Audit, Risk Advisory

The purpose of our audit service is to issue an independent and reliable auditor’s opinion that provides an appropriate basis for users of financial information. In carrying out their engagements, our auditors consistently seek to comply with professional, ethical and independence requirements. Our audit methodology combines the quality assurance and audit standards of the RSM international network with the requirements applicable under Hungarian regulations.

Our audit professionals are highly qualified, well-informed experts with strong foreign language skills. Our audit leaders built their experience at international audit firms, and our specialists support business partners with a broad range of audit and advisory services.

Our auditors hold certifications/authorisations for audits related to: IFRS, insurance entities, investment firms, sustainability, issuers, budgetary entities, financial institutions and pension funds.

RSM services related to the audit practice

• Audit services

• Other assurance services

• Risk advisory services

Audit services:

Audits of major international, regional and listed corporate groups

As part of our audits, we provide audits of consolidated financial statements prepared under Hungarian accounting requirements and under IFRS. This may include group-level audits covering multiple countries, involving member firms of the RSM Network, thereby ensuring high-quality and standardized services for clients. Our audit experience spans a wide range of industries, including the financial sector, industry, manufacturing, trade and services.

Audit of annual financial statements and group reporting under Hungarian GAAP and IFRS

We audit the IFRS-based or Hungarian GAAP annual financial statements of Hungarian medium-sized and large companies, as well as reporting packages prepared in accordance with the group accounting policies, under other standards as applicable (US GAAP, HB II).

Audit of public-interest entities and entities/groups supervised by the MNB

We also perform audit engagements for public-interest entities, alongside the related prudential, risk and compliance expectations. In our work, we take into account MNB guidance and recommendations (with particular regard to the requirements of Hungarian National Auditing Standard 6100), with a strong focus on the review of IT controls, performed by our in-house IT audit specialists.

Assurance on CSRD sustainability reporting

Our audit team is capable of performing limited assurance engagements under ISAE 3000 on reports prepared in accordance with Directive (EU) 2022/2464 and the ESRS. Within the scope of our work on sustainability reporting, we also assess double materiality, the data collection chain and the control environment, and review the methodological and documentation consistency of sustainability and ESG reporting.

Audit of transformation balance sheets and asset inventories

In corporate transformations—mergers, absorptions, demergers and spin-offs—our auditors audit the opening balance sheet draft and the final transformation balance sheet prepared under the Hungarian Accounting Act, supporting the transformation process through the issuance of an independent auditor’s report.

Other assurance services

Reviews related to MNB compliance

In the course of reviews supporting compliance with the prevailing MNB requirements, our auditors assess the internal processes and controls of financial institutions based on applicable legal and supervisory requirements.

Assurance audit of controls over outsourced activities (ISAE 3402 and SOC Type 1 & 2)

The purpose of an assurance audit under ISAE 3402 and the SOC standards is to comprehensively evaluate the internal control system of service organisations performing outsourced activities, and to provide assurance in the form of a report. We apply a methodological approach that supports robust examination and alignment with internationally accepted practices.

ESG compliance services – GHG assurance (ISAE 3410)

Based on statutory requirements, we perform independent audits of sustainability-related reports prepared by the company—such as carbon footprint calculations prepared under the GHG Protocol or a LuCID completeness statement. We issue an assurance report on these compliance engagements in accordance with ISAE 3000 and ISAE 3410.

Review of BMR (BUBOR) compliance

The auditors of RSM Hungary perform BMR compliance reviews as an independent external assurance provider for panel banks, based on the quotation procedures and internal regulations applicable to the BUBOR benchmark, in compliance with Regulation (EU) 2016/1011 and the Code of Conduct.

Audit of European Union and other grants

In the course of our audits related to EU and domestic grant schemes, our auditors review project implementation and the compliant use of grant funds in line with EU and Hungarian requirements. Our objective is to prevent irregularities, substantiate the reliability of grant settlements, and assess contractual compliance for projects funded under agreements concluded with the EU.

Audit of business plans

Our audit capabilities include the review and validation of a company’s forward-looking financial information and business plans, and the issuance of an assurance report. A business plan audit may be prepared for internal use or, upon external request, to support planned expansion or capital raising.

IFRS transition audit

Transitioning to IFRS is a complex process, and a legal prerequisite is an auditor’s report confirming the company’s preparedness for IFRS adoption. Upon client request, we assess whether the company meets the conditions set out in the Hungarian Accounting Act for IFRS transition and, where the conditions are met, we issue an assurance report.

Risk advisory services

Information security advisory / readiness support

As part of our audit practice, RSM’s experienced IT auditors support companies in preparing for and complying with information security and cybersecurity requirements in the following IT areas:

• NIS2: Cybersecurity and the protection of digital infrastructure are among the most significant challenges. Our IT auditors support readiness for compliance with the requirements of the NIS2 Directive, including gap assessments, roadmaps and the design of controls to meet NIS2 requirements.
• ISO 27001: Design/implementation/enhancement of an ISMS and audit readiness in line with the requirements of ISO 27001.
• TISAX: In the automotive supplier chain, information security is a fundamental requirement ensured by the TISAX framework. Under RSM’s TISAX readiness service, our IT advisors help prepare the company’s information security management system for TISAX requirements so that it can obtain the assessment label.

Internal audit services

Our advisors help partners operate efficiently and in compliance with legal requirements by designing and reviewing internal audit processes and control systems. These reviews play an important role in supporting effective internal control.

• Outsourced internal audit – SOX: Performing control testing; preparing and updating process descriptions and process flowcharts in line with the client’s internal audit strategy.
• Control advisory/optimisation: Identifying deficiencies in control processes, improving and optimising the control environment, and reducing operational risks through the development of internal control functions.
• Outsourced IT vendor audits (MNB-supervised): Risk-based assessment of banking/insurance IT suppliers in line with MNB expectations and cybersecurity requirements.

Artificial intelligence services

AI regulation has entered a new phase with the adoption of the EU AI Act. Under RSM’s AI Act compliance advisory, our experienced professionals support companies in the risk-based classification of AI systems, embedding legal requirements and designing controls. ISO/IEC 42001 is the first international standard for AI management systems; through RSM’s ISO 42001 readiness service, our experts help companies achieve compliance with the standard’s requirements.

• AI Act compliance advisory: Risk classification of AI systems; development of compliance controls and documentation.
• ISO/IEC 42001 readiness service: Preparation and implementation of an AI management system aligned with the AI Act.

IT risk management / risk assessment

For financial institutions and other financial market participants, it is essential to understand their IT risks and continuously reduce either the likelihood of IT risk events or their measurable impact on the organisation. RSM’s IT risk management service supports companies in identifying IT risks and existing controls, and in developing an IT risk management strategy and action plan.

Fraud prevention and detection – forensic advisory

Within forensic advisory, we support the identification of fraud events, the review of internal processes, and the performance of audit procedures to verify and analyse past events, with a view to improving detection and prevention. We assess the company’s operational processes, identify areas with high fraud risk, and perform further examinations in these focus areas regarding the processes used for risk mitigation. We also provide recommendations related to enhancing controls and developing IT systems.

Governance services

If the company does not yet have adequate internal policies, or wishes to update its documentation, we provide support in preparing these. We map existing manual and IT processes, controls and the related roles and responsibilities. Based on the assessment, we prepare documentation for internal policies, process descriptions and process flowcharts, which support management and internal audit in obtaining an overview of, and reviewing, company operations.