Risk Management

The identification, analysis, assessment, management and monitoring of risks, and in particular of risks that may jeopardize the company's existence, are core tasks of the management. To this end, the organization's overall objectives, strategies and policies for risk management must be defined. In addition to developing the methods for identifying and assessing risks, including the determination of risk-bearing capacity and risk appetite, the responsibilities in relation to risk management need to be defined. Furthermore, allocating resources to avert damage if a risk materializes, communicating internally and externally about the identified risks (in particular reporting in the annual management report) and the creation and maintenance of an appropriate risk culture in the company are important aspects of functioning risk management and should therefore not be underestimated. Appropriate risk management supports the company’s management in identifying risks at an early stage and counteracting them appropriately so that damage to the company can be averted.

Various (international) standards can serve as a basis for designing and also optimizing a risk management system in order to ensure its appropriateness. Risk management and the early risk detection system (especially for stock corporations) are based on the requirements of the German Stock Corporation Act (AktG), the German Act to Strengthen Financial Market Integrity (FISG), the German Control and Transparency Act (KonTraG) and the new version of IDW auditing standard PS 340 from 2020. According to this new version, the topics of risk-bearing capacity and risk aggregation must be considered in detail in risk management.

Your risk management challenges

Our services in the area of risk management systems are particularly relevant for you in the following situations:

• Repeated occurrence of risks with, in some cases, considerable damage that could have been prevented if they had been identified at an early stage

• Outdated structures in risk management

• Capacity bottlenecks in the operational implementation

• Own requirements or consideration of stakeholder requirements resulting in the need to establish a risk management system

• Change of legal form, e.g. to an AG, or of shareholder structure (entry of private equity investors, IPO)

• Rapid company growth, high dynamics and therefore increasing risks

Approaches to the challenges of risk management

Our services in the area of risk management include in particular:

• Design, implementation and optimization of risk management systems or individual components as part of optimization efforts,

• Review of your risk management system with regard to adequacy and effectiveness as well as compliance with regulatory requirements, e.g. to cover the new requirements from FISG or IDW PS 340 (in particular development of a risk-bearing capacity concept and implementation of risk aggregation),

• Structured identification of risks for your company based on proven techniques,

• Operational support in the analysis and evaluation of identified risks with regard to their probability of occurrence and possible extent of damage on the basis of a uniform and systematic methodology and documentation of all processes in connection with risk analysis and assessment,
• Review your risk management system for compliance with ESG requirements, e.g. to map environmental risks and opportunities or TCFD requirements,
• Developing measures to manage or mitigate risks, in particular to reduce the potential extent of damage and the probability of occurrence or to make their consequences manageable, and tracking the effective implementation of the measures,
• Support in the selection and implementation of relevant IT tools.