Risk management

Although achieving world-class corporate governance may seem to be a complicated effort, it doesn’t have to be. A strong framework is the start. Crowe Horwath International developed its Crowe Horwath Corporate Governance Framework™ to help organizations reduce risks, identify gaps, and close them for improved performance. Our Firm can help you analyse the maturity of your governance structure.

Strong corporate governance promotes effective risk management. And strong risk management is the key to solid compliance. Crowe Horwath | Callens, Pirenne, Theunissen is your partner in assessing whether your controls are aligned to your strategic objectives and assessing the operating effectiveness of your controls.

 

Regulatory Risk

Each industry and each organization has different regulatory risks, and these challenging regulations are changing all the time. Sidestepping or ignoring complex regulations may lead to heavy fines, loss of internal control, and even prosecution.

We can help you anticipate regulatory changes, implement new legislation or regulations, develop pragmatic solutions and help you modify your organization in line with the requirements of new regulations or requirements in your industry or marketplace.

 

Information Technology and Data Security Risk

Technology risks threaten assets and processes vital to your business and may prevent compliance with regulations, impact profitability, and damage your company’s reputation in the marketplace. Protecting information like operational and financial data, customer data, intellectual property (IP), personally identifiable information (PII), or protected health information (PHI) is key in every business today.

Our multidisciplinary approach bringing together subject-matter experts in Risk Consulting and IT Services will make the difference and provide you with hands-on solutions, which are fully aligned to your needs and concerns.

 

Fraud & Ethics Risk

Whether you are concerned about a specific fraudulent activity within your organization or it’s time to go for a preventive anti-fraud program, your interests and those of stakeholders and business partners are of primary concern.

Our firm can mainly help you in preventing fraud helping you to identifying your fraud risk areas and designing the necessary controls to mitigate those risks. When parties would decide to go to court or to work out an amicable settlement, we can deliver an expert opinion in financial disputes, both on demand of the court or on the demand of one or both parties.

 

Internal Audit

The market is becoming more competitive, which is increasing operational risks for many organizations. Many companies are expanding through mergers and acquisitions (M&A), non-profit and healthcare organizations are more and more working together, services are outsourced to suppliers around the world, supply chains become more complex, etc. Organizations are dealing with dependability issues, culture differences, new laws, new policies, and even new customers and vendors.

Whether you are in Industrial Production, Fast Moving Consumer Goods, Pharma, Automotive, Logistics & distribution, Financial Services, whether you are in a hospital, a pension fund or even a not-for-profit organization, we can help you with well-designed internal audit services.

 

SoX 404 (Sarbanes-Oxley Act)

US public companies are expected to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under this Act management is required to evidence management's testing of its internal controls and the objective of Section 404 is to provide meaningful disclosure to investors about the effectiveness of a company’s internal controls systems.

We can assist your company both in testing your controls in cooperation with Crowe Horwath International or help you evidence the effectiveness of your controls when they are subject to testing by another auditor.

 

We create value for your organisation through.

  • flexible tailored solutions
  • a step-by-step approach guiding you through the different aspects of effective risk management
  • a non-nonsense point of view, which brings immediate value 

Our Risk Consulting department delivers:

  • a maturity analysis of your corporate governance practices
  • an in-depth IT Governance Scan
  • advisory on / testing the implementation of the “Belgian Code on Corporate Governance” for listed companies
  • advisory on / testing the implementation of the “Code Buysse” for small and medium-sized entities
  • helping public sector entities create a corporate governance framework aligned to their needs
  • advisory on / testing compliance with ICURO’s Hospital Governance Frameworks for Belgian hospitals
  • Assurance Reports on Controls at Service Organization (ISAE 3402) or SAS 70 Reports
  • Helping Flemish governmental institutions implementing the “Leidraad Interne Controle en Organisatiebeheersing van de Vlaamse Overheid”
  • helping local public administrations implementing “Het BBC-Besluit (Besluit van de Vlaamse Regering betreffende de beleids- en beheerscyclus van de gemeenten, de provincies en de openbare centra voor maatschappelijk welzijn)”
  • EU Pillar Assessments (in accordance with ISAE 3000)
  • Compliance checks on EU General Data Protection Regulation 
  • IT Compliance Audits
  • Conflict Minerals & Supply Chain Compliance (Consulting & Assurance)
  • IT Health Scans
  • IT General controls Audits (in accordance with Cobit)
  • Data Security  & Privacy Audits (Compliance with the EU General Data Protection Regulation)
  • Information Security Evaluations (in accordance with ISO 27001)
  • Business continuity Checks
  • IT Service Management Assessments (Supplier management, SLA management,…)
  • IT compliance audits (compliance with specific regulations, as issued by the National Bank of Belgium or the Financial Services and Markets Authority)
  • IT Resource optimization analysis
  • Cloud computing risk assessments
  • internal audits
  • SoX 4o4 testing
  • Advisory on SoX 404 / Implementation of SoX 404 
  • internal control assessments (ISAE 3000 Reports);
  • Recovery Audits on vendors (payment incidents; pricing errors; contract compliance)