Audit
Audit of implementation and compliance with your risk management framework and elaboration of recommendations.
Companies have - especially in a regulated environment - already documented risk management frameworks. However these rules are only effective, in case they are implemented operationally and lived sufficiently. This includes i.a. the risk management organization, the risk strategy, risk identification and gathering, risk analysis and assessment, risk controlling and monitoring, and risk reporting and communication. Therefore a target/actual comparison is indispensable.
Often an independent external audit is explicitly requested. Sometimes scope and complexity of audits exceed the company's internal capacity.
Depending on your needs, we offer:
-
Audit of implementation
Verify that your risk management framework is adequately implemented in your organizational and operational structure? This includes for example: Are responsibilities clearly defined and documentations appropriate, correct and understandable? Are all parties involved in risk management trained sufficiently in order to perform their duties?
-
Audit of compliance
Verify that your risk management framework is lived sufficiently in all involved areas. This includes for example: Are defined guidelines adequately communicated and complied with? Is the framework applied in all parts and on all hierarchical levels of the organization? Are risks identified completely and assessed adequately? Are mitigating measures implemented for all material risks?
-
Elaboration of recommendations
Following an audit of implementation and compliance with your risk management framework, areas for improvement and concrete independent recommendations for action are presented. This will help you to further improve your risk management framework and to prioritize measures and resources.