The Chief Executive Officer and his Exec
utive Committee have set a clear tone
at the top that consistent and effective
performance of internal control activi
ties are crucial to achieving executional
excellence; a founding principle of the
New Game Plan.
DELHAIZE GROUP ANNUAL REPORT '11 45
Delhaize Group also has implemented
policies and procedures that determine
the governance of the Group to ensure
that group strategies and overall busi
ness objectives are pursued under a
controlled and well-defined decision
making authority.
The Company's Guide for Ethical Business
Conduct provides a statement of our posi
tion on various ethical and compliance
issues that could impact our business and
summarizes a number of Company poli
cies that must guide our actions.
We also expect our franchisees and
independent store operators, vendors
and outside consultants such as busi
ness, financial, technical or legal advi
sors to be guided by these standards.
Ultimately, the guide serves to make
good decisions and conduct business
ethically.
A full copy is available on the Company
website.
Risk Management
The Company defines risk management
as a process of identifying, assessing,
and managing the risks associated
with the operations of the business for
the purpose of minimizing the effects of
such risks on the organization's ability to
achieve its objectives and create value
for its stakeholders.
Leaders throughout the Company and
at all levels of the organization own and
are responsible for managing risk. These
leaders are expected to be aware of and
understand risk when developing strate
gies, setting objectives and making deci
sions. Many departments within the com
pany support risk management activities
including: Legal, Compliance, Internal
Audit, Quality Assurance and Food Safety,
Insurance, Claims Management, Loss
Prevention/Security, Health/Safety, Infor
mation Security, Accounting and Finance
and Risk Management. These activities
support our leaders in fulfillment of their
risk management responsibilities.
The Audit Committee and Executive
Committee have approved the Delhaize
Group Risk Management Program,
which is a Company wide process to
provide high quality, actionable risk
information to its leaders.
The Program's standardized frame
work enables the Company to create
an aggregated view of risk, strengthen
its risk capability, and provides a tool to
secure our future success. It creates vis
ibility into risk information for Company
leaders as well as the Executive Com
mittee, Audit Committee and Board of
Directors.
The Program and its supporting frame
work have been designed to manage
risk broadly throughout the Group. It can
be used to manage risk at an enterprise,
region, operating company, function,
department, process, activity or project
level.
The risk framework supports enterprise
risk management. The traditional risk
management process starts by iden
tifying business activities or business
processes as well as the risks associ
ated with these activities or processes.
Enterprise risk management starts with
the Company's strategic priorities, goals
and objectives and an evaluation of
those risks that may prevent the Com
pany from achieving its strategic priori
ties, goals and objectives.
Information and Communication
Pertinent information is identified, cap
tured and communicated to associates in
a form and timeframe that enables them
to effectively carry out their responsibili
ties. The Company's Information systems
produce reports, containing operational,
financial and compliance-related infor
mation, that make it possible to run and
control every aspect of the business.
Communication within the Company
occurs in a broader sense, flowing down,
across and up the organization.
Uniform reporting of financial informa
tion is performed both upstream and
downstream and ensures the consist
ency of data which allows the Company
to detect potential anomalies in its inter
nal control framework. A detailed finan
cial calendar for this reporting is estab
lished every year in consultation with
the board and is designed to allow for
performance information to be prepared
accurately, yet reported timely to stake
holders in order to make sound business
decisions.
Control Activities
Control activities include policies and
procedures to help monitor and manage
risk. Control activities occur throughout
the organization, at all levels and in all
functions. They include a range of activi
ties as diverse as approvals, authori
zations, verifications, reconciliations,
reviews of operating performance, secu
rity of assets and segregation of duties.
The Company has designed control
activities for all relevant business pro
cesses across each operating company
as well as its corporate support offices.
Significant policies and procedures are
published on the Company's public web
sites, intranet sites and other communi
cation portals as well being periodically
circulated throughout the Company.
Monitoring
Monitoring, as defined in the COSO
Framework, is implemented to help
ensure "that internal control continues to
operate effectively." The Company had
designed its monitoring procedures to
ensure that:
Internal control deficiencies are identi
fied and corrected on a timely basis;
Information used in decision making is
reliable and accurate;
Financial statements are prepared
accurately and timely; and
Periodic certifications or assertions on
the effectiveness of internal control can
be made.
The Company's monitoring procedures
consist of a combination of management
oversight activities and independent
objective assessments of those activities
by internal audit or other third-parties.