How we manage risk
We are committed to operating with the
utmost integrity. Rigorous controls and
strict adherence to business principles
are essential for protecting Ahold and
its stakeholders.
Risk management and internal control
Enterprise risk management
Ahold's enterprise risk management program provides senior
management with an understanding of Ahold's key business
risks and practices in place to manage these risks. At each
operating company, functional management identifies the
principal risks the company faces, and the mitigating actions
to manage these risks. Business risk committees comprised
of senior executives at each operating company periodically
review these risks and the related mitigation practices. They
consolidate their findings in an enterprise risk management
report that is presented to Ahold's Corporate Executive Board
and Supervisory Board. Executive management at each
operating company is required to review the principal risks and
risk management practices with the Corporate Executive Board
as a regular part of the business planning and performance
cycle. The outcome of our enterprise risk management program
influences the formation of Ahold's policies and internal
controls, the scope of internal audit activities and the focus
of our business planning and performance process.
Ahold Business Control Framework
We maintain the Ahold Business Control Framework (ABC
Framework), which incorporates risk assessment, control
activities and monitoring into our businesses. The aim of the
ABC Framework is to provide reasonable assurance that risks
to achieving important objectives are identified and mitigated.
The framework is based on the recommendations of the
Committee of Sponsoring Organizations of the Treadway
Commission (COSO).
Code of conduct
Monitoring
31 www.ahold.com/reports2008
Governance
AHOLD ANNUAL REPORT 2008 I 24
Our risk management and control systems are designed to
provide reasonable assurance that Ahold's objectives are
achieved. We take a structured and consistent approach to
risk management and internal control by aligning strategy,
policies, procedures, people and technology to manage the
uncertainties we face.
Ahold has developed uniform governance and control standards
in areas such as ethical conduct, contracts and agreements,
accounting policies, and the financial closing process. These,
and other Corporate Executive Board-approved policies and
procedures, are incorporated into the ABC Framework as
mandatory guidelines for all Ahold operating companies.
Within the framework, management is responsible for local
business operations, including risk mitigation and compliance
with laws and regulations. Authority limits have been
established to ensure that all expenditures and decisions
are approved by the appropriate levels of management.
Our Global Code of Professional Conduct and Ethics is based
on Ahold's core values. It is intended to help each employee
understand and follow relevant compliance and integrity rules,
and to know when and where to ask for advice. The code applies
to Ahold, its operating companies and all management-level
employees, as well as to third parties hired by or acting on
behalf of Ahold. It co-exists with the local codes of conduct
in place at each of Ahold's operating companies. The code
is available in the corporate governance section of Ahold's
public website.
Ahold uses a comprehensive business planning and
performance review process to forecast and monitor its
performance. This process covers the adoption of strategy,
budgeting, and the reporting of current and projected results.
Business performance is assessed according to both financial
and non-financial targets.
We have a group-wide management certification process in
place to meet business needs and the requirements of the
Dutch Corporate Governance Code. Each quarter, executive
management at each operating company sends a letter of
representation to Ahold's Disclosure and Compliance Committee
confirming compliance with Ahold's Global Code of Professional
Conduct and Ethics, policies on fraud prevention and detection,
accounting and global control standards, disclosure
requirements and corporate responsibility.