Home/Advisory & IT/Governance, Risk & Compliance (GRC) and Forensic Services/Risk Management System

Risk Management System

An effective risk management system identifies risks early, assesses them reliably, and manages them consistently. We support you with readiness assessments, reviews of appropriateness and effectiveness, and with structures that connect strategy, culture, and processes. This creates transparency for clear decisions and robust corporate governance.
Steffen Freytag
Partner
Auditor, Certified Tax Advisor
T +49 911 9193 2220
Send Inquiry
Volker Hofmann
Associate Partner
Auditor for Internal Audit Systems (DIIR)
T +49 6196 76114 537
Send Inquiry
Benedikt Link
Associate Partner
Certified Internal Auditor (CIA)
T +49 89 928780 503
Send Inquiry

Identify, assess, and effectively manage risks

Transparency regarding key risk and opportunity areas is the foundation for secure corporate governance. We review appropriateness and effectiveness, integrate StaRUG requirements into planning and reporting, and develop a risk strategy that fits your company’s reality.

Our services include the establishment and further development of risk management systems, as well as operational management as an external risk manager if required. They range from risk inventory, risk classification, and analyses of risk-bearing capacity to the derivation of concrete control actions. We closely integrate risk management with planning, governance, ICS, and compliance, ensuring scalable, resilient structures that strengthen your company’s resilience.

Our services

Readiness assessment

Structured risk management begins with a clear assessment of the current situation. We analyze existing structures, processes, and control instruments and show how well your company is prepared for modern risk management requirements.

  • RMS Structure Analysis
  • Benchmark against Best Practices
  • Identification of Governance and Control Gaps
  • Prioritized Recommendations for Action

Review of the appropriateness & effectiveness of the risk management system

We review your risk management system. In doing so, we assess whether actions for identification, assessment, aggregation, and reporting are appropriate, have been implemented across all parts of the company, and were effective during the review period. The review is based on standards IDW PS 981 and IDW S 16 or DIIR Standard No. 2.

  • Appropriateness Review
  • Analysis of Risk Processes and Controls
  • Effectiveness Tests & Reviews
  • Preparation for External Audits

Section 1 StaRUG readiness & integration into the corporate planning process

§ 1 StaRUG requires a robust early crisis detection and crisis management system. It needs reliable and early risk identification. We design your early risk detection to be StaRUG-compliant and effectively embed it in corporate planning.

  • StaRUG Gap Analysis
  • Integration of Early Warning Indicators
  • Linking Risk and Corporate Planning
  • Documentation of Early Risk Detection

Set-up, further development & optimization of the risk management system

An effective opportunity and risk management system creates transparency regarding risks and opportunities and enables informed decisions. We develop viable RMS structures or optimize existing systems in line with regulatory requirements and proven frameworks such as COSO ERM 2017 and ISO 31000.

  • RMS Structure Design
  • Definition of Roles and Responsibilities
  • Risk Management Processes & Reporting Structure
  • Integration into Governance and Compliance Systems

Implementation of a holistic risk strategy and culture

Risk management is effective when it is strategically anchored and lived within the company. We develop an effective risk strategy with you, aligned with corporate goals, and sustainably embed it in structures, processes, and decision-making routines.

  • Risk Strategy & Risk Policy
  • Definition of Risk Appetite and Risk Tolerances
  • Integration into Management Decisions
  • Communication and Awareness Concepts

Risk inventory & risk classification, as well as risk-bearing capacity analyses

The basis of effective risk management is a complete and transparent recording of currently relevant risks. We support companies in the systematic identification, classification, and assessment of their risk landscape.

  • Risk Inventory and Update of the Risk Repository
  • Risk Analysis and Assessment and Scenario Analyses
  • Assessment Methodology & Risk Matrix
  • Risk-Bearing Capacity Analysis for Financial and Non-Financial Risks

Analysis of key risk drivers & derivation of management actions

Not all risks are equally critical. We analyze your company’s central risk drivers and derive targeted actions to manage and sustainably reduce significant risks.

  • Identification of Central Risk Drivers
  • Scenario and Sensitivity Analyses
  • Derivation of Control Actions
  • Integration into Management Reporting

External risk manager

Not every company has its own resources for professional risk management. We take on selected risk management functions and support the ongoing management of the RMS.

  • External Risk Manager Function
  • Ongoing Support for the RMS
  • Moderation of Risk Inventories
  • Regular Risk Reporting

“Resilience doesn't happen by chance. An effective risk management system ensures that companies know, assess, and actively manage risks – instead of being caught off guard by them.”

Steffen Freytag
Partner