Internal Controls/ Sarbanes Oxley (SOX)

A lack of controls, inadequate risk management, economic crime and corruption are extensively discussed in public and appear to be the order of the day in practice. Furthermore, German law has stipulated for a long time now that responsibility for the setting-up and documentation of an Internal Control System (ICS) is the responsibility of the company management.

The Control and Transparency in Business Act (KonTraG) on a national basis, as well as the Sarbanes-Oxley Act (SOX) on an international basis, are only two legislative milestones on the way to a new worldwide monitoring culture. In Germany this trend has recently been strengthened by the German Accounting Law Modernization Act (BilMoG), in which – among other things – the obligation of the Supervisory Board to assess the effectiveness of the ICS, the Internal Auditing and the Risk Management System was concretized.

A thorough understanding of internal controls and their possible value proposition are of essential importance for any company. Effective risk management and an efficient ICS form the necessary basis for your company to be able to realize its full potential. An effective ICS makes it easier, for example, to obtaincapital from banks.

In a globalized economy, small and medium-sized enterprises also have business partners who require compliance with their internal policies (e.g. the availability of certain internal controls) or the implementation of the requirements of Section 404 and 302 of the Sarbanes-Oxley Act (SOX) from their suppliers and service providers. For companies, this is usually associated with a disproportionately high time requirement and the tying-up of the company's resources.

IT-supported ICS creates Added Value

We at RSM Germany use a multi-stage process to facilitate the development, implementation, optimization and monitoring of an effective ICS. In doing so, we do not ignore your IT. Our experienced and qualified IT auditors are consistently integrated into our projects, also if the actual project focus lies outside the IT field.

Our approach is based, for example, on the internationally recognized and globally distributed framework of the Committee of Sponsoring Organization of the Treadway Commission (COSO). Furthermore, the national (DIIR) and international (IIA) standards for Internal Auditing form part of our approach. We enable you to identify opportunities for your company and pursue your corporate goals in a more focused manner. With this you create sustainable added value.


Dr. Oliver Bungartz

Partner - RAS, Hamburg


Scan the QR code to save the contact details.

Gregor Strobl

Co-Leiter Risk Advisory Services - RAS, Hamburg


Scan the QR code to save the contact details.


Internet Explorer 11 is not supported.

We have detected that you are using an outdated browser. We recommend that you use an up-to-date browser to increase your security and to be able to use all the functions of the RSM website.

We recommend the following browsers: