ACCELL GROUP JAARVERSLAG 2018 | 5.3 Risk management and internal controls

5.3
Risk management and internal controls

There are inherent risks in Accell Group’s business activities and organisation. Accell Group may fail to meet strategic, operational and financial objectives in full and the company also faces risks in the field of financial reporting and the application of laws and regulations. The extent to which the company is willing to run these risks in striving to achieve its goals differs per risk category.

Accell Group has a relatively high risk appetite with respect to innovation, development and marketing. At the same time, the company has a low risk appetite on the product safety front. Where possible, Accell Group has transferred the risks it is unwilling to take on independently to an insurance company.

Risk management is a significant part of the tasks of Accell Group’s Board of Directors, with the aim of having a positive impact on the realisation of our corporate objectives.

RISK MANAGEMENT SYSTEM

We use a risk management system that identifies and mitigates risks at all levels of the organisation. We analyse risks during formal meetings, such as those of the Board of Directors and the Supervisory Board, and in our day-to-day work in all our operations around the world. In 2018, we worked with external consultants to implement a risk management programme that was in line with the strategy we refined in March 2018.

This risk management system comprises the following components:

Top-down and bottom-up identification of the company’s key strategic, operational, financial and compliance risks;
Top-down and bottom-up evaluation of risks associated with the company’s strategic alternatives and objectives. The risk management programme has been summarised in a document to identify possible risks and set priorities on the basis of a risk classification system that estimates both the impact and the likelihood of a risk;
The development of a cohesive system of measures to control, mitigate, avoid or transfer risks. This system is then used to outline actions and describe control measures on the basis of guidelines and standards. This risk management system is tailored to the size of the company and our adjusted organisational structure.

Even when our risk management and control system operates effectively, material errors, fraud or illegal acts may occur. The system therefore does not provide absolute certainty that objectives will be realised, but was developed to achieve a reasonable level of assurance with regard to the effectiveness of the internal controls pertaining to financial and operational risks that may affect the organisation’s objectives.

ORGANISATION

The Board of Directors takes stock of and analyses the risks associated with the strategy and the company’s business operations. The Board determines the risk appetite and decides which measures to take to mitigate risks.

Based on the risk analysis, the Board of Directors implements and maintains suitable internal risk management and control systems. Where relevant, these systems are integrated in Accell Group’s operating processes and we ensure that all relevant employees are conversant with these systems.

The Board of Directors monitors the operation of the systems. This monitoring covers all material control measures related to our key risks. The Board of Directors discusses the risk management with the audit committee.

Market and operational risk management is organised at regional level, while the organisation of the supply chain and HRM is increasingly managed at group level. We have centralised management and control measures related to acquisitions, treasury, financial reporting, tax and legal issues at group level.

As of July 2018, at group level we are working with a more centralised management, a new region structure and on the basis of a new strategic brand portfolio. This creates more consistency and direction in our innovation, marketing and distribution. In line with this adjustment, we have also centralised our bicycle parts and accessories business under a single management.

The targets per region, which relate primarily to sales and distribution, are determined in consultation between the Board of Directors and the regional management. We have set cost savings targets for 2019-2022. The company monitors progress through the financial planning cycle and management information, the risk analysis and regular visits by the Board of Directors and other group-level employees to the various regions.

RISK ANALYSIS

The Board of Directors, the management of the various regions and the central supply chain team periodically draw up an analysis of the strategic, operational, financial and compliance risks. For the purposes of the risk analysis, Accell Group conducts a detailed inventory of internal and external risks, which the members of the Board of Directors and the management of the subsidiaries then assess individually in terms of their potential impact on the company.

The company also periodically assesses the control measures related to the key risks. The aim of the Board of Directors is to continuously assess the system and make any necessary improvements. The Board of Directors periodically discusses the key risks with the Supervisory Board.

FINANCIAL PLANNING CYCLE AND MANAGEMENT INFORMATION

Accell Group’s various local companies draw up strategic plans each year, partly based on the main trends and developments in their region and the local environment. Once harmonised and approved, these plans are translated into annual budgets. The Board of Directors discusses the consolidated strategic plan and budget with the Supervisory Board.

Management information reports are compiled on a weekly and monthly basis. Prognoses are drawn up at least three times a year. The actual results are reviewed and compared to budgets and prognoses on a monthly basis and the outcome is reported to the Board of Directors.

AUTOMATION AND SYSTEMS

To safeguard the quality of the company’s financial reporting and operational controls, Accell Group works with a clearly defined administrative organisation and extensive system of internal controls. The internal control system is largely embedded in the company’s information systems.

We are aiming for greater automation of our internal controls at group level. And we want to embed our entire administrative organisation more strongly in this internal control system. In 2018, we completed the selection procedure for a new, robust ERP system for the entire group and we have set up an implementation team for the phased transition to this system in the coming years.

FINANCIAL ADMINISTRATION GUIDELINES

Financial department staff are provided with guidelines and instructions pertaining to the structure and maintenance of the financial administration and reporting systems. Details of these are provided in a reference document. The guidelines and instructions comply with prevailing IFRS standards.

INTERNAL AUDIT

We added two members to our internal audit team in 2018 and this now has three members. The team carries out its tasks on the basis of a detailed internal audit plan, a predetermined assessment framework and an internal control framework. This framework outlines the inherent risks per process and the associated internal control measures.

Findings from the internal audits and associated recommendations are reported to the Board of Directors to reinforce the internal control process. The Board of Directors makes any decisions required and these are subject to a fixed follow-up deadline. It has been agreed with the Supervisory Board’s audit committee that the internal auditor reports any high-priority findings directly to the committee. This also applies to the follow-up on previous high-priority findings. The follow-up on high-priority findings is a regular item on the agenda of the audit committee meetings.

The internal control framework also includes embedded internal procedures, guidelines and management regulations for decisions that could have a financial impact. These rules have been drawn up with the purpose of involving the Board of Directors in important decentralised decisions and for it to approve such decisions, frequently in writing. The management regulations were amended in 2018. These new regulations came into force on 1 January 2019 and have been shared with the management teams in the regional and country operations.

In recent years, Accell Group has conducted internal audits at various local companies and devoted attention to group-wide control measures. As part of the internal audit plan, the subject of fraud is discussed with the local management, as well as in regular consultations with the CFO. The subject of fraud risk management is an item on the agenda of the controllers meeting and in consultations between the Board of Directors and the Supervisory Board. This helps to raise awareness of the responsibility for the prevention and detection of fraud risk among local management and to share this responsibility with them.

In 2019, the internal audit team will continue to develop the internal control framework and the group-wide control measures. The team uses data analysis for auditing purposes. The purpose of this is to apply continuous monitoring, aimed at obtaining indicators from IT systems, processes and control measures, which are collected, controlled and monitored on a regular basis. The team will also review the risk management system and facilitate the risk management process. In addition to the previously mentioned regular internal audits, specific ad hoc tasks are also carried out at the request of the Board of Directors or the audit committee.

In 2019, we will hire a team of external specialists to support our internal audit team in the audits of the implementation of the new ERP system. The findings of these audits will be reported to the members of the IT steering group, the Board of Directors and the audit committee. Accell Group has started the search for these external specialists.

EXTERNAL AUDITOR

The external auditor draws up an annual audit plan. In the context of the audit of the financial statements, the external auditor conducts an assessment of the structure and presence of the most important internal controls of the business processes insofar as these are relevant to the audit of the financial statements.

The external auditor reports the outcome of this assessment in a formal management letter. The most important findings are discussed with the Board of Directors and with the Supervisory Board (partly in the absence of the Board of Directors).

LETTER OF REPRESENTATION

Each year, the directors of our local companies sign a Letter of Representation, a detailed statement pertaining to financial annual reports and the existence and functioning of their internal control systems. For this detailed statement, the company has drawn up a checklist of subjects that is also signed annually by other local managers.

OTHER RISK MANAGEMENT MEASURES

Accell Group has an internal code of conduct. This code was updated in 2018 and re-adopted by the Board of Directors and approved by the Supervisory Board. This internal code of conduct applies to all employees and is published on our corporate website.

The basic rules for the directors of our local companies have been laid down in management regulations. These include detailed procedures related to internal decision-making and communications.

Accell Group has a whistle-blower regulation, which is available on our corporate website. The whistle-blower regulation ensures that any violations of existing policy and procedures can be reported without any negative consequences for the person reporting the violation.

MAIN RISKS AND MITIGATION OF THESE RISKS

The results of Accell Group are affected by the general economic conditions and the economic outlook of the countries in which the company is active. The conditions in the group’s key purchasing markets also play a role. We divide the risks into the following categories: strategic, operational, financial and compliance risks. Social and environmental risks have been integrated in these categories with a view to integrated reporting. The following overview is not an exhaustive list of risks to which the company is exposed. Additionally, some risks are listed only once, while they may fit into various risk categories.

IMPROVEMENTS PLANNED FOR 2019

Accell Group’s risk control system is embedded in the organisation and the company has continued to extend and improve the system in recent years. The company is planning the following actions and/or improvements for 2019:

Re-evaluation of the main risks, using input from the operating companies, the Board of Directors and the Supervisory Board to assess whether the currently identified risks and associated risk appetite are still fit for purpose;
Further integration of the risks related to sustainability, with specific attention for both the human and environmental aspects of same;
Involving the internal audit team in the assessment of the follow-up to control measures and the assessment of risks;
Recruitment of an internal control coordinator to bolster our financial department at group level. The internal control coordinator will review the existing internal control framework, make recommendations and coordinate the implementation of same. Taking into consideration the implementation of the new ERP system, the coordinator will be closely involved in the setting up of an adequate separation of functions in the new system. The emphasis on this front will be on the application of automated control measures. The coordinator will also train the staff at our financial department in the application of the standardised internal control framework;
Increasing the focus on the change agenda, because in addition to the required organisational adjustments, this year will also see the start of the implementation of the new ERP system. The Board of Directors wants to set more priorities in the sequentiality of the change process with the support of the change manager hired in mid-2018.