de en
Nexia Ebner Stolz

Auditing

Risk Management

Anyone who wants to be a success in the market has to face major challenges. Market trends in our society are short-lived, and legal requirements are constantly evolving. So companies are exposed to continuous change – especially from international rivals, new laws and regulations, and steadily intensifying competition. Violations of the law, no matter how unintentional, pose economic risks and the threat of penalties. They can cause significant financial losses, and most importantly, can seriously damage a company’s reputation. So a company has to respond quickly and flexibly to changes in its environment if it wants to stay in the game. It’s important to take advantage of emerging opportunities and minimize risk.

Chal­len­ges like these sim­ply can’t be over­come wit­hout effec­tive, effi­ci­ent cor­po­rate mana­ge­ment and an adapta­ble cor­po­rate orga­niza­tion. A risk mana­ge­ment sys­tem that inclu­des inter­nal moni­to­ring, effec­tive con­trol­ling for sub­si­dia­ries, and a far-sigh­ted early war­ning capa­bi­lity is essen­tial. It not only makes sure that you stay wit­hin the law, but also helps safe­guard the future and build the com­pany’s las­ting value.
Any ent­re­p­re­neur knows risk is ine­vi­ta­ble, and that its effects are hard to pre­dict. Here a sys­te­matic pro­cess helps recog­nize and assess risks promptly. We can help you intro­duce this kind of risk mana­ge­ment sys­tem at every stage, whe­ther in con­cep­tion, in gui­ding the pro­ject, or in the skills and con­tent nee­ded to put the sys­tem into ope­ra­tion. You also bene­fit from our years of expe­ri­ence with many dif­fe­rent sizes of com­pa­nies from a wide range of indu­s­tries when it comes to choo­sing a com­pu­te­ri­zed risk mana­ge­ment sys­tem.

We’ll be happy to assess the risk mana­ge­ment sys­tem already in place to see how it might be refi­ned furt­her. We pay spe­cial atten­tion to whe­ther the sys­tem com­p­le­tely covers your com­pany’s risk situa­tion, and whe­ther the early war­ning mecha­nisms are wor­ka­ble in practice.

Ebner Stolz’s expe­ri­en­ced prac­ti­tio­ners offer you a skil­led team of advi­sors in every dis­ci­p­line, who always have cur­rent deve­lop­ments on their radar and never lose sight of mee­ting com­p­li­ance requi­re­ments as part of a highly practi­cal risk mana­ge­ment sys­tem.

Our ser­vices at a glance

Imp­le­men­ta­tion of Risk Mana­ge­ment Sys­tems

Implementation of Risk Management Systems

  1. Risk Stra­tegy For­mu­la­tion
    We will help you deter­mine how high your com­pany’s risk-bea­ring capa­city is. In this connec­tion, there are spe­cial cor­po­rate struc­tu­ring chal­len­ges that we will help you meet. We will work with you to deve­lop gene­ral prin­ci­p­les for hand­ling risks depen­ding on your com­pany’s risk appe­tite.

  2. Risk Iden­ti­fi­ca­tion
    We will work clo­sely with your Risk Mana­ger to con­duct a risk inventory. Our broad expe­ri­ence in wor­king with other com­pa­nies helps us ask the right ques­ti­ons. Alter­na­ti­vely we can design a risk inventory for you which you can then con­duct your­self. Natu­rally we can also recom­mend the best soft­ware for this task.

  3. Risk Ana­ly­sis
    We will ana­lyze the risks and relate them to one ano­ther. Many risks can­cel each other out, while others inten­sify each other. The risks must also be eva­lua­ted from the per­spec­tive of a group of com­pa­nies, since risks at the level of sub­si­dia­ries have a dif­fe­rent rele­vance for the group as a whole than for the sub­si­diary its­elf.

  4. Risk Assess­ment
    We will work with your Risk Mana­ger to assess the risks, using soft­ware such as Excel, so that we can pro­vide you with a custo­mi­zed Excel tool. The assess­ment will be car­ried out on the basis of a risk matrix that we have defi­ned with you in advance.

  5. Risk Mana­ge­ment
    If you wish to go beyond a mere early-war­ning sys­tem, we can use state-of-the-art mea­su­res to manage risks. To do so, we must deter­mine how to test the effec­tive­ness of these mea­su­res. As we pro­vide our con­sul­ting ser­vices, we often dis­co­ver risks for which there are not yet any risk mana­ge­ment mea­su­res or the ones in place are insuf­fi­ci­ent. We will deve­lop new risk mana­ge­ment mea­su­res and can work with you to deve­lop a plan for imp­le­men­ting them. The bypro­duct of many con­sul­ting pro­jects is a bet­ter per­mea­tion of your pro­ces­ses, thus impro­ving them and making them more secure.

  6. Com­pa­ri­son with the Para­me­ters of your Risk Stra­tegy
    We recom­mend regu­larly com­pa­ring your risk mana­ge­ment sys­tem and the defi­ned para­me­ters with the actual con­di­ti­ons (is the sys­tem being car­ried out?) and the com­pany’s goals/stra­te­gies, which may have chan­ged (is it still the right sys­tem for us?). Chan­ges in mar­ket demands can require chan­ges in risk repor­ting, as new fields of risk must be defi­ned, or your risk inven­to­ries may be con­duc­ted too often (or not often enough) and have to be adjus­ted.

We can pro­vide you with a tho­rough, easy-to-under­stand docu­men­ta­tion of the ent­ire pro­cess. This will usually take the form of a hand­book. Thanks to our modu­les and expe­ri­ence from nume­rous pro­jects we can use a num­ber of com­pon­ents to ensure that the pro­cess is as lean and effi­ci­ent as pos­si­ble.

Quick-Check Risk Mana­ge­ment

Would you like to know right away whe­ther your cur­rent sys­tem is up to date? Whe­ther your sys­tem meets the requi­re­ments of the IDW PS PS 981 stan­dard? Or whe­ther there are indi­vi­dual aspects of your sys­tem that can be impro­ved?
It will take one of our expe­ri­en­ced spe­cia­lists at most a half day to eva­luate your sys­tem (depen­ding on its com­ple­xity) and pro­vide you with con­c­rete sug­ges­ti­ons for impro­ving it. You can then imp­le­ment these sug­ges­ti­ons your­self. Natu­rally we can also assist you, if you so desire.

Eva­lua­tion of an Exis­ting Risk Mana­ge­ment Sys­tem

Our ser­vices range from eva­lua­ting com­p­li­ance with the basic stan­dards, to audi­ting of sys­tems when such audits are requi­red (such as for lis­ted com­pa­nies) or con­duc­ting vol­un­tary audits (such as at the requ­est of a super­vi­sory board or using the ques­ti­on­naire under the Law on Basic Bud­ge­tary Rules). We will agree with you on the scope of the assign­ment.

In practice, risk mana­ge­ment sys­tems are often tes­ted by Inter­nal Audit. In smal­ler com­pa­nies, and even at mid-sized ones, there is often no pro­vi­sion for a sys­te­matic review. And at those com­pa­nies, it is a good idea to per­form such a review from time to time. This allows you to make sure that your cur­rent sys­tem is not merely a paper tiger and that the pro­ce­du­res you came up with are actually being imp­le­men­ted.

In connec­tion with our audit, we will obviously not just point out weak­nes­ses but will also sug­gest pos­si­ble solu­ti­ons. You will bene­fit from our wide range of expe­ri­ence, our inter­di­s­ci­p­li­nary approach and our know­ledge of how to imp­le­ment such sys­tems.

Expan­ding into a Full-Fled­ged Com­p­li­ance Mana­ge­ment Sys­tem

Perhaps you have a risk mana­ge­ment sys­tem and are won­de­ring whe­ther it could be the basis for a com­p­li­ance mana­ge­ment sys­tem or whe­ther you would have to start over when you tackle com­p­li­ance?

We can help you figure that out. We will ana­lyze your cur­rent sys­tem, dis­cuss your ideal com­p­li­ance mana­ge­ment sys­tem with you and show you how to get there. If you so desire, we can get your risk mana­ge­ment sys­tem into shape so that it will be ready to handle com­p­li­ance risks in the future.

Spe­cial Issue: Risk Mana­ge­ment for Finan­cial Ser­vices Pro­vi­ders

Finan­cial insti­tu­ti­ons and finan­cial ser­vices pro­vi­ders are sub­ject to spe­cial risk mana­ge­ment requi­re­ments.

We offer up-to-date infor­ma­tion on the BaFin’s mini­mum risk mana­ge­ment requi­re­ments.
We will also be glad to assist with issues invol­ving your risk mana­ge­ment sys­tem. This inclu­des audi­ting your risk mana­ge­ment pro­ces­ses and sho­wing you whe­ther your sys­tem meets the BaFin’s requi­re­ments. At the same time, we will iden­tify any weak­nes­ses in your sys­tem. Our sug­ges­ti­ons for impro­ve­ment will help you enhance the qua­lity of your risks mana­ge­ment sys­tem. If you use IT app­li­ca­ti­ons, we can also eva­luate your inter­faces. This will ensure that your data can be used pro­perly for risk mana­ge­ment pur­po­ses.


back to top