Risk management

Today’s controllers face a dual challenge: on the one hand, there is growing pressure to make business decisions faster, more data-based and more transparent. On the other hand, uncertainty is increasing: volatile financial markets, fragile supply chains, geopolitical tensions, new regulatory frameworks – such as the Corporate Sustainability Reporting Directive (CSRD) – and technological disruptions such as artificial intelligence are making planning ever more complex and susceptible to deviations.

In this area of tension, not only the tools are changing, but also the expectations of controlling itself: It is no longer enough to simply analyze the past or monitor budgets. Instead, controllers are expected to identify risks at an early stage, actively support decision-making processes and make the effects of uncertain framework conditions transparent. In short: controlling is becoming the interface between management and risk competence.

This is where the concept of integrative risk management comes in – an approach that does not rely on parallel structures, but on the intelligent linking of existing systems. The idea is that risks are nothing more than potential deviations from the plan. And anyone who manages deviations from plan needs sound knowledge about their probability of occurrence, causes and interactions. This information is already available in controlling or can be efficiently obtained there – for example by analyzing uncertain assumptions in planning, using bandwidth models or deviation analyses.

Modern, decision-oriented risk management is therefore seamlessly integrated into controlling practice. It provides decision-relevant information, makes risks quantifiable, supports the evaluation of strategic options and enables the aggregation of risks using methods such as Monte Carlo simulation. This also fulfills a central requirement of the Business Judgement Rule (§ 93 of the German Stock Corporation Act (AktG), which requires a comprehensible approach to risks when making important decisions – not only from a liability perspective, but also as an expression of professional corporate governance.

Additional guidance is provided by DIIR Audit Standard No. 2, which explicitly requires that risk management not only reduces risks, but also considers opportunities – and is integrated into the decision-making process. This perspective is becoming increasingly important, particularly in the context of new reporting requirements on ESG risks, sustainability targets and long-term resilience.

This results in a clear picture of the future for controlling: those who understand risks as a management dimension will become strategic partners for corporate management. Those who limit themselves to purely reactive or static models, on the other hand, risk losing their own relevance in the modern management system.

The following article by Prof. Dr. Werner Gleißner examines this topic in its entirety. He shows how an integrative, decision-oriented risk management system can be established, what roles controlling, compliance and internal audit play in this model – and why close cooperation is the key to reliable decisions, especially in uncertain times.
Download

You can experience the risk management expert live at the 49th Congress of Controllers, where he will be giving a presentation on sustainability controlling. The focus: the economic and regulatory challenges as well as solution strategies.