Risk Management plays an important role in implementing GrandVision’s strategy. Our Risk Management and Internal Control Framework is based on the COSO1 Enterprise Risk Management Framework and is in line with the Dutch Corporate Governance Code. The framework combines an effective and professional organization with a risk profile that GrandVision is willing to accept for the business. Additionally, Risk Management and Internal Controls significantly contribute to the prompt identification and adequate management of strategic, market and business risks. They also enable us to achieve operational and financial goals and comply with applicable legislation and regulations.
The Management Board, under the supervision of the Supervisory Board, bears ultimate responsibility for GrandVision’s Risk Management and Internal Control Framework. The Board performs oversight by setting the desired 'tone from the top,' establishing risk appetite and risk strategy and making decisions to identify, analyze or mitigate risks.
Business unit management teams are responsible implement the strategy, achieve results, identify underlying opportunities and risks and ensure effective controls. They form the first line of defense as risk owners. GrandVision has developed a comprehensive Internal Control Framework with a minimum set of internal control standards that all business units must comply with. The quality of internal control performance is also an integral part of management incentive schemes at country or business unit levels.
To detect control issues and proactively support the country management teams in solving underlying root causes, both internal and external resources are established at a group level. Country management acts in accordance with policies and standards set by the Management Board. Global functional teams design and monitor these and are responsible for compliance, control and risk management, which form the second line of defense in the Framework.
GrandVision’s management of our independent Internal Audit function is partly outsourced to an international audit firm, which forms the third line of defense and assures and validates the overall Framework.
1 For more information visit Coso.org