Internal controls

Internal control systems (ICS) are considered as an essential part of a company's structural and procedural organisation and, if properly set up, help the company to be safely managed and to deal with the related monitoring of processes. It is now well known that a functioning and monitored internal control system can support a company in meeting its supervisory duties. However, it is not only the legislator's demands on internal control systems in companies that have increased in recent years. The expectations of the public, lenders, suppliers and customers have also changed, meaning that an effective and efficient ICS has become a real competitive advantage.

The increasing scale of digital transformation in business and administrative processes offers enormous potential to set up processes effectively and also to increase efficiency within the processes and between the various governance functions. The ICS of the future is therefore integrated, digital and creates added value. 

KPMG's ICS experts support you in introducing, developing, optimising and auditing internal control systems (ICSs) according to national and international standards.

Are you planning to implement an internal control system in accordance with common German practice? 

With the German Accounting Law Modernisation Act (BilMoG), the legislator supplemented the regulations on the internal control system. This included expanded obligations for management bodies, such as Section 289 (5) HGB as amended (management report) and the supervisory board or audit committee's monitoring of ICS effectiveness. However, implementing an ICS isn't just about pure compliance with legal standards and setting up as many controls as possible; it also means implementing the right control mechanisms with the utmost efficiency, maximally integrated into the process flow and thus placing the lowest possible burden on employees. Our main support services are as follows:

1.  ICS inventory and analysis
2. ICS design - ICS framework, ICS manual, control and documentation models, risk control matrices, selection of suitable ICS software, etc.
3. Scoping - methodologies for selecting relevant companies and processes, identification/overview of relevant risks 
4. Piloting (blueprint) - process recording, documentation in the form of process descriptions and/or flowcharts, risks and controls 
5. Worldwide roll-out and go-live 

Is your goal to further develop or optimise the ICS in order to benefit from the advantages of digital transformation and to add value to your processes?

Our world is changing at a breathtaking pace. Technical solutions that we could hardly imagine just a few years ago are now part of everyday business life. We are seeing increasingly widespread use of artificial intelligence to identify and manage risk, while robotic process automation and high-performance databases enable controls using real-time information.

Digital transformation is the best way to achieve the central goal of an internal control system: security. And it is important not just that selected components of the ICS are set up effectively and efficiently, but also that the ICS is viewed holistically. 

KPMG focuses on this holistic optimisation of processes and controls, and proceeds in two steps:

1. ICS efficiency analysis - analysis of your controls as well as data analyses on your processes as a basis for identifying ICS optimisation potential against the background of digital transformation. 
2. Implementation of optimisation measures - from harmonisation to complex automation solutions.

 You desire an audited, effective internal control system - for your security, your supervisory bodies as well as for the public, lenders, suppliers and customers?

Our range of services include consulting for the optimisation of existing internal control systems, as well as the crucial assessment of effectiveness.

The scope and form of our audit services can be individually defined and adapted to your needs.

1. Audit scope - The audit can cover the entire internal control system, a section or an individual company process.
2. Audit activity - The desired level of assurance depends on numerous factors, as internal control system requirements and stakeholder expectations can vary from company to company. Thus, we can assist you in auditing the design and implementation as well as the effectiveness of your internal controls.
3. Reporting - The form of reporting by KPMG can be via a memorandum or in the form of an ISAE 3000 or IDW PS 982 attestation. An attestation provides you with an independent third-party audit opinion and assurance on the adequacy and effectiveness of your system of internal controls. 

 Are you looking for experts to assist you in implementing international ICS requirements? 

International requirements for the ICS are diverse and, depending on which regulations might apply, can differ greatly from the German BilMoG approaches. 

The best-known regulations include the US Sarbanes Oxley Act for US and foreign companies and subsidiaries whose assets are traded on the US stock exchange or publicly offered in the US. With recent trends towards global mergers and acquisitions by companies traded on a US exchange, the demand for SOX compliance services has increased. KPMG has responded to this demand by establishing the German SOX Competence Centre.

The SOX Competence Centre is a group of professionals with knowledge and experience of providing SOX-related services to national and global organisations.

Our ICS expertise also includes other international requirements, such as the "Chinese Standards on Internal Controls" and the Japanese "Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting".