audit of your IT. We adhere to common standards such as IDW PS 330, ISO 27001, and BSI Basic Protection.
Readiness Assessment
We identify the necessary steps for the implementation of an ISMS according to ISO 27001, BSI Basic Protection for critical infrastructures (KRITIS), and non-KRITIS relevant areas.
Audit
of ISMS according to IDW PS 330.
IT Audit
Covering IT security, data protection, and potential for digitization.
Good to know
ISO 27001
- Certifiable international standard for Information Security Management Systems
BSI Basic Protection
- Protective measures for information technology developed by the Federal Office for Information Security (BSI)
KRITIS
- Critical infrastructures requiring special protection according to the BSI Act, such as energy providers or hospitals
Internal Audit
The Internal Audit serves as an independent entity for the detection and prevention of misconduct and for the examination of business processes for accuracy and efficiency. Therefore, Internal Audit primarily aims to uncover improvement potentials. Additionally, Internal Audit plays a crucial role in liability avoidance and exoneration of the management board and supervisory bodies for SMEs.
We support you either through co-sourcing/partnering or by outsourcing the entire audit function of your company. Our specialists in Internal Audit provide comprehensive business, technical, and IT expertise. The interdisciplinary collaboration of our auditors, engineers, IT specialists, Certified Internal Auditors (CIA), Certified Information Systems Auditors (CISA), Certified Compliance Experts (CCE), and tax consultants allows for an intensive and neutral assessment of your organization and the audited areas, ensuring an efficient audit process. We emphasize data analytics in the audit preparation phase to identify audit priorities and adhere to standards such as IDW PS 982.
Examples of topics covered
- Audit of the risk management system, internal control system, and other corporate governance systems according to IDW PS 981, 982, 983
- Special audits, including forensic focus areas
- Compliance and economic efficiency audits of individual transactions and business processes
- Assistance in establishing an in-house internal audit
- In-house training
Tax Compliance
According to § 153 AEAO, a Tax Compliance Management System (Tax-CMS) serves as a exoneration indicator for the organs of the company as well as its shareholders in case of tax evasion and tax fraud. This can also fulfill the Minimum Safeguard Requirements of the EU Taxonomy. We assist you in the implementation and audit.
Readiness Assessment
Where do you stand with your Tax Compliance Management System (Tax-CMS)? We identify your individual tax risks and explain how you should ideally proceed.
Implementation and Optimization of Your Tax-CMS
Together, we develop tailored Tax Compliance Management Systems, including the implementation of guidelines, codes, and communication. Additionally, we integrate the Tax-CMS into risk management and other management systems.
Audit / Certification
Does your Tax-CMS meet the requirements of IDW PS 980, for example? We audit existing management systems and processes and prepare you for certification.
In-house Training
How can this topic be anchored sustainably and long-term in your company? We train the relevant specialists and executives using proven and didactically sophisticated modules.