Our GRC services
- Detailed knowledge and experience of the regulatory and organizational requirements for your company
- Expertise from numerous consulting projects as well as from the internal company perspective
- Support in setting up the internal audit function (including guidelines, manual, audit plan, communication to the board of directors and supervisory board/audit committee)
- Carrying out numerous internal audits locally and abroad
- Design and implementation of internal control and risk management systems (including SOX/J-SOX)
Compliance management system
Compliance means that a company adheres to the applicable rules and laws. This includes both country specific laws and requirements from the regulatory authorities as well as internal company directives. A structured compliance management system (CMS) can reduce liability claims in the event of possible compliance violations - regardless of the size of the company.
Companies that have set up appropriate compliance structures protect their own material and intangible corporate assets on the one hand and, on the other hand, establish efficient processes for corporate management and risk identification.
Companies that have set up appropriate compliance structures protect their own material and intangible corporate assets on the one hand and, on the other hand, establish efficient processes for corporate management and risk identification.
Our CFGI approach: Implementation of a compliance management system (CMS)
Compliance means adhering to all rules in a company - be it internal guidelines or legal regulations. With the help of the CMS, companies can ensure that both management and employees behave in accordance with the rules.
- Review of existing compliance management culture (including tone from the top, code of conduct, training offers).
- Definition of compliance goals and the organizational structure (responsibilities).
- Compliance risk identification and risk assessment:
- Identification of the essential compliance areas.
- Implementation of Compliance Risk Assessment (CRA) (including risk identification and operationalization, evaluation, derivation of measures, documentation).
- Development of a compliance program based on the CRA with the goals of prevention (e.g. training), detection (e.g. audits) and reaction (e.g. timely investigation of all suspicions).
- Definition of suitable internal/external information channels and documents.
- Possible prevention of compliance violations
- Structured CMS documentation has the effect of acquitting or reducing penalties in the event of possible compliance violations
Internal Audit as a Service
Internal Audit is the independent body responsible for detecting and preventing misconduct and checking commercial and non-commercial business processes and procedures for accuracy and efficiency.
For small and medium-sized companies, Internal Audit can make a significant contribution to avoiding liability and exculpation of the board of directors and supervisory bodies.
For small and medium-sized companies, Internal Audit can make a significant contribution to avoiding liability and exculpation of the board of directors and supervisory bodies.
Our CFGI approach: Internal Audit as a Service
With our co-sourcing services the effectiveness, capacity and scope of the Internal Audit function can be increased and improved. Risks are identified and countermeasures are defined and implemented. Business processes are therefore more effective and efficient.
- We offer the Internal Audit service, regardless of whether a company wants to increase its capacity of the existing Internal Audit function, wants to newly set it up or source it totally externally.
- Potential audits are selected as part of the company's internal audit plan. The audit program is coordinated together with the audit department and possible individual specifications/ requirements are agreed upon and the entity/ business unit/ department to be audited is informed. (If there is no internal audit, coordination will be carried out with the CFO/supervisory bodies).
- Possible audits can be both financial and non-financial businesses processes. The spectrum ranges from classic audits within accounts payable and accounts receivables processes, treasury and payroll as well as audits with respect to procurement, sales, logistics or production.
- As part of the audit, the efficiency and effectiveness of internal controls that have already been implemented are analyzed as well.
- Support Internal Audit function with external capacities
- Identification of existing and potential risks in key company processes
- Defining countermeasures and recommendations for action to manage risks as well as for processes and controls
- Development of process optimization potentials and cost savings
- Further development of existing internal controls and risk management system
Our CFGI approach: Controls & Compliance Audit
Main goal of the Controls & Compliance Audit as part of internal audit co-sourcing is to review compliance with internal and external requirements in the essential corporate processes of subsidiaries as well as to identify risks/compliance violations and to point out potentials for process improvement.
- Coordination of the company/entity to be audited, audit timetable and location and possible addition of further audit focuses.
- Carrying out the audit with the focus on governance, treasury, order-to-cash, procure-to-pay, human resources/payroll.
- Sample analysis of audited processes (including commercial register, bank authorizations, ordering process, customer contracts, labor contracts, etc.).
- Identification of deviations/risks and derivation of findings in all audit areas.
- Development of measures and recommendations for improvement.
- Preparation and presentation of a final presentation in the form of an audit report (finding, risk, measure).
- Identifying potential governance/compliance violations
- Identification of existing and potential risks and process weaknesses in the processes examined
- Definition and implementation of measures and recommendations to enhance processes and controls
- Recommendations to further strengthen governance and compliance as well as internal controls and risk management systems
Risk Management System
Risk management allows companies to identify legal, procedural, and operational risks as well as market development risks at an early stage and to take appropriate actions to control those impending risks.
The transparency gained through the risk management system improves decision-making and increases resilience to specific company challenges.
The transparency gained through the risk management system improves decision-making and increases resilience to specific company challenges.
Our CFGI approach: Implementation of a Risk Management System
Systematic and holistic identification, assessment and aggregation of risks for the operation and success of your company.
- Subject of the planning and system definition phase is a review of all existing information and documents relating to the company's risk management.
- Risk identification, risk assessment and risk aggregation:
- Identification of the main internal and external risks during workshops/interviews (SWOT analysis).
- Derivation of a risk inventory/risk map.
- Risk management: analysis and measures:
- Cause-based qualitative and quantitative risk analysis and identification of risk owners
- Development of risk strategies/measures for top risks (reduce, avoid, transfer, accept)
- Implementation of the risk management concept including training and go-live support.
- Timely identification of risks that can expose operations (e.g. insolvency) and thus initiation of countermeasures
- Implement robust processes and procedures to reduce, avoid, transfer and accept risks
- Building trust in relationships with customers, suppliers, employees and other stakeholders
Internal Control System
Steady increase of legal regulatory requirements as well as demands from management and stakeholders for effective, efficient, agile and secure corporate processes are continually increasing the requirements for internal control framework. The last few years have significantly accelerated digital transformation within companies, such as the rising introduction of automation solutions and the embedding of new technologies into existing processes. This results in new challenges for risk management as well as a consistent digitalization strategy.
Our CFGI approach: Implementation of a Internal Control Framework
The structural and economical implementation of the internal control framework, for release from liability, value creation and quality assurance.
- Building an internal control framework is a dynamic/individual process in which there are no rigid templates that can be applied universally.
- Kick-off for the functionality of an internal control framework is the definition of the control environment. This takes into account all standards, processes and structures as well as responsibilities that are necessary for the introduction and implementation of controls.
- Identification of internal and external risks that can expose the fulfillment of company goals.
- Definition of preventive and detective as well as automatic and manual controls (taking into account both technical (e.g. IT-based) and organizational procedures (e.g. guidelines)).
- Provision of all relevant information for the effective and sustainable implementation of the defined controls.
- Compliance with laws and regulations
- Cost reduction due to efficient controls
- Better understanding of processes and procedures due to improved documentation quality
- Process standardization and streamlining
- Increasing process efficiency by reducing complexity
If you have any questions, please contact our specialists at any time!
Contact us