Enterprise risk management
Ahold’s enterprise risk management program is designed to provide executive management with an understanding of our key business risks and associated risk management practices. At each operating company, functional management identifies the principal risks to the achievement of key business objectives and the mitigating actions needed to manage these risks. Business risk committees comprised of senior executives at each operating company periodically review these risks and the related mitigation practices. The findings are consolidated into an enterprise risk management report that is presented to the Corporate Executive Board and the Supervisory Board. Executive management at each operating company are required to review the principal risks and risk management practices with the Corporate Executive Board as a regular part of the business planning and performance cycle. The outcome of the Company’s enterprise risk management program influences the formation of our controls and procedures, the scope of internal audit activities and the focus of the business planning and performance process.
Ahold Business Control Framework
We maintain the Ahold Business Control Framework (ABC Framework), which incorporates risk assessment, control activities and monitoring into our business practices at entity-wide and functional levels. The aim of the ABC Framework is to provide reasonable assurance that risks to achieving important objectives are identified and mitigated. The ABC Framework is based on the recommendations of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Ahold has developed uniform governance and control standards in areas such as ethical conduct, agreements, and accounting policies. These and other Corporate Executive Board-approved policies and procedures are incorporated into the ABC Framework as mandatory guidelines for all Ahold consolidated entities. Within this framework, management is responsible for local business operations including risk mitigation and compliance with laws and regulations. Authority limits have been established to ensure that all expenditures and decisions are approved by the appropriate levels of management.
Our key controls are documented in Ahold Control Memoranda (ACMs). Compliance with the ACMs is mandatory for all of Ahold’s fully-owned entities. The ACMs include the requirement for management to assess the operating effectiveness of all key controls.
Code of Conduct
Our Global Code of Professional Conduct and Ethics is based on Ahold’s core values. It is intended to help each employee understand and follow relevant compliance and integrity rules, and know when and where to ask for advice. The code applies to Ahold, our operating companies and all management-level employees, as well as to third parties hired by or acting on behalf of Ahold. It coexists with the local codes of conduct at each of our operating companies. The code is available in the corporate governance section of Ahold’s public website ( www.ahold.com ).
Monitoring
We use a comprehensive business planning and performance review process to monitor our performance. This process covers the adoption of strategy, budgeting, and the reporting of current and projected results. Business performance is assessed according to both financial and non-financial targets. A group-wide management certification process is in place to meet business needs and the requirements of the Dutch Corporate Governance Code. Each quarter, executive management of each reporting entity send letters of representation to the Corporate Executive Board confirming compliance with Ahold’s Global Code of Professional Conduct and Ethics, policies on fraud prevention and detection, accounting and internal control standards, disclosure requirements and corporate responsibility. Our Internal Audit function helps to ensure that we maintain and improve the integrity and effectiveness of our system of risk management and internal control by undertaking regular risk-based, objective and critical evaluations. Internal Audit also monitors the effectiveness of corrective actions undertaken by management with specific follow-up procedures to significant audit findings.
Governance Risk and Compliance Committee
In 2009 we established a Governance Risk and Compliance (GRC) Committee that replaced our former Disclosure and Compliance Committee. Ahold’s Chief Financial Officer and Chief Corporate Governance Counsel sit on the GRC Committee, as do other members of management responsible for key governance, risk and compliance functions. The GRC Committee, which meets at least quarterly, oversees GRC activities within the Ahold Group and reviews relevant reports that are submitted to the Corporate Executive Board, the Supervisory Board and the Audit Committee.