Compliance Management System (CMS)

The requirements for a compliance management system vary greatly depending on the type, industry, size, legal form, risk suitability and internationality of the company. Therefore, a tailor-made setup of the CMS is required. However, there are also basic elements that should be considered regularly when a compliance management system is to be implemented in a company:

• Compliance goals such as the identification and monitoring of the relevant legal norms
• Risk analysis (identification and assessment of obligations and risks)
• Risk measures
• Organization/Compliance Officer (organizational structure and processes)
• Communication (reporting, whistleblower system)
• Documentation (code of conduct/guidelines/job descriptions)
• Monitoring (responsibilities/processes/sanctions)

We advise you on the conception and implementation of an effective compliance management system. We focus specifically on the particularities of your company – in particular on legal and statutory regulations, for example IT security, money laundering prevention, antitrust and competition law, tax law (Tax CMS), etc. In doing so, we work in an interdisciplinary manner with colleagues from other specialist areas (IT auditors, lawyers).

In addition, we audit compliance management systems in accordance with the requirements of IDW PS 980, which includes the principles for auditing the appropriateness and effectiveness of a compliance management system. We also involve colleagues from other specialist areas (IT auditors, lawyers) in such audits in order to identify weaknesses and be able to make recommendations for improvements.