Compliance Assurance

How does one obtain certainty as to whether the CMS set up is actually suitable and effective? The auditing standard (PS) 980 published by the Institute of Public Auditors in Germany (IDW) creates the basis for auditors to audit compliance management systems (CMS) and defines the components of a CMS as well as a framework for its audit. The standard is applicable to the audit of a company's CMS irrespective of the respective sector (for example, industry, trade, banking, insurance, media, energy, public administration). KPMG has developed a tried-and-tested methodology for this purpose, which carries out such an audit and can answer the question of adequacy and effectiveness.

• Reduction of the risk of reputational and possibly liability damage for the company and the executive bodies in the event of compliance violations.
• Fulfilment of the increasing requirements for a CMS, both due to regulatory requirements (changes to the DCGK, BilMoG, industry-specific requirements, FCPA / UK Bribery Act) and due to the expectation of the public and business partners.
• Avoidance of significant asset losses.
• Fulfilment of the requirements of the German Corporate Governance Code for the Executive Board to ensure compliance.

IDW PS 980 provides a framework for the audit of your CMS. At the same time, the reference to internationally recognised audit methods ensures broad acceptance of the audit and supports you as follows:

• Evidence of the fulfilment of due diligence and organisational duties with regard to compliance.
• Support of the supervisory board or audit committee in fulfilling the monitoring requirements from the Accounting Law Modernisation Act.
• Identification of weaknesses in your CMS and recommendations for action derived from this as a basis for improving your existing CMS.
• Professional reporting and high quality through the use of KPMG specialists.
• Independent third party audit opinion and assurance on the design, adequacy and effectiveness of the CMS.
• Evidence of the cultivation of a risk culture and due diligence in the company, which leads to a positive reputation for the company.

Municipal, medium-sized and global companies face the challenge of implementing uniform compliance standards. The ISO 19600, developed by international experts, is a generally recognised compliance standard that is intended to offer more uniformity in compliance implementation and thus facilitate national and global business.

ISO 19600 is designed as a flexible guideline - not as a certifiable specification with target specifications. It leaves sufficient scope for design and decision-making to meet the requirement that the specific compliance management system (CMS) must be tailored to the needs and necessities of the company. It claims to be applicable to all forms of organisation. It is thus not only aimed at large corporations, but also at small and medium-sized enterprises as well as public authorities and other organisations.

You attach great importance to your compliance management system. We support you with our consulting and auditing services and give you security for a successful future.

In a Quick Scan, we can carry out an initial inventory of the CMS set up and determine the readiness of the CMS for testing in a Readiness Review.

• In order to compare your CMS with that of other companies, a benchmarking can be carried out in addition to the Quick Scan or Readiness Review.
• Our audit can relate to the design, adequacy or effectiveness of the CMS and thus accompany the establishment of a CMS in a timely manner.
• The audit can cover certain delimited sub-areas. This may relate to specific areas of law (such as corruption, antitrust law, data protection or environmental protection) or corporate units (such as selected subsidiaries).
• The reporting by KPMG takes the form of an audit report with certification in accordance with IDW PS 980.
• Alternatively, we can also assess the CMS and report on this in the form of a memorandum (identification of weaknesses and recommendations for action).
• During the process of setting up your CMS, we can also assess individual elements of the CMS (such as compliance culture or compliance risk management)..
  

Compliance experts
In order to be able to meet the specific questions and requirements of an audit in accordance with IDW PS 980 with a high level of quality and experience, KPMG has brought together compliance experts in the Assurance Services division who also have in-depth industry knowledge on an individual basis.

Compliance audit experience
In recent years, our compliance experts have assisted many clients in the DAX40 environment as well as smaller and medium-sized companies with the establishment and further development of compliance management systems and the preparation and execution of audits in accordance with IDW PS 980. We combine our experience from the Advisory and Audit divisions as well as from KPMG Rechtsanwaltsgesellschaft and can thus put together interdisciplinary teams according to your needs.

CMS Assurance Methodology
KPMG has developed its own audit approach, the "CMS Assurance Methodology", which has already proven itself in practice many times.

Global presence
Wherever you are, we are there too: We can bring in teams at your international locations or combine our own teams with colleagues from KPMG offices abroad.