The “GRC” model is an integrated, holistic approach for an organization-wide process landscape which ensures that the organization behaves ethically and in accordance with its risk appetite as well as any internal and external guidelines.
This is primarily made possible by coordinating strategies, processes, people, and technology, which also increases efficiency and effectiveness.
- Establishing and improving your risk management system
- Risk analysis and documentation of financially relevant business processes
- Implementation of risk controlling and development of an early warning system
An internal control system (ICS) comprises all coordinated methods and measures for controlling and monitoring corporate activities. This makes it an essential part of effective business management.
We are happy to support you in the following projects:
- Initial conception and planning of an internal control system
- Adaptation of the ICS to new internal and external requirements, such as: SOX oder EURO-SOX
- Definition of controls tailored to the specific risk
- Development and expansion of the IT General Controls (ITGCs) according to the COBIT Modell
- Advice on or implementation of IT system scoping using the GAIT Methode
Internal Audit Services and Control Assurance
With our Internal Audit Services, we offer independent advice, statements and recommendations regarding the quality and functionality of internal control systems and other internal audit programs. Whether implemented as a staff position in the company or as a “co-source”, we are happy to support you in achieving your goals.
The purpose of internal auditing is the continuous improvement of business processes and the creation of added value for the organization. Independent of day-to-day business, we objectively review and advise the company and support the management with internal audit mandates in their management and control tasks (management consulting) according to the new three-line model, developed by the IIA.
In order to set up an internal audit in your company, we follow 10 phases, divided into 3 sections (conception, audit execution and reporting). With this plan, the IA work can begin in the first year and the foundation for further years is laid.
Many sectors are experiencing increasing regulatory pressure. The banking and automotive industries have been particularly hard hit for decades. Thanks to our decades of industry experience, we can support you in the following areas:
- Identification of regulatory requirements
- Evaluation of the effectiveness of the prevailing GRC rules and processes
- Advice on the design of the compliance function and, if necessary, support in the design and implementation of specific reporting systems, process requirements and compliance programs, including training approaches.
Identity & User Access Management
Companies with a high number of internal applications are often faced with the problem that the administration and management of all identities, users and authorizations represents a major operational challenge, as almost all objects in IT systems are affected by it.
We ensure that using the latest role concepts, user administration can be simplified, carried out transparently and automatically. In doing so, we also focus on the “segregation of duties” – the separation of critical user authorizations on the process level.