market strategy, benefiting from
support functions at the global and/
or regional level, whichever makes
the most sense in terms of efficiency.
Delhaize Group also has imple
mented policies and procedures
that determine the governance of
the Group to ensure that group
strategies and overall business
objectives are pursued under a con
trolled and well-defined decision-
making authority.
The Company's Guide for Ethical
Business Conduct provides a state
ment of our position on various
ethical and compliance issues that
could impact our business and sum
marizes a number of Company poli
cies that must guide our actions.
We also expect our franchisees and
independent store operators, ven
dors and outside consultants such
as business, financial, technical or
legal advisors to be guided by these
standards. Ultimately, the guide
serves to make good decisions and
conduct business ethically.
A full copy is available on the Com
pany website.
Risk Management
The Company defines risk manage
ment as a process of identifying,
assessing, and managing the risks
associated with the operations of
the business for the purpose of min
imizing the effects of such risks on
the organization's ability to achieve
its objectives and create value for its
stakeholders.
Leaders throughout the Company
and at all levels of the organization
are responsible for managing risk.
These leaders are expected to be
aware of and understand risk when
developing strategies, setting objec
tives and making decisions. Many
departments within the Company
support risk management activities
including: Legal, Compliance, Inter
nal Audit, Quality Assurance and
Food Safety, Insurance, Claims Man
agement, Loss Prevention/Security,
Health/Safety, Information Security,
Accounting and Finance and Risk
Management. These activities sup-
port our leaders in fulfilment of their
risk management responsibilities.
The Audit Committee and Execu
tive Committee have approved the
Delhaize Group Risk Management
Program, which is a Company-wide
process to provide high quality, action
able risk information to its leaders.
The Program's standardized frame
work enables the Company to cre
ate an aggregated view of risk,
strengthen its risk capability, and pro
vides a tool to secure our future suc
cess. It creates visibility into risk infor
mation for Company leaders as well
as the Executive Committee, Audit
Committee and Board of Directors.
The Program and its supporting
framework have been designed to
manage risk broadly throughout the
Group. It can be used to manage
risk at an enterprise, region, operat
ing company, function, department,
process, activity or project level.
The risk framework supports enter
prise risk management. The tradi
tional risk management process
starts by identifying business activi
ties or business processes as well
as the risks associated with these
activities or processes. Enterprise
risk management starts with the
Company's strategic priorities, goals
and objectives and an evaluation
of those risks that may prevent the
Company from achieving its strate
gic priorities, goals and objectives.
Information and Communication
Pertinent information is identified,
captured and communicated to asso
ciates in a form and timeframe that
enables them to effectively carry out
their responsibilities. The Company's
information systems produce reports,
containing operational, financial and
compliance-related information, that
make it possible to run and control
every aspect of the business. Commu
nication within the Company occurs
in a broader sense, flowing down,
across and up the organization.
The Chief Executive Officer and his
Executive Committee have set a clear
tone at the top that consistent and
effective performance of internal con-
trol activities are crucial to achieving
executional excellence; a founding
principle of the New Game Plan.
Uniform reporting of financial infor
mation is performed both upstream
and downstream and ensures the
consistency of data which allows the
Company to detect potential anom
alies in its internal control frame
work. A detailed financial calendar
for this reporting is established
every year in consultation with the
Board and is designed to allow
for performance information to be
prepared accurately, yet reported
timely to stakeholders in order to
make sound business decisions.
Control Activities
Control activities include policies
and procedures to help monitor
and manage risk. Control activities
occur throughout the organization,
at all levels and in all functions.
They include a range of activities as
diverse as approvals, authorizations,
verifications, reconciliations, reviews
of operating performance, security
of assets and segregation of duties.
The Company has designed control
activities for all relevant business pro
cesses across each operating com
pany as well as its corporate support
offices. Significant policies and pro
cedures are published on the Com
pany's public websites, intranet sites
and other communication portals as
well as being periodically circulated
throughout the Company.
Monitoring
Monitoring, as defined in the COSO
Framework, is implemented to help
ensure "that internal control contin
ues to operate effectively." The Com
pany had designed its monitoring
procedures to ensure that:
Internal control deficiencies are
identified and corrected on a
timely basis;
Information used in decision mak
ing is reliable and accurate;
Financial statements are prepared
accurately and timely; and
Periodic certifications or assertions
on the effectiveness of internal
control can be made.
DELHAIZE GROUP ANNUAL REPORT '12 47
