How we manage risk continued
Overview
Business review
Governance
Financials
Investors
Ahold Delhaize Annual Report 2016
Three lines of defense model
Compliance
At Ahold Delhaize, an essential part of our
strategic framework is behaving according
to our values. One of Ahold Delhaize’s values
is “Integrity,” which means that the Company
and all its associates do the right thing to
earn customers’ trust. We strive to comply with
applicable laws and regulations everywhere
we do business.
Control framework
The Ahold Delhaize control framework
incorporates risk assessment, control activities
and monitoring into our business practices
at entity-wide and functional levels. A three
lines of defense model has been adopted to
provide reasonable assurance that risks to
achieving important objectives are identified
and mitigated.
1st Line of Defense:
Group and Business
Management
Role
Own and manage the risk
2nd Line of Defense:
Risk Management, Control,
Compliance and other
specialized functions
Role
Facilitate, support and
challenge in implementing
effective risk management
We are creating uniform governance and
control standards in areas such as ethical
conduct, agreements and product integrity.
These and other policies and procedures
will be incorporated into the Ahold Delhaize
control framework as mandatory guidelines
for all of Ahold Delhaize’s consolidated
entities. Local management is responsible for
business operations, including risk mitigation
and compliance with laws, regulations
and internal requirements. Authority limits
have been established to ensure that all
expenditures and decisions are approved
by the appropriate levels of management.
3rd Line of Defense:
Internal Audit
Role
Provide independent
assurance
Audit, Finance
Risk Committee/
Supervisory Board
In a time of significant transition and change,
our new company has carried forward the
unwavering commitment to integrity that
was also at the core of Ahold and Delhaize
Group prior to the merger. We are in the
process of creating a single Code of Ethics
that will apply across Ahold Delhaize. Until this
is launched in 2017, the “Code of Conduct”
and the “Guide for Ethical Business Conduct”
(collectively referred to as the “Codes”) apply
to our businesses and associates with the
same expectation: that they conduct business
in accordance with ethical principles, internal
policies and procedures, and applicable laws
and regulations. The Codes are intended to
help each associate understand and follow
relevant compliance and ethics principles
and rules, and to know when and where to
ask for advice or report a compliance or
ethics breach, which includes the use of a
whistleblower line. The principles in the Codes
apply to all associates of Ahold Delhaize and
its operating businesses. Associates of certain
defined grade levels have been trained
in and acknowledge compliance with the
Codes on an annual basis. The full Codes
are available in the corporate governance
section of Ahold Delhaize’s public website at
www.aholddelhaize.com.
As a consequence of the Ahold Delhaize merger,
Ahold Delhaize is classified as a U.S. registrant,
which implies that Ahold Delhaize should
comply with the Sarbanes Oxley Act (SOx) as of
financial year 2016. SOx Section 404 requires
that management perform an assessment of the
Internal Controls over Financial Reporting (ICFR)
to confirm both the design and operational
effectiveness of the controls.
Monitoring and assurance
We use a comprehensive business planning
and performance review process to monitor
the Company’s performance. This process
covers the adoption of strategy, budgeting
and the reporting of current and projected
results. We assess business performance
according to both financial and non-financial
targets. In order to meet business needs and
the requirements of the Dutch Corporate
Governance Code, we have a Group-wide
management certification process in
place, which requires that the executive
management team members at each of our
reporting entities send letters of representation
to the Chief Legal Officer on a quarterly
basis. These letters confirm whether the
reporting entities are in compliance with Ahold
Delhaize’s Codes, policies on fraud prevention
and detection, accounting and internal control
standards, and disclosure requirements.
Both our Risk Controls and Internal Audit
functions help to ensure that we maintain
and improve the integrity and effectiveness
of our system of risk management and
internal control. Internal Audit undertakes
regular risk-based, objective and critical
audits. These functions also monitor the
effectiveness of corrective actions undertaken
by management.
Management Board
Executive Committee
Senior Management
Our key control requirements are documented
in the Ahold Delhaize Manual. This Manual
provides consistent guidance on the key
policies and principles that were immediately
applicable to our businesses as of the merger
date. Various other former Delhaize Group
and Ahold charters, policies and procedures
have not yet been fully integrated and will be
added in the coming year.
95
