_establishment of risk management (§ 4 lksg)
The first prerequisite is establishing a systematic (appropriate and effective) risk management system (§ 4 LkSG). As a first step, activating the internal stakeholders (management, legal, HR, compliance department, purchasing, and sales) and establishing a central structure is worthwhile. In practice, a roundtable is often set up for this purpose: All relevant positions within the company are invited to this "working group". These include quality management, product development, sales, purchasing, legal, HR, and trade unions. At regular meetings, areas for action can be uncovered in this way. Once the status quo has been identified, the gaps become apparent, and a roadmap can be drawn up in the next step. The roadmap should aim to establish an organisation that makes a content-related risk analysis possible.
- Financial and human resources must be defined.
- Responsibilities, accountabilities and methods must be clarified.
- The law recommends establishing the position of a human rights officer or a compliance officer. The work should report directly to management. However, the responsibility cannot be delegated to a place below the business level.
- Integrating the requirements into existing CSR/ESG systems and an existing sustainability or corporate governance strategy may be possible.
- At least annually, management must be informed by a comprehensive report.