
INTERNAL CONTROL SYSTEM
Efficiently monitor legal requirements
A modern internal control system (ICS) is digital. Reliability comes from paperless documentation and automated control execution and testing. The ICS solution of DHC Business Solutions follows applicable standards and is a guarantee for audit-proof traceability of activities. An ICS is an indispensable component of professional GRC management.
Many companies are faced with the necessity of establishing and operating an internal control system (ICS). This requirement is based on a large number of legal requirements (e.g. KonTraG, BilMoG, OR, URÄG, AktG, ISO 14971, ISO 31000, SOX). An ICS, thus, is an indispensable component of the GRC area; it averts risks and associated damage to companies and guarantees the effectiveness, economic efficiency, and regularity of business operations. An internal control system comprises all organizational measures ensuring compliance with relevant laws, protecting the company’s assets, strengthening the effectiveness and efficiency of business processes, and securing truthful reporting.
DHC VISION ICS maps the entire internal control process – from process documentation to the recording and assessment of risks, the definition and implementation of associated controls, and the testing of controls by internal or external inspectors (e.g. auditors). Detailed analyses and evaluations allow time-accurate insights into the current status of an ICS; gross/net comparisons, threat levels, weak points and the effectiveness of controls are transparently recorded and presented in qualitative and quantitative evaluations.
Request factsheet
Compact information on all processes related to controlled documents and the complete range of functions is available in the factsheet on DHC VISION SOP Management.
"*" indicates required fields
Impressive functionality
ICS Key functions
- Recording of all ICS-relevant information related to the organization, to processes, and IT systems
- Information cockpits for the presentation of risk and ICS information
- Audit-proof logging of activities
- Use of electronic signatures to acknowledge work steps
- Audit-proof storage of all associated information
- Notification function for ICS-specific events
- Comprehensive dashboards with ICS status information
Risk Management
- Establishment of a comprehensive and detailed risk portfolio
- Detailed description of risks and responsibilities
- Qualitative and quantitative risk assessment
- Multidimensional risk assessment (probability of occurrence, extent of damage)
- Identification and assignment of risk reduction measures
- Comparative risk assessment before and after implementation of measures
- Intuitive dashboards for monitoring the risk situation
Measures, control and test management
- Complete process support for implementing ICS measures
- Classification of (immediate, preventive, corrective) measures
- Definition of cyclically recurring measures
- Distribution and monitoring of control and test tasks
- Reminder of deadlines for initiated controls, incl. escalation mechanisms
- Documentation of control results
- Planning and initiation of annual test cycles
- Sustainable documentation of test results
- Standard reporting, easily adaptable to customer needs
Insights into our costumer relations


“With DHC Business Solutions, we found a company that combines process management, key performance indicators and real-time publishing in one system.”
Lothar Schütz
Bayerische Versorgungskammer
All options at a glance
General ICS functions
- Recording and documentation of all ICS-relevant organizational, process- and IT-related information
- Clear information cockpits for a role-specific presentation of risk and ICS information
- Audit-proof logging of all activities with electronic signatures to acknowledge work steps
- Subscription and notification function to inform about events, changes to existing or creation of new content
Risk Management
- Set-up of a risk portfolio as well as identification and documentation of risks related to the organization, processes, and IT systems
- Definition of risk owners, risk identifiers and additional detailed risk information
- Differentiated qualitative and quantitative evaluation of risks about probability of occurrence and extent of damage
- Identification and assignment of risk reduction measures
- Support of a comparative risk assessment before and after implementation of measures (gross/net comparison)
Measure / Action Management
- Complete process support, from recording, implementing, and effectiveness testing to the formal closure of measures
- Classification of measures
- Preventive measures for the proactive risk reduction
- Immediate and corrective measures for handling security incidents
- Definition of cyclically recurring measures incl. automatic start of measures (weekly, monthly, annually)
- Reminder of deadlines for measures incl. escalation mechanisms
- Sustainable and audit-proof documentation of implementation results
- Role-specific dashboards for monitoring status, priority, and implementation progress of measures
Events, notifications, communication
- Notification Event Modeling Framework for automated, accurate and timely notification of people, roles/groups or systems about the status value of definable events such as date, threshold, metric, new document versions.
- Flexible and appealing design of notifications (including HTML); also multilingual, to different recipient systems (email, social media, mobile gadgets etc.
- Rules and communication by creating messages along role-based interests and views (user view, organizational view, compliance view).
- All notifications are subject to an audit trail
- Full traceability of who was informed about what, when, with what content
Control Management
- Definition of controls with responsibilities, required evidence, type of implementation, mode of operation, and frequency
- Workflow-based control execution including audit-proof documentation of control results
- Integration of external systems with automatic control execution
- Clear role-specific dashboards for the presentation of controls to be carried out
- Reminder of deadlines regarding initiated controls incl. escalation mechanisms
Monitoring / Testing / Reporting
- Planning and initiation of annual test cycles
- Selection of controls to define the scope of testing
- Involvement of internal and external inspectors (e.g., auditors) in testing activities
- Determination of the required number of samples depending on the underlying control or risk
- Automatic summary of results from internal and external tests in a comprehensive report
- Standard reporting, easily adaptable to customer needs
Multisite, client Management
- Intelligent client concept for a group-wide internal control system
- Clear management of global and site-specific (content) variants
- Simple and redundancy-free adaptation of documents to local conditions
- Predefined rollout concepts for internationally operating organizations
Validation and compliance consistently in view
DHC VISION is specially designed for use in highly regulated industries. The solution meets GxP guidelines and directives of the FDA, EMA, PIC/S or ICH, as well as 21 CFR Part 11, for both technology and business processes. The “Validation Package” consists of “Validation Accelerators” (complete documentation set for validation) and Validation Services for adapting the documentation to a specific system configuration.
Matching Products
SOP CONTROL
The optimal solution for digital management and control of your specification documentation. Secure, controlled, traceable and compliant (including 21 CFR Part 11).
TRAINING
The perfect and seamlessly integrable addition to SOP management. Digital processes set new standards in “Training Compliance”.
PROCESSES
More than just modelling. The solution combines modern process management concepts with a powerful DMS and a more than standard-compliant risk management.
Your information package
Get an impression of this and other products or read what insights we have gained from research and development. Take advantage of our exclusive content such as white papers or study results on the digitization of quality and compliance processes. Put together your desired media easily and conveniently.
Worth knowing | News | Latest
DACHSER expands internal control system (ICS) with DHC VISION
As one of the leading European logistics service providers with almost 400 locations worldwide, DACHSER not only focuses on "Intelligent...
DHC VISION the modern solution for set guidelines of financial institutions
Banks, insurance companies and financial institutions in general are required to demonstrate that they have a functioning and appropriate...
FAQ
What is an Internal Control System (ICS)?
An internal control system (ICS) refers to all measures and controls designed to minimize risks in the execution of a company’s business processes. Business processes are to be designed in such a way that the legal requirements are met. Risks should be identified during the business definition process; they should be reduced by means of suitable preventive measures. In the operational execution of the business processes, the ICS is expected to prevent possible errors or intentional criminal acts in advance; at least, the system should be able to detect them downstream.
Who needs an ICS?
The German Stock Corporation Act (AktG), in Article 8, requires the management board of a stock corporation (AG) to maintain an Internal Control System (ICS). The same applies to the managing directors of a GmbH (limited liability company); they must provide evidence that an ICS is in place. The ICS must be designed in such a way that it is suitable to the company’ business operations as well as its legal, market etc. environment. It is important to regularly adapt the ICS to changing conditions and to review its effectiveness and efficiency. Changes to the written requirements must be continuously updated and communicated to employees.
What are the goals of an ICS?
An Internal Control System (ICS) is expected to ensure that business processes are carried out in accordance with self-defined rules and existing legal requirements. Criminal acts or corruption should be prevented and even the attempt of misconduct be detected.
Concrete goals are:
– Compliance with legal requirements of the specified business policy.
– Ensuring that business processes are executed correctly
– Reducing process, organizational and IT risks
– Identifying errors in process execution
– Safeguarding business assets and reputation.