54 How we manage risk (continued) Ahold's principal risks and uncertainties Description of risk Strategy Key risk drivers Simplicity Responsible retailing Risk mitigating actions Potential consequence Ahold at a glance I Business review I Governance I Financials I Investors Information security (O) Better place to shop A lack of security around, or non-compliance with, privacy requirements for customer data might negatively impact strategic initiatives relating to customer loyalty - Consumer confidence - Sensitivity of data - Changing privacy regulations - Use of third parties to process and store data - Global security threats - Growth of online sales Legislative and regulatory environment (C) A changing legislative and regulatory environment increases the cost of doing business, tax levels and the complexity of our operations Product safety (O, C) The consumption of own-brand products or other food or non-food products, or food fraud in the supply chain could result in our customers' injury, illness or death - Compliance deadlines - Increased and targeted enforcement - Government budget deficits - Public opinion pressure - I nternational Tax Developments (e.g. OECD and EU regulations) - Internationalization of the supply chain - Incidents across the world - Increased number of own-brand products - Speed of communications (social media) 1 Risk objectives: strategic (S), operational (O), financial (F) and compliance (C) risks listed in alphabetical order. Ahold Annual Report 2014 - Strategic and tactical information security policy and guidelines - Information security governance - Control standards for information management and security - Payment Card Industry (PCI) and privacy compliant control framework - Information security capabilities - Information security awareness program - Cyber insurance coverage - Knowledge and awareness of regulations - Monitoring, review and reporting on changes - Operational procedures and guidance Ahold's business operations generate and maintain confidential commercial and personal information concerning customers, employees, suppliers and the Company. Disclosure of confidential information to unintended third parties may negatively impact Ahold's corporate reputation and competitive position or result in litigation or regulatory action. This could have a material adverse effect on Ahold's financial position. Ahold's activities are subject to various laws and regulations in each local market where it operates. The cost of compliance with any of these laws could impact Ahold's operations and reduce its profitability. See further discussion of consequences of the legislative and regulatory risks below. - Product safety policies - Control standards for food and non-food products - Standard operating procedures - Dedicated product integrity departments at Group level and in the business - Monitoring of performance in the business Though it has mitigating actions in place, Ahold may face product safety problems, including disruptions to the supply chain caused by food-borne illnesses and negative consumer reaction to incidents, which may have a material adverse effect on the Company's reputation, results of operations and financial position. - Third-party certification

Jaarverslagen | 2014 | | pagina 122