Risk management and internal control

Internal control and risk management systems are in place. Our risk management system is explained in more detail in the Strategy section.

We have strict procedures for internal and disclosure controls and auditor independence. The Disclosure Committee monitors the procedures established by the company and advises the Executive Committee to ensure adequate and timely disclosure of material financial and non-financial information.

An Internal Control committee is responsible for maintaining the company’s internal control framework. The awareness of the company-wide internal control framework and self-assessment process was improved in 2013 by publishing and distributing the AkzoNobel control framework in an infographic format (see the following page). An area of continued focus in 2013 was the control standards for our key IT systems and making more use of automated controls in these systems.

We also have a company-wide compliance monitoring tool in place to discuss and monitor progress with respect to compliance-related issues. More detail on the so-called non-financial letter of representation process is available in the Compliance and integrity management chapter.

Reference is made to the Statement of the Board of Management in the Our leadership section for the statements in respect of the internal risk management and control systems.

The AkzoNobel control framework provides reasonable assurance in achieving business goals, including strategic, operational and reporting goals, as well as those covering compliance. Internal control is not only about policies and procedures, but also relates strongly to people.

AkzoNobel control framework (graphic)
  1. Control environment
    The control environment provides the foundation. On the one hand, it gives organizational structure and assigns responsibillities. On the other, it shows commitment to the company’s values and to all employees.
  2. Setting objectives
    Clear targets are vital for internal control. These align our vision, strategy and day-to-day business activities.
  3. Responding to risk
    Achieving our targets can be threatened by all possible risks. What these risks are, where they come from and how to handle them is a dynamic and ongoing process.
  4. Control activities
    Controls are executed everywhere, at all levels of the company and in all stages of business processes.
  5. Monitoring activities
    Monitoring activities give feedback on the quality of the business processes.
    The four lines of defense:
    • Business management
    • Corporate departments
    • Internal audit
    • External audit
  6. Information and communication
    Nothing happens without information and communication between people.