Law firm for Compliance and Commercial Law

“The Management Board ensures appropriate risk management and risk controlling in the enterprise.”

Section 4.14 of the German Governance Code

Corporate Governance is one of the management’s main responsibilities and means putting codes of conduct and disclosure requirement into practice. It thus is closely connected to detecting and mitigating risks at an early stage, creating a necessary level of transparency and helping avoid major and possibly threatening crises at your company.

Every compliance management system (CMS) is based on a company-specific risk analysis process. You are only able to monitor and mitigate those legal risks that have come to your attention.

We support and consult you in designing, putting into practice and evaluating a risk analysis process as well as in implementing any measures deemed necessary.

“Good compliance is a competitive advantage for any company.”

Hans Jürgen Stephan

Nobody knows your business as well as you do. This means that any analysis begins with insight into your risk strategy and so-called risk appetite at your company.

With our structured, risk-based approach, we then together evaluate the risks to your business model, taking into account strategic, operative and tactical aspects (areas such as foreign trade law, corruption, cartel and internal fraud cases, money laundering, political and financial risks, or force majeure, for example). This is achieved by:

• Desktop reviews und research
• Strategic analysis (within and outside your company)
  
• Creating structured questionnaires for gathering information
  
• Carried out structured interviews with members of management
  
• Classifying risk categories
  
• Carrying out gap analyses
  
• Creating a risk register that lists known risks
  

The last step, creating a risk register, involves putting down detailed information on single existing risks. This forms the basis for any further analysis or assessment.

Next, the risk analysis plots the risks on a risk matrix, which shows:

• Likelihood the respective risk with occur
• Effect (potential damage)

The risk assessment is usually carried out by a group of experts working in an interdisciplinary team.

The values it generates helps you prioritise the risks and decide which need to be dealt with promptly. Adding the values helps you keep an inventory of the risks and lets you monitor the level of risk at your company over time.

Once the risks your company faces have been identified and assessed, the logical next step is to devise and put into place appropriate mitigation measures.

We first categorize each risk and assess an ideal approach using one of these four possibly actions:

1. to avoid the risk completely,
2. to transfer the risk,
   
3. to tolerate the risk or, if none of these actions meet with success
4. to manage and minimise the risk.

Managing the risk then occurs on two levels:

• Preventive measures to minimise the risk
  
  
• Corrective measures to reduce its effects

This approach forms the basis of a consistent and pragmatic policy management, which guides any measures taken.

Also in this context we formulate any necessary guidelines, assess and possibly amend existing contracts, train employees, and create legally admissible instructions, assessments and reports for management and supervisory boards.

Creating a tailored compliance structure fosters transparency, shows commitment, reduces legal risks and increases your enterprise’s efficiency.