Our approach to risk management and business control
Risk management forms an integral part of the business planning and review cycle. The company’s risk and control policy is designed to provide reasonable assurance that objectives are met by integrating management control into the daily operations, by ensuring compliance with legal requirements and by safeguarding the integrity of the company’s ﬁnancial reporting and its related disclosures. It makes management responsible for identifying the critical business risks and for the implementation of ﬁt-for-purpose risk responses. Philips’ risk management approach is embedded in the areas of corporate governance, Philips Business Control Framework and Philips General Business Principles.
Corporate governance is the system by which a company is directed and controlled. Philips believes that good corporate governance is a critical factor in achieving business success. Good corporate governance derives from, amongst other things, solid internal controls and high ethical standards. Risk management is a well-established part of Philips’ corporate governance structure.
The quality of Philips’ systems of business controls and the ﬁndings of internal and external audits are reported to and discussed in the Audit Committee of the Supervisory Board. Internal auditors monitor the quality of the business controls through risk-based operational audits, inspections of ﬁnancial reporting controls and compliance audits. Audit committees at corporate level (Finance and IT/Supply) and sector level (Healthcare, Lighting, Consumer Lifestyle, Group Management & Services) meet quarterly to address weaknesses in the business control infrastructure as reported by internal and external auditors or revealed by self-assessment of management, and to take corrective action where necessary. These audit committees are also involved in determining the desired company-wide internal audit planning as approved by the Audit Committee of the Supervisory Board. An in-depth description of Philips’ corporate governance structure can be found in Corporate governance.
Philips Business Control Framework
The Philips Business Control Framework (BCF), derived from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework on internal control, sets the standard for risk management and business control in Philips. The objectives of the BCF are to maintain integrated management control of the company’s operations, in order to ensure integrity of the ﬁnancial reporting, as well as compliance with laws and regulations.
As part of BCF, Philips implemented a global standard for internal control over ﬁnancial reporting (ICS). The ICS, together with Philips’ established accounting procedures, is designed to provide reasonable assurance that assets are safeguarded, that the books and records properly reﬂect transactions necessary to permit preparation of ﬁnancial statements, that policies and procedures are carried out by qualiﬁed personnel, and that published ﬁnancial statements are properly prepared and do not contain any material misstatements. ICS has been deployed in all main reporting units, where business process owners perform an extensive number of controls, document the results each quarter, and take corrective action where necessary. ICS supports sector and functional management in a quarterly cycle of assessment and monitoring of its control environment. Findings of management’s evaluation are reported to the Board of Management.
As part of the Annual Report process, management’s accountability for business controls is enforced through the formal issuance of a Statement on Business Controls and a Letter of Representation by sector and functional management to the Board of Management. Any deﬁciencies noted in the design and operating effectiveness of controls over ﬁnancial reporting which were not completely remediated are evaluated at year-end by the Board of Management. The Board of Management’s report, including its conclusions, regarding the effectiveness of its internal control over ﬁnancial reporting, can be found in
Management's report on internal control.
Philips General Business Principles
The Philips General Business Principles (GBP) govern Philips’ business decisions and actions throughout the world, applying equally to corporate actions and the behavior of individual employees. They incorporate the fundamental principles within Philips for doing business. The intention of the GBP is to ensure compliance with laws and regulations, as well as with Philips’ norms and values.
The GBP are available in most of the local languages and are an integral part of the labor contracts in virtually all countries where Philips has business activities. Responsibility for compliance with the principles rests primarily with the management of each business. Every country organization and each main production site has a compliance ofﬁcer. Conﬁrmation of compliance with the GBP is an integral part of the annual Statement on Business Controls that has to be issued by the management of each business unit. The GBP incorporate a whistleblower policy, standardized complaint reporting and a formal escalation procedure.
The global implementation of the One Philips Ethics hotline seeks to ensure that alleged violations are registered and dealt with consistently within one company-wide system.
To drive the practical deployment of the GBP, a set of directives has been published, which are applicable to all employees. There are also separate directives which apply to speciﬁc categories of employees (e.g. the Supply Management Code of Ethics and Financial Code of Ethics www.philips.com/gbp).
At the end of 2009 an updated and extended version of the GBP directives was approved and adopted, reﬂecting developments in codes of conduct and business integrity legislation. The Financial Code of Ethics contains, applicable to all employees performing important ﬁnancial functions amongst other things, standards to promote honest and ethical conduct, as well as full, accurate and timely disclosure procedures in order to avoid conﬂicts of interest. Philips did not grant any waivers of the Financial Code of Ethics in 2009.
Comprehensive Rules of Conduct containing mandatory protocols governing the investigation of GBP complaints were ﬁnalized and distributed throughout the organization worldwide in 2009. A global internal communication program tailored to the respective businesses with the aim of strengthening employee awareness of the importance of the Philips GBP and GBP Directives was rolled out in 2009.
The implementation of a clearly structured procedure for appointment of GBP compliance ofﬁcers (responsibilities and authority, hierarchical structure and organizational mandate/independence) was completed in 2009. Furthermore, the functional job assessment of compliance ofﬁcers is now mandatorily included in their annual ‘People Performance Management’ appraisal. An updated version of the mandatory web-based GBP training, which is designed to reinforce awareness of the need for compliance with the GBP, was rolled out in the US, the Netherlands and India in 2009. The rest of the global roll-out (a total of 23 languages) will take place in the ﬁrst half of 2010. In 2009, a total of seven tailor-made regional GBP training programs were rolled out in the framework of the mandatory annual (refresher) training of compliance ofﬁcers.