Risk management

The risk management compact seminars provide you with the necessary tools for setting up and further developing the risk management system in your company. A well-functioning risk management system includes the following three elements in particular:

  • Early warning system for current and future risks
  • Internal monitoring system
  • Controlling
Supervisory Board

The audit of the early risk detection system (IDW PS 340 n.F.)

Pursuant to § 91 para. 2 AktG, you as the executive board of an AG must take suitable measures, in particular set up a monitoring system, with which you can recognise developments that endanger the continued existence of the company at an early stage.

In the case of listed AGs, your auditor has to assess within the framework of the audit of the annual financial statements pursuant to § 317 para. 4 HGB whether you, as the executive board, have taken the measures required under § 91 para. 2 AktG (“early risk detection system”) in a suitable form. It must also be assessed whether the monitoring system to be set up in accordance with this can fulfil its tasks. Your auditor must report on the results of his audit in the audit report in accordance with section 321 (4) HGB.

The subject matter of IDW PS 340 (revised), starting with a description of the measures pursuant to section 91 (2) of the German Stock Corporation Act (AktG) as the subject matter of the audit, are the audit requirements to be observed in the audit pursuant to section 317 (4) of the German Commercial Code (HGB) and the reporting on this audit required pursuant to section 321 (4) of the German Commercial Code (HGB).

Compared to the previous IDW PS 340, the auditing standard was fundamentally revised. The material revision became necessary in order to take into account the further development of corporate practice in the area of setting up and auditing corporate governance systems since the introduction of Section 91 (2) of the German Stock Corporation Act (AktG).

In addition to the concretisation of the basic elements of the measures under § 91 para. 2 AktG, the following changes in risk management must now be observed:

a) It is clarified that the duty of the board of directors to detect developments that could jeopardise the company’s existence at an early stage includes the assessment of the company’s risk-bearing capacity. This is intended to ensure that the measures pursuant to section 91 (2) AktG focus on developments that actually pose a threat to the company’s existence.

b) The importance of risk aggregation in the context of risk assessment by the executive board is emphasised. Frequently, not only individual risks, but the combination and interactions of several risks lead to a development that endangers the existence of the company.

c) It is clarified that the measures according to § 91 para. 2 AktG are based on a consideration of “net risks”. This means that the risk management measures taken are already taken into account.

d) In the case of parent companies within the meaning of § 290 HGB, the organisational obligations are to be understood as group-wide within the framework of the existing possibilities under company law. Particularly if developments could emanate from subsidiary companies that could endanger the continued existence of the parent company, these must be taken into account.

e) A lack of documentation of the early risk detection system by the company constitutes a violation of § 91 para. 2 AktG.