IDW PS 981

from Wikipedia, the free encyclopedia

On 3 March 2017, the main compartment Committee adopted the Institute of Public Auditors in Germany (IDW) the new Auditing Standard (PS) 981 , which generally accepted standards for review of risk management systems in accordance with § 107 , paragraph 3 German Stock Corporation Act (AktG) describes. However, this is not necessarily geared towards fulfilling the legal requirements (especially KonTraG) (such as IDW PS 340). In contrast to the more recent DIIR auditing standard No. 2 of the German Institute for Internal Auditing from 2018, implications from §93 AktG for the inclusion of risk management in the preparation of "entrepreneurial decisions" are not yet taken into account. IDW PS 981 relates to the voluntary review of the risk management system.

Within the scope of this auditing standard, a distinction is made between “strategic” (current and future potential) and “operational” (level of the service creation process) risks.

Risk concept

The risk generally represents the deviation of an actual state from a planned state. Positive deviations are usually referred to as “opportunities” and negative deviations as “loss” or “danger”. Risks are therefore always considered in terms of specified goals.

Decision theory assumes that decisions under risk have known probabilities of occurrence for all conceivable environmental conditions. According to the “Law on Control and Transparency in the Corporate Sector ” ( KonTraG ) - passed on May 1, 1998 - only negative deviations are viewed as an economic threat to the company. However, it makes economic sense to consider both risks and opportunities in risk management (RM). The RM in companies works with the umbrella term " uncertainty " - which includes both the term "risk" and "uncertainty". There must therefore be clear target definitions for the RM in order to determine a corresponding probability distribution for all possible states.

Risk management and risk management system

The risk management in companies is thus the systematic thinking and action in dealing with opportunities and risks - ie risks - represent and be involved must be in the company's management and controlling. Its tasks are risk analysis, aggregation, monitoring and management as well as the use of risk information.

The RM must work or be structured in accordance with legal requirements.

With Section 91 (2) AktG, the board of directors is obliged to “take suitable measures, in particular to set up a monitoring system so that developments threatening the continued existence of the company are recognized early”. This means that not only a company-wide risk early warning system should exist (further: IDW PS 340 ), but also a risk management system (RMS).

In accordance with Section 107 (3) of the AktG, the Supervisory Board should appoint an audit committee to examine the RMS available in the company.

The "IDW PS 981 explains the essential basic elements that an RMS typically has, and describes the test requirements for the acceptance of orders, the planning and execution of the test as well as the documentation and reporting of the RMS auditor. A separate section contains additional application notes and explanations, as well as sample formulations for reporting by the RMS auditor on the two types of order ”.

Structure of an RMS according to IDW PS 981

The subject of the IDW PS 981 audit is the part of the RMS (target categories) that relates to strategic and operational risks from business activities.

Strategic risks have to be examined across companies, whereas operational risks only have to be examined to a limited extent, i.e. H. can be examined according to sub-areas (organization, processes).

The RMS consists of eight interacting basic elements.

Risk culture (IDW PS 981 Item A18)

It includes the basic attitude and behavior when dealing with risk situations in operational (daily business) as well as with significant business decisions (strategic). This significantly influences the company's risk awareness and creates the basis for an effective RMS.

Aims of the RMS (IDW PS 981 Item A19)

These are intended to ensure that the corporate goals are achieved while taking the risk strategy into account. Corporate policy objectives and, in particular, the corporate strategy form the basis for deriving the risk strategy. This defines the extent to which risks should be taken, taking into account the risk-bearing capacity , supplemented by a corresponding risk policy for dealing with these.

Organization of the RMS (IDW PS 981 Item A20)

The prerequisite is a transparent and clear structure and clearly defined process organization. All regulations are clearly documented, structured, communicated and prescribed in a binding manner. Personnel is deployed according to personal and professional requirements.

Risk identification (IDW PS 981 Item A21)

It comprises the regular and systematic analysis of internal and external developments and events that can lead to deviations from the goals of the RMS. In doing so, completeness, accuracy and timeliness must be observed.

Risk assessment (IDW PS 981 Item A22)

There is a systematic assessment of the risks with regard to the probability of occurrence and possible effects. The procedures and criteria must be precisely defined. The system used must be suitable for assessing the importance and effectiveness of risk control measures. Individual assessments must be aggregated and interdependencies analyzed and taken into account accordingly.

Risk control (IDW PS 981 Item A23)

Based on the evaluations, the company management has to decide on suitable instruments for risk control (avoidance, reduction, acceptance, division or transfer). As a result, the risks are adapted to the company's risk tolerance and willingness. The goals of the RMS are the frame of reference.

Risk communication (IDW PS 981 Item A24)

It ensures an appropriate flow of information, subject to standardized processes with specific responsibilities, periodicities, threshold values ​​and report formats. The data is regularly checked and updated, which is done through process-integrated and process-independent controls.

Review and improvement of the RMS (IDW PS 981 Item A25)

The RMS is monitored using appropriate documentation. Results - in particular identified deficiencies - are reported and evaluated in order to initiate the necessary measures to improve the system and to eliminate deficiencies.

Type and scope of the test in accordance with IDW PS 981

The following aspects are checked as part of the PS by an internal or externally appointed RMS auditor.

  • Design

In the description, all (previously described) basic elements are dealt with and an assessment is made as to whether the structure and functionality are complete, correct and understandable. Comprehensive documentation on the risk culture and the associated presentation of reporting (internal and external) as well as further development is necessary.

  • Topicality

It must be ensured that the RMS corresponds to the description presented and that the description addresses significant changes in the period under review. If changes are made, this must be updated.

  • appropriateness

In doing so, the auditor has to “assess whether the regulations presented in the company's RMS description are designed and implemented in such a way that they are suitable for identifying and assessing the main risks in good time in accordance with the RMS principles applied and to control and monitor them in accordance with the goals of the RMS set by the company. If significant errors or deficiencies are discovered, the risk management system to be checked is not appropriate. In order to be appropriate, the risk management system must be able to identify, evaluate, control and monitor the main risks in good time with sufficient certainty. This is also where the delimitation is made to the early risk detection system, which does not include the measures for risk management. "

If the rules outlined in the description are complied with within the examination period, the RMS is deemed to be effective. It should be noted that the inspection interval should not be related to a specific date and should be at least one year.

Critical appraisal

With this auditing standard, the basis was created for designing and monitoring RMS and, if necessary, for external auditing and confirmation. In this way, the company's risk-bearing capacity can be better assessed and determined, and possible "problems" / risks can be reacted to in a better and more structured manner. It therefore represents a useful addition to IDW PS 340 (review of the risk early warning system in accordance with Section 317 (4) HGB).

The companies are not obliged to adhere to this PS, but within the framework of Section 317 (4) HGB in conjunction with Section 91 (2) AktG, it makes sense to check the RMS using the PS. A review of the RMS is required for organizations (e.g. credit and financial service providers), but this does not necessarily have to be implemented with the PS 981. Companies of other corporate forms with comparable duties of care at the level of their bodies can also achieve added value for their company by applying the PS.

Individual evidence

  1. ^ Gleißner, W .: Risk Management, KonTraG and IDW PS 340 . In: WPg - The auditing . tape 3/2017 , 2017, p. 158-164 .
  2. Gleißner, W .: Fundamentals of Risk Management . Franz Vahlen Munich, Munich 2017, p. 21st f .
  3. HFA adopts IDW PS 981 for the examination of risk management systems. March 29, 2017. Retrieved July 20, 2017 .
  4. Christoph Wunsch, Markus Brinkmann: Examination of risk management systems. bdo, May 24, 2016, accessed July 20, 2017 .
  5. Link, Steßl: IDW EPS 981 - First considerations for the examination of risk management systems and its importance in the context of effective corporate governance. July 5, 2016. Retrieved July 20, 2017 .
  6. Gerhard Schroeder: New standard for testing risk management systems (IDW PS 981). May 31, 2016, accessed July 20, 2017 .
  7. Gleißner, Berger, Angermüller: Joint statement on IDW EPS 981. September 30, 2016, accessed on August 3, 2017 .