Risk management system and governance
Risk Management plays an important role in the implementation of GrandVision’s strategy. The Risk Management and Internal Control Framework of GrandVision is based on the COSO* Enterprise Risk Management Framework and is in line with the Dutch Corporate Governance Code. The framework aims to combine both an effective and professional organization on the one hand, and a risk profile that GrandVision is willing to accept for the business on the other. Risk Management and Internal Controls make a significant contribution to the prompt identification and adequate management of strategic, market and business risks. They also help to achieve operational and financial goals and to comply with applicable legislation and regulations.
The Management Board, under the supervision of the Supervisory Board, bears ultimate responsibility for GrandVision’s Risk Management and Internal Control Framework. The Board performs oversight by setting the desired ‘tone from the top’, establishing risk appetite and risk strategy and by making decisions to identify, analyze or mitigate risks.
The management teams in the business units are responsible for implementing the strategy, achieving results, identifying underlying opportunities and risks, and ensuring effective controls. They form the first line of defense as the risk owners. GrandVision has developed and deployed a comprehensive Internal Control Framework comprising a set of minimum internal control standards that all business units must comply with. Furthermore, the quality of internal control performance is an integral part of management incentive schemes at country or business unit level.
Both internal and external resources are established at group level to not only detect control issues, but to proactively support the country management teams in solving underlying root causes. Country management acts in accordance with the policies and standards set by the Management Board. These policies and standards are designed and monitored by global functional teams responsible for compliance, controlling and risk management and which form the second line of defense in the Framework.
The independent Internal Audit function of GrandVision, the management of which is partly outsourced to an international audit firm, forms the third line of defence and provides assurance and validation of the overall framework.
We act on our strengths by
We want to improve by
We seize opportunities by
We face our challenges by
* For more information visit www.coso.org