Controlled Risks

Whether it’s the General Data Protection Regulation (GDPR), the European Union’s AI Act or supply chain legislation, companies today find themselves in a maze of paragraphs that is difficult to navigate. Matters become even more complex when trying to align the implementation of these regulations with strategic corporate goals and real data from business processes.

Bringing order to the chaos

Companies find a certain kind of support in management systems. They provide a structured framework for implementing strategies, optimizing processes and improving organizational performance. With their help, companies can use their resources more effectively, make better decisions and promote coordination between different departments and business processes. The more complex the business environment, and legal regulations, the more important a good management system is for the company’s success.

Internal control systems (ICS) are a subset of management systems. They are intended to ensure reliable financial reporting, prevent fraud and promote compliance with laws and regulations. As such, they play a decisive role in the effective control and monitoring of company processes and are even mandatory for stock corporations.

Typical components of ICS are procedures, guidelines and technologies that are relevant for legal and accounting compliance. They support management in identifying, assessing and mitigating risks that could impair the achievement of corporate objectives. This makes them an integral part of corporate governance and risk management.

One challenge for users of management systems is that they are often quite inflexible. This is because the information and processes fed into them are very diverse and often have complex interdependencies. In a dynamic environment in which legal requirements and market conditions can change rapidly, companies must be able to integrate new requirements quickly and effectively into their business processes. Rigid management systems with integrated ICS are quickly pushed to their limits here. What Fraunhofer IPK has already demonstrated for project management now also applies to ICS: The process assistant that has been successfully in use for years, was further developed into a system that offers both – control and flexibility.

Using models to reach your goals

The unique strength of the Fraunhofer IPK process assistant: It is based on company models. A company model depicts the structure, processes, resources, such as roles, documents, IT systems and strategies of a company. The model makes it possible to systematically capture and analyze these diverse aspects and thus take a comprehensive view of risks and control mechanisms. It therefore serves as an ideal framework for the well-informed design of internal control systems.

The model-based process assistant enables companies to embed their necessary control mechanisms coherently within this rich context and implement them in such a way that they are compatible with the company’s specific needs and objectives. This not only makes internal control more efficient and effective, but also supports management in the pursuit of strategic goals. Models also simplify the communication and understanding of control processes within the company and towards external stakeholders, such as investors and regulatory authorities. Last but not least, the clear presentation of all the structures, processes and resources involved not only helps companies to comply with current legal requirements, but also allows them the necessary flexibility to react to future changes.

One model, many use cases

A business model unfolds its full value when it is consistently applied, in other words, when it is used in day-to-day operations. Model-based solutions developed by Fraunhofer IPK have been supporting companies in project management for years, ensuring that day-to-day processes are consistently followed and all necessary information is available at all times. The new, easy-to-use ICS functions of the process assistant not only minimize risks through control mechanisms. As a central source of information, the company model makes it possible to integrate risk management, internal controls and project management. The common information basis enables efficient risk management during project execution, as new or newly assessed risks are always taken into account.