Audit of CMS systems (IDW PS 980)

Compliance management systems (CMS) and their audit: an indispensable part of corporate governance

In today's business world, adherence to laws, policies and internal guidelines - known as compliance - is crucial. An effective Compliance Management System (CMS) is therefore essential for companies to minimize legal risks and ensure the integrity of business practices.

A CMS is a structured system designed to ensure compliance with relevant legal and internal company regulations. It encompasses all the principles, measures, processes and tools that a company implements to act in compliance with regulations.

The audit of a CMS by an auditor offers numerous advantages. It creates transparency regarding the appropriateness and effectiveness of the system and provides information on whether the CMS fulfils the requirements of IDW Auditing Standard 980 (IDW PS 980). This strengthens stakeholders' trust in the company's management and can protect against liability risks in the event of breaches of regulations.

The audit in accordance with IDW PS 980

IDW PS 980 defines three audit stages for a CMS:

Design review: assessment of the CMS design for its fundamental suitability.
Appropriateness test: Checking whether the design of the CMS meets the compliance objectives.
Effectiveness test: Determining whether the CMS works effectively in practice and whether the compliance objectives are being achieved.

The seven basic elements of an effective CMS

Compliance culture: the basic attitude of management and the importance that employees attach to compliance.
Compliance objectives: Definition of objectives based on relevant rules.
Compliance organisation: Definition of responsibilities and provision of necessary resources.
Compliance risks: Identification and analysis of risks that could lead to breaches of rules.
Compliance program: Introduction of principles and measures to limit risks.
Compliance communication: communication within the company must ensure that compliance requirements are known and understood.
Compliance monitoring and improvement: processes must be established to monitor compliance and continuously improve the CMS.

A sustainably designed, practiced and audited CMS is a key pillar of sustainable and successful corporate governance. It supports the management and supervisory bodies in fulfilling their responsibilities and protecting the company from legal and financial damage. The audit of a CMS by Rödl & Partner in accordance with IDW PS 980 is therefore an important step in ensuring the appropriateness and effectiveness of the CMS and strengthening the trust of all parties involved.