risk management and control systems

general principles of our risk management

Managing risks well and seizing opportunities is crucial for creating value for USG People’s stakeholders. Risk management is an integral part of our day-to-day business operations. Opportunities and threats are identified in a timely manner and managed within the context of our risk tolerance. We pursue a policy aimed at safeguarding the continuity of our operations while maintaining a healthy balance between risk and returns. This is evident in the manner in which we deal with different types of risk. Our risk acceptance for operational risks is limited. With regard to financial risks we pursue a stable financial policy with minimal, manageable risks. And a zero tolerance policy is applied with respect to compliance with legislation and regulations. Where necessary and possible we take out appropriate insurance with third parties to limit the possible impact of those risks.

risk management model

Regular risk sessions are held within our operations to identify the main risks. Measures are taken or existing control measures are adjusted if necessary. The status of the risks and measures is reported to the Corporate Audit & Risk Management department on a quarterly basis. Corporate Audit & Risk Management reports the identified risks to the Executive Board and the audit committee. Additionally the Executive Board organises an annual risk management session and an update session. The outcome of the sessions held by the Executive Board results in a determination of and insights into the main current risks for USG People. Plans of action are drafted, taking into account risk-mitigating measures that have already been taken. This process enables USG People to keep its risks within acceptability parameters and to safeguard the implementation of risk-mitigating measures. The main risks for USG People are discussed with the Supervisory Board on a regular basis. A description of our main risks can be found in the risk management chapter in the executive report.

our internal risk management and control systems

The internal risk management and control systems at USG People consist of a combination of tools shown in the diagram hereafter. The systems are based on the COSO ERM model.

It is the responsibility of the Executive Board to establish internal risk management systems and to monitor and safeguard their performance and effectiveness. It goes without saying that the completeness of such systems cannot be guaranteed. The elements of the risk management and control systems are explained in more detail below.

governance framework

It goes without saying that the framework for USG People is defined by external laws and regulations. We operate with local specialists to closely monitor legislation and regulations and to respond to changes in a timely manner. We also apply internal guidelines such as a code of conduct, business principles, whistleblower policy, anti-fraud policy and corporate authorisation matrix. Together these guidelines form the control framework within which USG People aims to achieve its objectives. The current set of guidelines, drawn up by the corporate departments, is available for all our employees at all times. New employees are given the guidelines when they commence their employment. The Corporate Audit & Risk Management department reviews the embedding of the guidelines within the organisation. Familiarity with these guidelines and their availability is a point of attention during audits. The Executive Board and the audit committee are informed about this and additional measures are taken if necessary.

achievement of objectives

The objectives and strategy are the starting points for our tactical and operational planning and the activities through which we seek to achieve our objectives.

steering mechanisms

Steering mechanisms are needed to achieve the objectives within the governance framework. These include the financial and operational planning and control cycles, such as the monthly and quarterly reporting, at every level of the organisation. These are supported by manuals, procedures and a detailed accounting manual outlining the principles of valuation and determination of results. There are direct reporting lines between the Executive Board and the boards of the star brands. Every month the members of the Executive Board hold a meeting with the boards of the star brands and the shared service centres to discuss the services they provide to their clients, financial and operational performance, forecast, risk management and the progress made in achieving the strategic objectives. All parties involved work together closely to improve the planning and control cycles. In addition to the monthly planning and control cycles the forecasts for the upcoming year are set in the fourth quarter based on forward-looking macro-economic trends, sector-specific information and the monthly performance of the star brands, followed by three forecast moments during the year. Reports are modified if management information needs change to ensure effective governance.

governance by the Executive Board and management

The Executive Board is responsible for the proper functioning of the risk management and control model, as described above. This responsibility is partly delegated to line managers and staff managers in the organisation.

supervision and monitoring

The Executive Board is responsible for the development, existence and operation of the risk management and control systems and is accountable to the Supervisory Board. This forms the basis of the supervision by the Supervisory Board of the quality of the risk management and control systems.

The Supervisory Board receives information from the internal and external audit function at regular meetings of the audit committee. Audits are conducted by USG People’s centrally organised internal audit function, which is supported in its activities by a network of local specialists. Assessments carried out by the line management, staff management and internal audit identify possible areas for improvement in our risk management and control systems. This regular assessment allows the Executive Board to manage quality internally. It addresses shortcomings that emerge from the reports, makes the necessary adjustments and monitors actions aimed at improvement.

Under the existing governance structure the boards of the operations have the responsibility to organise and monitor their risk management and control systems independently within the policy and set framework. The internal audit department is focused on the manner in which local management is structured and managed its control system.

Fraud and bribery are risks for many organisations. Our Code of Conduct contains regulations pertaining to ethical behaviour and how to deal with identified deviations from our rules and guidelines on the matter. The risk management and control systems as well as the supervision and monitoring system are also aimed at preventing fraud and bribery. The anti-fraud policy comes into effect if fraud is detected and all relevant levels of management are involved. A similar procedure comes into effect in the event that active or passive forms of bribery are detected.

statement of the Executive Board regarding the evaluation of risk management and internal control:

The Executive Board is aware that risk management and control systems, however extensive they may be, are unable to provide absolute certainty that all material inaccuracies, losses, fraud and breaches of laws and regulations can be prevented entirely. The policy of the Executive Board remains focused on constantly monitoring and improving the internal risk management and control systems in order to make the processes as effective and reliable as possible. The Supervisory Board and audit committee in particular are informed on the structure, existence and operation of the internal risk management and control systems. It is the opinion of the Executive Board that the risk management and control systems functioned properly in the year under review with respect to the financial reporting risks. These systems provide a reasonable level of certainty that no material inaccuracies are contained in the 2015 financial reporting.

The Executive Board also declares that to the best of its knowledge:

  • the financial statements of USG People for 2015 give a true and fair view of the assets, liabilities, financial position and profit or loss of USG People N.V. and companies jointly included in the consolidation;
  • the annual report of USG People gives a true and fair view of the position at the balance sheet date, the course of events during the financial year of USG People N.V. and the companies associated with it, the results of which are included in the financial statements;
  • the principal risks facing USG People are outlined in the annual report.