Skip to main content
Group 2 Created with Sketch.
Schild mit Schloss, dunkelblauer Hintergrund
Group 2 Created with Sketch.
Risk Advisory Services (RAS)

Internal Control System (ICS)

Trust is good – control is better. And in many cases, it is even legally required.

Our Internal Control System (ICS) services help organizations to comply with regulatory requirements, manage risks effectively, and establish efficient controls. This creates transparency, efficiency, and a reliable foundation for sustainable business success.

Why is a robust ICS indispensable for secure and efficient corporate governance?

  • Regulatory requirements: An effective ICS supports organizations in complying with legal and industry-specific regulations at national level (e.g., AktG, FISG, and HGB) and at international level (e.g., the Sarbanes-Oxley Act – SOX) based on professional standards and guidelines (e.g., the auditing standards of the Institute of Public Auditors in Germany – IDW). This helps to avoid penalties, liability risks, and reputational damage.
  • Strategic integration: A well-structured ICS is more than just compliance - it is strategically integrated into organizational processes and enables effective management as well as informed decision-making.
  • Transparency and compliance: Through clear control mechanisms, an ICS creates greater transparency in processes and operations. This fosters a sustainable culture of compliance and strengthens the trust of investors, customers, and authorities.
  • Risk management: A robust ICS, as part of the Risk Management System (RMS), identifies, assesses, and minimizes financial, operational, IT and strategic risks at an early stage. This prevents potential damage and ensures the long-term stability of the organization.
  • Competitive advantage: Efficient internal controls not only enhance process quality but also boost an organization’s innovative capacity. Organizations that identify risks early and ensure compliance gain a lasting competitive edge.

For organizations, ICS implementation initially means increased administrative and financial expenditures. However, a robust ICS brings long-term benefits such as improved corporate governance, enhanced transparency, and a minimized risk of errors or irregularities in business processes.

Our range of services for ICS

At BRL, we support organizations in implementing, optimizing, or auditing an effective internal control framework based on established standards such as COSO and ISO as well as national (e.g., DIIR and MaRisk) and international (e.g., IIA) guidelines. We utilize multi-step processes to facilitate the development, implementation, optimization, and monitoring of an effective and adapted ICS.

We guide you through the entire process - from risk analysis and continuous monitoring through to training and documentation. Through the seamless integration of internal controls into your business and IT processes, we ensure that your internal control framework meets the highest standards. In doing so, we guarantee long-term compliance, efficient processes, and a lasting strengthening of your corporate management.
 

Cubes with side and surface labelling

Committee of Sponsoring Organizations of the Treadway Commission (COSO): Internal Control – Integrated Framework.

Overview of our ICS Services

  1. Risk analysis and scoping: Identification of relevant risks for the ICS and definition of the affected processes. A targeted risk analysis ensures that all essential business processes are covered and effective controls to minimize risk are implemented.
  2. ICS due diligence: Assessment of the design and operating effectiveness as well as quality of the ICS in the context of corporate acquisitions or sales. We support the analysis of risks, the optimization of control structures, and the integration of the ICS into the compliance strategy. Additionally, an effort estimation is provided, which is considered during company valuation and price determination.
  3. Review and quick check for ICS evaluation: Conducting a comprehensive review of the existing ICS to identify weaknesses and potential for improvements. This analysis ensures that the ICS operates efficiently and effectively, covers the relevant processes, and complies with current regulatory requirements.
  4. Rating and maturity assessment of an ICS: Evaluation and rating of an ICS based on an assessment model developed in accordance with international standards to categorize the ICS within a maturity model.
  5. Implementation and improvement of an ICS: Development and implementation of an ICS based on recognized frameworks such as COSO and ISO. National and international legal requirements (e.g., AktG, FISG, or SOX) are fulfilled and best-practice approaches are incorporated. The identification and remediation of weaknesses ensure continuous improvement of the ICS.
  6. Support for the preparation and conducting of ICS audits: Testing the design and operating effectiveness of the ICS in accordance with recognized national standards, such as IDW PS 982, including the requirements for the design and audit of the ICS for the preparation of a sustainability report in accordance with IDW Practice Note 4/2023 and IDW PS 951 new version, or international standards, such as ISAE 3402 and SSAE 18.
  7. Training and coaching: Training for employees and management to convey the requirements of the ICS. Through workshops and practical training, we ensure that ICS guidelines are well understood and effectively integrated into daily business operations.
  8. Development and optimization of ICS process documentation: Creation, revision, and continuous improvement of ICS descriptions, process documentation, policies and guidelines to ensure compliance and effectiveness of the ICS.

Resources and Flyer

More information on Internal Control Systems.

More information on IPO Readiness.

FAQS

What is an Internal Control System (ICS)?

An ICS comprises processes, procedures, and measures implemented by organizations to ensure the effectiveness and efficiency of their business operations, identify and minimize risks, and ensure compliance with regulations and policies. 

For what company size is an ICS fundamentally relevant?

An ICS is not only relevant for large corporations and organizations but is also of critical importance for medium-sized companies. Regardless of the company's size, an ICS helps identify risks, optimize processes, and ensure compliance with legal requirements. For medium-sized companies, an effective ICS is essential to secure business processes, improve financial reporting, and maintain long-term competitiveness. A well-implemented ICS minimizes poor decision-making and financial risks while strengthening the trust of investors, customers, and business partners.

When is an ICS designed and operating effectively?

An ICS is designed and operating effectively when it addresses the specific risks of an organization, fulfills legal requirements, and is reviewed on a regular basis. It must be documented to ensure transparency and traceability. An ICS is effective if it is efficiently integrated into business processes and continuously adapted to account for changes in risks and regulations.

How can we ensure that our internal controls remain continuously effective?

Systematic monitoring of the ICS ensures that internal controls remain effective over the long term. Audits on a regular basis, adjustments to legal requirements and process changes, as well as the remediation of identified weaknesses, are crucial. Moreover, fostering a corporate culture that promotes transparency and accountability, along with ongoing employee training, contributes to sustained effectiveness.

Our Experts

Learn more about our services in the area of ‘Internal Control Systems (ICS)’ and feel free to reach out to our Experts for a non-binding consultation.

Contact us for a consultation on Internal Control Systems!

You may also be interested in