Internal Controls

Today more than ever, an efficient internal control system (ICS) is a central component of effective and responsible corporate management. It supports the monitoring and control of business processes, ensures compliance with regulatory requirements and strengthens the trust of stakeholders. In an increasingly dynamic and complex environment, a holistically effective ICS is indispensable.

When the Act to Strengthen Financial Market Integrity (FISG) comes into force in 2021, listed stock corporations will be obliged to establish an appropriate and effective ICS and a risk management system (RMS). The German Corporate Governance Code (GCGC) specified these requirements in 2022 with recommendation A.5: The Management Board must now also report on the appropriateness and effectiveness of the ICS.

The general due diligence obligations pursuant to Section 43 of the German Limited Liability Companies Act (GmbHG) also result in relevant requirements for non-capital market-oriented companies. In addition, the expectations of investors, customers and business partners are constantly increasing. An efficient ICS is increasingly becoming a quality feature and strategic success factor.

Originally focussed on safeguarding financial reporting, the scope of the ICS is increasingly expanding. Compliance requirements and new ESG regulations, such as the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS), are increasingly focussing on non-financial risks. An integrated non-financial ICS (nIKS) forms the basis for reliable ESG data and a robust governance structure. It complements the traditional ICS and increases transparency towards the capital market and the public.

Rising cost pressure and increasing regulatory requirements call for greater efficiency in internal control functions. Technologies such as artificial intelligence (AI), continuous control monitoring (CCM), robotic process automation (RPA) and real-time databases enable automated controls and improve risk detection.

The digital transformation creates the basis for a future-proof ICS. Within the ICS control loop - for example in control self-assessment - customised tools and alternative delivery models (e.g. outsourcing) support the achievement of objectives with optimised use of resources. At the same time, efficiency initiatives offer the opportunity to interlink governance functions more closely, harmonise processes and deploy resources in a targeted manner. This makes the ICS an integral part of a modern, resilient organisation.