Annual Report 2018

Risk management system and governance

Risk Management plays an important role in the implementation of GrandVision’s strategy. GrandVision’s Risk Management and Internal Control Framework is based on the COSO1 Enterprise Risk Management Framework and is aligned to the Dutch Corporate Governance Code. The framework aims to combine an effective and professional organization on the one hand, and a risk profile that GrandVision is willing to accept for the business on the other.

Risk Management and Internal Controls make a significant contribution to the prompt identification and adequate management of strategic, market and business risks. They also help us achieve operational and financial goals and comply with applicable legislation and regulations.

The Management Board (hereafter: “the Board”), under the supervision of the Supervisory Board, bears ultimate responsibility for GrandVision’s Risk Management and Internal Control Framework. It performs oversight by setting the desired ‘tone from the top’, establishing risk appetite and risk strategy and making decisions to identify, analyze or mitigate risks. The management teams in the business units are responsible for

implementing the strategy, achieving results, identifying underlying opportunities and risks, and ensuring effective controls. They form the first line of defense as the risk owners. GrandVision has developed and deployed a comprehensive Internal Control Framework comprising a set of minimum internal control standards that all business units must comply with. Furthermore, the quality of internal control performance is an integral part of management incentive schemes at country or business unit level.

Both internal and external resources are established at group level to not only detect control issues, but also proactively support the country management teams in solving underlying root causes. Country management acts in accordance with the policies and standards set by the Management Board. These policies and standards are designed and monitored by global functional teams responsible for compliance, controlling and risk management and which form the second line of defense in the Framework.

The independent Internal Audit function of GrandVision, the management of which is partly outsourced to an international audit firm, forms the third line of defense and provides assurance and validation of the overall framework.

Risk management Internal Control Framework
  1. For more information visit