Internal control
AHOLD BUSINESS CONTROL FRAMEWORK
Ahold's internal controls are designed to provide reasonable assurance that the
Company's objectives are achieved. We are replacing a decentralized set of internal
controls with a consistent, one-company system. Ahold takes a structured and
consistent approach to internal control by aligning strategy, policies, procedures,
instructions, guidelines and processes, people and technology, for the purpose of
identifying, evaluating and managing the uncertainties that the Company faces.
Monitoring
For this purpose, Ahold is in the process of implementing a
single, enterprise-wide Ahold Business Control Framework
("ABC Framework"). The ABC Framework will encompass
internal control policies, procedures, instructions and
guidelines for all Ahold group companies.
The ABC Framework is based on the recommendations of
the Committee of Sponsoring Organizations of the Treadway
Commission (COSO - Internal Control Integrated
Framework). The aim of these recommendations is to
provide a reasonable level of assurance concerning internal
control. It should be noted that in line with the COSO
framework, also the ABC Framework's level of assurance
does not provide certainty as to the realization of objectives,
nor can it prevent all inaccuracies, errors, instances of fraud
or non-compliance with laws and regulations.
The transition process to convert to one-company controls
initially focuses on financial reporting controls. With respect
to financial reporting Ahold has developed uniform control
standards applicable to all of our arenas. These cover a
variety of financial control and reporting topics such as
financial closing process, property, plant and equipment
and lease accounting, capital investments and disposals,
contracts and agreements, vendor allowances and the
compliance with our accounting manual. The ABC
Framework will gradually be extended with one-company
policies and controls over operational and strategic
processes and internal controls over compliance with laws
and regulations, based on the right balance between one-
company system controls and the necessary flexibility to
support and control local operational excellence, customer
driven innovation and achieve compliance with relevant
local laws and regulations.
In 2005 Ahold continued the project that was started in
2004 to prepare for compliance with the requirements of
Section 404 of the Sarbanes-Oxley Act (the "Sarbanes Oxley
Act" or "Sox"). We have performed various procedures for
the preparation for the SOx 404 evaluations that we will be
required to complete for the first time as of December 31,
2006. During 2005, we have made significant progress in
the preparation of design documentation and testing of
operating effectiveness of internal controls over financial
reporting. On the other hand, it should be noted that the
status of SOx activities by the end of 2005 varies per arena,
and certain required aspects for the SOx 404 evaluation
have yet to be completed. The Corporate Executive Board
expects that the control deficiencies identified through this
process in 2005 can be solved timely through the current
remediation program.
Ahold uses a comprehensive business planning and
performance review process to monitor its performance.
This consists of a coherent set of instruments, which cover
adoption of strategy, budgeting and reporting of current and
projected results. Business performance is assessed with
respect to both financial and non-financial targets.
Following formal internal control requirements, the
Sarbanes-Oxley Act in the U.S. and the Dutch Corporate
Governance Code, Ahold carried out an extensive exercise
on the design, documentation and functioning of processes
related to financial reporting. Each quarter, management is
required to confirm by means of a letter of representation
that compliance is maintained with, among others, Ahold's
Global Code of Professional Conduct and Ethics, fraud
prevention and detection procedures, control standards and
disclosure requirements.
Management is responsible for managing risks associated
with business activities and for compliance with relevant
local laws and regulations, following normal reporting lines
36