Risk Assessment

Written by Marion Willems on . Posted in Blog

Risk Assessment

A risk assessment or a risk analysis has to identify companywide the actual and potential relevant risks. A risk assessment is an absolute precondition for combating against white-collar crime and other financial risks, which could face a company.

The risk assessments stands always at the beginning of the implementation of a holistic corporate compliance management. In this regard both legal risks  (such as liability risks f.i.) and business risks (such as business process risks, product risks or risks in the internal control system f.i.) have to be identified.

All relevant risks have to be determined companywide in the relevant regions, legal entities and business units.  At the end of a risk assessment a company-specific risk map has to be generated. The risk map shows in a transparent manner the relevant risks in relation to their risk level (high, middle, low). If the risks are disclosed adequate measures (f.i. prevention, detection, reaction) against these risks can be defined and implemented.

Internal Control System

Written by Marion Willems on . Posted in Blog

A company that is committed to good corporate governance is characterized by a properly empowered company management, a solid internal control environment, a high degree of transparency and shareholders’ rights which are well defined and protected. A properly functioning and effective internal control system (ICS) is capable of identifying the main risks within a company, implementing checks on the individual processes and business units and monitoring the remedies introduced by the management for known weaknesses and reporting back on them. MCW Consulting supports you in the introduction, analysis and monitoring of the effectiveness of internal control systems.

Counterparty Risk

Written by Marion Willems on . Posted in Blog

When it comes to counterparty risks it is important to ascertain the economic situation of a business partner as a whole, assess it and classify it, so that default risks on the part of a customer, supplier or third-party business partner (e.g. a joint-venture partner ) can be identified timely.
In crisis situations in particular, when dealing with new customers, for example, companies need to take a long hard look before they enter into a business relationship. Properly effective counterparty compliance checks include, amongst other things, risk identification of the business partners within the framework of a know-your-customer check (Company details, managing directors, head office location, extracts from the Commercial Register, etc.). It is not unknown that falsified Commercial Register extracts are presented, or fictitious companies used for dubious business transactions, or corporate structures cloaked in obscurity. In the context of an integrity check, business partners need to be controlled with regard to the corruption perception index, if they originate from high-risk countries, the anti-corruption measures which they implement themselves and their seriousness and reputation, including in respect of environmental protection and corporate responsibility.

Governance, Risk, and Compliance Management

Written by Marion Willems on . Posted in Blog

The term ‘integrated GRC management’ is generally defined as an integrated approach to the development and operation of the required structures and processes to cover the three functions of Governance, Risk and Compliance Management.  GRC management is a comprehensive instrument of corporate control. In the past, companies frequently developed separate, independent risk and compliance management systems resulting in what were described as silo functions or island solutions for the individual management functions and which were put into effect with a variety of different methods. This resulted in duplication, unclear segregation of responsibility, and a loss of general overview at the operating company and at group level. An integrated GRC Management monitors, analyzes, manages, and reports comprehensively across all business activities (legal entities, divisions and processes ) impacting risks and criminal offences.
With integrated GRC Management the situation cannot arise in which, for example, an increased address deficiency risk is notified by Risk Management but at the same time, for the same customer it is determined by Compliance Management that the customer is misaccounting for V.A.T. and/or is suspected of money-laundering because he is listed on a ‘restricted list’. With integrated GRC Management, this information all comes together. In the course of a business partner analysis in Risk Management, a counterparty compliance check will also be carried out simultaneously with regard to anti-money-laundering issues. A properly functioning GRC takes effect right across the company and applies uniform methods.

Through use of a structured questionnaire one can determine specifically and efficiently at which points in the company risks must be managed and controls must be implemented. The aim, amongst others, is to link GRC Management with company wide internal control systems (ICS).

Due Diligence and Compliance

Written by Marion Willems on . Posted in Blog

When making a planned investment, investors examine the data relating to a company very carefully within the framework of a Due Diligence Audit. As well as the information relating to markets, finances, taxes and legal matters, this may well also include data relating to environmental protection, corporate social responsibility and technical issues.  Because of the increasing number of current compliance offences, compliance management (also including risk management) has most recently been increasingly coming under scrutiny as part of a Due Diligence Audit. This is not without reason. After all, who is going to buy a company in which unresolved incidents potentially involving damages are still lurking with the assumption that damage claims, fines, and other penalties might be laid against the company due to non-compliance with laws or situations in which risks arising from incomplete forensic investigations make a target less attractive or even call the whole investment into question?


Our Services at a glance

MCW-Consulting offers tailor-made solutions for the following isuues

Risk- and Compliance Management

Internal audit and process optimization


MCW Consulting

Financial Experts Association

Deutscher Fachjournalisten Verband (DFJV); www.dfjv.de

CologneAlumni (Alumni of the University of Cologne)

Wir nutzen verschiedene Cookies und andere Tracking-Technologien, um unser Internetangebot für unsere Nutzer möglichst attraktiv zu gestalten. Weitere Informationen hierzu finden Sie in unserer Datenschutzerklärung. Mit Klicken (OK) stimmen Sie der Nutzung zu. Datenschutzerklärung

Die Cookie-Einstellungen auf dieser Website sind auf "Cookies zulassen" eingestellt, um das beste Surferlebnis zu ermöglichen. Wenn du diese Website ohne Änderung der Cookie-Einstellungen verwendest oder auf "Akzeptieren" klickst, erklärst du sich damit einverstanden.