The Executive Board is responsible for identifying, assessing and managing the risks associated with Kendrion’s strategy and activities, including establishing the risk appetite, implementing and maintaining the internal risk and control system and supervising its performance. The risk management and internal control system extends to areas such as culture, policy-making, processes, duties, influencing conduct and other aspects of doing business. Risk management and control aim to prevent or promptly identify material errors, loss, fraud or infringement of applicable laws, rules and regulations.The major elements and foundations of Kendrion’s risk management and internal control system during the year under review were:
Code of Conduct
Kendrion has implemented a Code of Conduct that applies to all Kendrion employees and to the members of the Executive Board and the Supervisory Board. The principles and best practices set forth in the Code of Conduct reflect the main values that guide Kendrion’s employees and the members of the Supervisory Board in the execution of their duties. The core themes include conduct in the market, authorities, gifts, anti-bribery, corporate social responsibility, accountability in general, and the obligation to exercise due care regarding health and safety, the environment, and social interests. Kendrion promotes compliance with the Code of Conduct by regularly bringing the Code of Conduct to the attention of its employees and the Supervisory Board. Deviations from the Code of Conduct are not tolerated. The Code of Conduct is published on Kendrion’s website. Kendrion also has a Supplier Code of Conduct to address the above themes in the supply chain.
Kendrion offers employees on all levels the opportunity to report, in good faith, any suspected irregularities, including possible violations of laws, rules and regulations. Kendrion has facilitated this by establishing an independent anonymous reporting hotline. In addition, confidential counsellors have been appointed whom employees can contact if they have questions concerning the best course of action in a particular situation or wish to report a suspected irregularity. All reports are handled with the utmost care and confidentiality regardless of whether they are reported internally or through the anonymous reporting hotline. No reports were made that justified any disciplinary measures in 2018.
Kendrion has regulations covering securities transactions by members of the Executive Board, members of the Supervisory Board, members of the Management Team and other designated employees. The Insider Trading Code is published on Kendrion’s website https://www.kendrion. com/group-services/en/. The Insider Trading Code is intended to ensure the avoidance of insider trading or the appearance thereof, and any mixing of business and private interests.
Rules and Regulations and Letters of Representation
Kendrion employs Rules and Regulations and Letters of Representation. The Rules and Regulations constitute rules of behaviour governing all Kendrion managing directors. The Letters of Representation are submitted once a quarter, in a bottom-up procedure, ultimately to Kendrion’s CFO. All officers are required to sign the letter to confirm to their managers that the financial and non-financial information they have reported is correct and complete and no violations of applicable laws, rules and regulations and the Kendrion Code of Conduct with material impact occurred.
Group Reporting Manual
Kendrion has implemented a Group Reporting Manual governing all operating companies to provide for correct financial reporting. The Group Reporting Manual is continually updated. To this end Kendrion has implemented measures including the formation of the Kendrion Group Reporting Committee, with representatives from the operating companies. Reporting sets are standardised based on a standard Chart of Accounts. A Corporate Social Responsibility Reporting Manual has also been implemented to ensure accurate and reliable reporting of non-financial data.
Planning and control cycle
Insight into Kendrion’s performance is obtained from the monthly reports of the current figures submitted by all the operating companies, detailed financial quarterly forecasts, weekly cash forecasts and daily consolidated revenue reports. In the second quarter of each year, Kendrion prepares a Mid-term Plan. The planning horizon of the Mid- term Plan is five years. This plan provides insight into the strategic course of the companies and business units.
In the fourth quarter, the Mid-term Plan forms the basis of a more detailed annual budget to provide a precise management tool for the following calendar year. Assessment and follow-up on the progress, development of key performance indicators and deviations from short- and long-term targets are performed periodically at various levels in the organisation. Kendrion has implemented a capital expenditure procedure which makes use of standard investment request forms. Executive Board approval is required for new projects with planned annual revenue in excess of EUR 1 million to test return on investment, payback period and cash flows. Executive Board approval is also required for capital investments for which the limit was reduced from EUR 100,000 to EUR 50,000 in 2018.
Periodic reports and meetings
Regular discussions in weekly conference calls between the Executive Board, the Management Team and similar reviews within the business units address the risks and internal risk management system. Each business unit submits a comprehensive written report at least once a quarter which provides details about the financial and operational situation and the status of any current claims and proceedings, where relevant.
Strategic and business risk management
A risk management session was held with Kendrion’s top management in 2018 during which the following topics were assessed and discussed:
- Effective tools for managing risk;
- Objectives of Enterprise Risk Management;
- Kendrion risk culture;
- Kendrion risk appetite;
- Emerging risks.
The goal of the session was to increase risk awareness, including compliance and fraud risks, and to make sure Kendrion’s top management is aware of the risk culture and appetite within Kendrion.
The Executive Board, together with the senior management of the holding, business units and operating companies, conducted an annual risk survey in 2018 that reviewed nearly fifty potential risks. An open question allowed participants to add additional potential risks based on their own experience and expertise. Each risk was scored on perceived likelihood, impact and Kendrion’s vulnerability. The top ten risks were calculated based on a multiplication of the scores and an evaluation per risk. The results of the annual risk survey were assessed and discussed initially with the Audit Committee and the business unit management teams and subsequently with the Supervisory Board. The annual risk assessment is evaluated with respect to relevance and mitigating actions at periodic intervals.
Operational risk management
Kendrion’s companies make active use of quality systems designed to improve its processes. Virtually all companies have been awarded ISO certification, and possess the relevant safety and quality certificates.
Financial reporting risk management
The controllers’ duties include the management of financial reporting risks. Pursuant to this duty the controllers periodically monitor the organisation’s implementation of and compliance with control measures. Kendrion has also implemented corporate guidelines that specify the monthly closing procedures and the controls to be performed. Kendrion has an internal audit programme (KiC: Kendrion- in-Control) to determine the effectiveness of Kendrion’s control framework. Companies with an annual revenue of more than EUR 15 million are audited at least once a year. Companies with annual revenue of less than EUR 15 million are audited at least once every two years. The internal audits encompass the revenue and accounts receivable, the purchases and accounts payable, inventories, fixed assets, human resources and (tax) compliance reporting cycles.The internal audits also include procedures relating to fraud risks.
Kendrion operates in various jurisdictions and is committed to complying with all applicable laws rules and regulations. The responsibility for compliance rests with local management. To ensure that the company’s conduct is in compliance with the applicable laws rules and regulations in the various jurisdictions and in line with stakeholders’ reasonable expectations, Kendrion has adopted a Global Legal Compliance and Governance Framework. The Global Legal Compliance and Governance Framework is supported by a range of global procedures and policies that need to be applied at all times in the course of conducting business.
To manage and mitigate the risk of non-compliance, Kendrion also uses external specialists for designated compliance areas and obtain advice from external specialists to acquire timely information about the latest developments in laws, rules and regulations.