Business risk services

We offer our clients a comprehensive service. This Grant Thornton service includes a web-based whistleblower system that meets the requirements of the EU Whistleblower Directive, conforms with data protection and is reasonably priced. On request, we’ll advise whistleblowers in writing, by phone or in person – confidentiality guaranteed. So you can save your resources and take advantage of our legally watertight service, nationally and internationally.

Setting up a supervisory board or advisory board may be laid down by law or be for many different reasons. Shareholders often do not wish to carry out their supervisory duties themselves. They want professional advice and company management to be supervised. Often consulting with experience in the industry or a functioning interface or including a go-between with the shareholders is also desired. With our board services we offer you exactly that.

Using a risk management system (RMS) future developments and events (risks) can be identified and assessed in a systematic way. Hence, a risk management system is an important tool for management (incorporating risks into decision-making) as well as for supervisory boards (particularly for decisions requiring their consent) when assessing risks. With s.107(3) of the German Stock Corporation Act (Aktiengesetz – AktG), which concerns monitoring the effectiveness of risk management systems, the Act on Strengthening the Integrity of the Financial Markets (Gesetz zur Stärkung der Finanzmarktintegrität – FISG), which came into force on 1 July 2021 on specifying the duty of care of the boards of listed companies with regard to setting up suitable and effective risk management systems (s.92(3) of the AktG), the Act on the Stabilising and Restructuring of Businesses (Unternehmensstabilisierungs- und -restrukturierungsgesetz – StaRUG) and the new IDW auditing standard 340 on the auditing of early warning systems for risks (s.92(2) of the AktG: the duty to set up a monitoring system to identify developments jeopardising continued existence), new requirements and challenges to corporate governance systems apply.

Apart from this, executive directors of private companies still have a general duty of care under s.93(1) of the AktG, under which, depending on the board’s assessment of performance, it can also become necessary to set up a risk management system.

We can also provide advice on this in the following areas:

• Planning, implementing and further development of a risk management system and early risk detection system
• Audit/consulting with respect to
  • Early risk detection systems in accordance with IDW PS 340 (revised) (e.g., readiness checks or readiness consultations)
  • Risk management systems in accordance with IDW PS 981 and DIIR Audit Standard no. 2
• Carrying out risk assessments and risk assessment workshops to update the risk portfolio
• Auditing and consultation according to COSO enterprise risk management

Due to the large number of public scandals, the legal regulations concerning compliance have increased significantly in recent years. If compliance management is implemented properly, it can support and promote the development of your business. Suitable and effective compliance management can assist businesses and decision-makers and, in conjunction with the internal control system, is designed particularly to avoid risks by regulating business processes in a rational, efficient and transparent way.

In this respect, we can also provide advice on this in the following areas:

• Planning, implementing and further development of compliance management systems (CMS) and tax CMS
• Audits of compliance management systems according to IDW PS 980
• CMS and tax CMS quick checks
• Compliance audits
• Conducting trainings and workshops

Internal audits fulfil various tasks, e.g,. they help the organisation to reach its goals by identifying internal controls and processes systematically and in terms of risk, and examine them with a view to the protection of assets. They also contribute to adding value, including by improving business processes. And not least, they have the additional use of counting towards management’s exercise of its duties of care and supervision. An internal audit can also be conducted to examine particular issues (e.g., to investigate fraud or to audit projects). Using the standards of the German Institute of Internal Audits (Deutsches Institut für Interne Revision (DIIR) and the Institute of Internal Auditors (IIA) we can take on the function of auditing as a whole, or conduct individual audits, or take on certain sections for auditing together with your teams, nationally or internationally.

In this area we offer the following services:

• Partial or full outsourcing of internal auditing
• Special examinations and investigations
• Set-up and organisation of an internal audit function
• Quality assessments under DIIR Audit Standard no. 3 and IDW PS 983
• IT audits
• Construction audits
• Compliance audits
• Process mining and data analytics

A suitably constructed and effectively functioning internal control system (ICS) is a basic element of functional corporate governance. The internal control system, composed of the control environment, risk assessment, control activities, information and communication, and monitoring, is an important tool for management and other company bodies for carrying out their control and monitoring duties and is the basis for sustainable entrepreneurial success.
Since the Act on Strengthening the Integrity of the Financial Markets (Gesetz zur Stärkung der Finanzmarktintegrität – FISG) came into force on 1 July 2021, having a suitable and effective internal control system is mandatory for stock corporations (s.91(3) of the AktG).

Apart from this, executive directors of private companies still have the general duty of care under s.93(1) of the AktG, under which, depending on the board’s assessment of performance, it can also become necessary to set up an internal control system.

Based on this, we can assist you with the following services:

• Planning, implementing and further development of your internal control system
• Auditing the suitability and effectiveness of your internal control system according to IDW PS 982 or SOX 404.
• Internal control quick checks (system-wide or certain areas)
• Internal control readiness checks based on the requirements of the FISG
• Process mining and data analytics

An effective data protection management system is crucial for every business. Grant Thornton Germany will help you with all your questions on data protection. Whether it’s setting up a data protection management system, auditing an existing system or acting as your data protection officer. Together, we’ll make sure your data is secure.