The Executive Board is responsible for the control environment including risk management and internal control systems, and for the optimum management of the strategic, operational, financial, tax and reporting risks related to Kendrion’s business. The risk management and internal control systems extend to areas such as culture, policy-making, processes, duties, influencing conduct and other aspects of doing business that provide for the achievement of targets. Risk management and control aims to prevent or in a timely manner identify material errors, loss, fraud, or infringement of legislation and regulations. During the year under review the major elements and foundations of Kendrion’s risk management and internal control systems were:
Code of Conduct
Kendrion has implemented a Code of Conduct that applies to all Kendrion staff and to the members of the Supervisory Board. The principles and best practices established in the Code of Conduct reflect the main values that guide Kendrion’s staff and members of the Supervisory Board in the execution of their duties. The core themes include conduct in the market, authorities, gifts, anti-bribery, corporate social responsibility, accountability in general, and the obligation to exercise due care regarding health and safety, the environment, and social interests. Kendrion promotes compliance with the Code of Conduct by regularly bringing the Code of Conduct to the attention of its managers and staff and Supervisory Board members. Deviations from the Code of Conduct are not tolerated. The Code of Conduct is published on Kendrion’s website. Kendrion also has a Supplier Code of Conduct to address the above themes in the supply chain.
Kendrion offers employees an opportunity to report irregularities or suspicions without jeopardising their (legal) position. Any such report gives cause to an internal investigation. An external hotline was introduced in 2016. This gives employees an additional means of submitting such reports in their own language by phone or computer
in a confidential, anonymous manner if they so choose. Kendrion also appointed Confidential Counsellors whom employees can contact if they wish to make confidential reports about (suspicions of) irregularities.
Regulations to prevent insider trading
Kendrion has regulations covering securities transactions by members of the Executive Board, members of the Supervisory Board, members of the Management Team and other designated employees. The ‘Insider Trading Code’ is published on Kendrion’s website. The Insider Trading Code is intended to ensure the avoidance of insider trading or the appearance thereof, and any mixing of business and private interests.
Rules and Regulations and Letters of Representation
Kendrion employs Rules and Regulations and Letters of Representation. The Rules and Regulations constitute rules of behaviour governing all Kendrion Managing Directors.
The Letters of Representation are submitted once a quarter, in a bottom-up procedure, ultimately to Kendrion’s CFO. All officers are required to sign the letter to confirm to their managers that the financial and non-financial information they have reported is correct and complete and no violations of applicable regulations and the Kendrion Code of Conduct with material impact occurred.
Group Reporting Manual
Kendrion has implemented a Group Reporting Manual governing all operating companies to provide for correct financial reporting. The Group Reporting Manual is continually updated. To this end Kendrion has implemented measures including the formation of the Kendrion Group Reporting Committee, with representatives from the operating companies. Reporting sets are standardised based on a standard Chart of Accounts. A Corporate Social Responsibility Reporting Manual has also been implemented to ensure accurate and reliable reporting of non-financial data.
Planning and control cycle
Insight into Kendrion’s performance is obtained from the monthly reports of the current figures submitted by all the operating companies, weekly cash forecasts and daily consolidated revenue reports. In the middle of each year, Kendrion prepares a Mid-term Plan. The planning horizon of the Mid-term Plan is five years. This plan provides insight into the strategic course of the companies and business units. In the fourth quarter, the Mid-term Plan forms the basis of a more detailed annual budget to provide a precise management tool for the following calendar year. Assessment and follow-up on the progress, development of key performance indicators and deviations from short- and long-term targets are performed periodically at various levels in the organisation. Kendrion has implemented a capital expenditure procedure which makes use of standard investment request forms. Executive Board approval is required for new projects with planned annual revenue in excess of EUR 1 million to test return on investment, payback period and cash flows. Executive Board approval is also required for capital investments in excess of EUR 100,000.
Periodic reports and meetings
Regular discussions in weekly conference calls between the Executive Board, the Management Team and similar reviews within the business units address the risks and internal risk management system. Each business unit submits a comprehensive written report at least once a quarter which provides details about the financial and operational situation and the status of any current claims and proceedings, where relevant.
Strategic and business risk management
In 2017, the Executive Board together with the senior management of the holding, business units and operating companies conducted a risk survey which reviewed almost fifty potential risks that Kendrion might be confronted with in relation to the company’s strategic objectives. All participants were also requested to add additional potential risks based on their own experience and expertise. Each risk was scored on perceived likelihood, impact and Kendrion’s vulnerability. Based on a multiplication of the scores and an evaluation per risk, the top ten risks per participant was calculated. This initial result of the survey was discussed with the Audit Committee and business unit Management Teams based on their experience and professional judgment in order to establish the main risks for Kendrion. The final results were extensively discussed with the Supervisory Board. The risk assessment is evaluated at periodic intervals in terms of relevance and mitigating actions.
Operational risk management
Kendrion’s companies make active use of quality systems designed to improve its processes. Virtually all companies have been awarded ISO certification, and possess the relevant safety and quality certificates.
Financial reporting risk management
The controllers’ duties include the management of financial reporting risks. Pursuant to this duty the controllers periodically monitor the organisation’s implementation of and compliance with control measures. Kendrion has also implemented corporate guidelines that specify the monthly closing procedures and the controls to be performed. Kendrion has an internal audit programme (KiC: Kendrion-in-Control) to determine the effectiveness of Kendrion’s control framework. Companies with an annual revenue of more than EUR 15 million are audited at least once a year. Companies with annual revenue of less than EUR 15 million are audited at least once every two years. The internal audits encompass the revenue and accounts receivable, the purchases and accounts payable, inventories, fixed assets, human resources and (tax) compliance reporting cycles. The internal audits also include procedures relating to fraud risks.
Kendrion operates in various jurisdictions and is committed to complying with all applicable laws and regulations in these jurisdictions. The responsibility for compliance rests with local management. To ensure that the company’s conduct is in compliance with the applicable laws and regulations in the various jurisdictions and in line with stakeholders’ expectations, Kendrion has adopted a Global Legal Compliance and Governance Framework. The Global Legal Compliance and Governance Framework is supported by a range of global procedures and policies that need to be applied at all times in the course of conducting business. The Global Legal Compliance and Governance Framework includes the performance of regular internal legal audits at the operating companies. The global policies can be found on Kendrion’s website (www.kendrion.com).
To manage and mitigate the risk of non-compliance, Kendrion also uses external specialists for designated compliance areas and obtain advice from external specialists to acquire timely information about the latest developments in laws and regulations.