Risk management

Building blocks of our risk management!

In order to assess the criticality of a risk, our risk rule sets comprehensibly show the individual …

  • Risks,
  • issues,
  • objectives,
  • targets and
  • Possible risk treatments


The aim is the technically sound integration of the rule sets into the company’s existing internal control system.



Risk description

The following risks are considered and described for the authorisations:

  • Business management
  • Commercial
  • IT-specific
  • Data protection law



Impact / Risk level

The risk potential of an authorisation is classified by forming a criticality score.

The following areas are evaluated here:

  • Regularity (accuracy, completeness…)
  • Security (confidentiality, integrity…)
  • Other criteria (fraud, data protection…)



Scope of application / Process description

The following aspects form the basis of the description:

  • Detailed scenario description
  • Comprehensible derivation of the risk
  • Qualitative description of damage



Goal setting

Four important aspects are considered and described for goal setting:

  • Target (ideal state of the scenario)
  • Objective through compliance with the target
  • Risk treatment (active or passive)
  • Organisational compensating controls