Our approach to risk management and business control
The following section presents an overview of Philips’ approach to risk management and business controls and a description of the nature and the extent of its exposure to risks. Philips’ risk management focuses on the following risk categories: Strategic, Operational, Compliance and Financial risks. These categories are further described in Risk categories and factors. The risk overview highlights the main risks known to Philips, which could hinder it in achieving its strategic and financial business objectives. The risk overview may, however, not include all the risks that may ultimately affect Philips. Some risks not yet known to Philips, or currently believed not to be material, could ultimately have a major impact on Philips’ businesses, objectives, revenues, income, assets, liquidity or capital resources.
All oral and written forward-looking statements made on or after the date of this Annual Report and attributable to Philips are expressly qualified in their entirety by the factors described in the cautionary statement included in Forward-looking statements and other information and the overview of risk factors described in Risk categories and factors.
Risk management forms an integral part of the business planning and review cycle. The company’s risk and control policy is designed to provide reasonable assurance that objectives are met by integrating management control into the daily operations, by ensuring compliance with legal requirements and by safeguarding the integrity of the company’s financial reporting and its related disclosures. It makes management responsible for identifying the critical business risks and for the implementation of fit-for-purpose risk responses. Philips’ risk management approach is embedded in the areas of corporate governance, Philips Business Control Framework and Philips General Business Principles.
Corporate governance is the system by which a company is directed and controlled. Philips believes that good corporate governance is a critical factor in achieving business success. Good corporate governance derives from, amongst other things, solid internal controls and high ethical standards.
The quality of Philips’ systems of business controls and the findings of internal and external audits are reported to and discussed by the Audit Committee of the Supervisory Board. Internal auditors monitor the quality of the business controls through risk-based operational audits, inspections of financial reporting controls and compliance audits. Audit committees at group level (Group, Finance, Innovation and IT), at Global Market level and at Sector level (Healthcare, Lighting, Consumer Lifestyle) meet quarterly to address weaknesses in the business controls infrastructure as reported by internal and external auditors or revealed by self-assessment of management, and to take corrective action where necessary. These audit committees are also involved in determining the desired company-wide internal audit planning as approved by the Audit Committee of the Supervisory Board. An in-depth description of Philips’ corporate governance structure can be found in Corporate governance.
Philips Business Control Framework
The Philips Business Control Framework (BCF) sets the standard for risk management and business control in Philips. The objectives of the BCF are to maintain integrated management control of the company’s operations, in order to ensure the integrity of the financial reporting, as well as compliance with laws and regulations. Philips is using the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework on internal control (1992) as a basis for the BCF.
As part of the BCF, Philips has implemented a global standard for internal control over financial reporting (ICS). The ICS, together with Philips’ established accounting procedures, is designed to provide reasonable assurance that assets are safeguarded, that the books and records properly reflect transactions necessary to permit preparation of financial statements, that policies and procedures are carried out by qualified personnel and that published financial statements are properly prepared and do not contain any material misstatements. ICS has been deployed in all main reporting units, where business process owners perform an extensive number of controls, document the results each quarter, and take corrective action where necessary. ICS supports sector and functional management in a quarterly cycle of assessment and monitoring of its control environment. The findings of management’s evaluation are reported to the Executive Committee and the Supervisory Board quarterly.
As part of the Annual Report process, management’s accountability for business controls is enforced through the formal issuance of a Statement on Business Controls and a Letter of Representation by sector and functional management to the Executive Committee. Any deficiencies noted in the design and operating effectiveness of controls over financial reporting which were not completely remediated are evaluated at year-end by the Executive Committee. The Executive Committee’s report, including its conclusions regarding the effectiveness of internal control over financial reporting, can be found in Management's report on internal control.
Philips General Business Principles
The Philips General Business Principles (GBP) govern Philips’ business decisions and actions throughout the world, applying to corporate actions and the behavior of individual employees. They incorporate the fundamental principles within Philips for doing business. The intention of the GBP is to ensure compliance with laws and regulations, as well as with Philips’ norms and values.
The GBP are available in most of the local languages and are an integral part of the labor contracts in virtually all countries where Philips has business activities. Responsibility for compliance with the principles rests primarily with the management of each business. Every country organization and each main production site has a compliance officer. All compliance officers operate under the supervision of the GBP Review Committee. Confirmation of compliance with the GBP is an integral part of the annual Statement on Business Controls that has to be issued by the management of each business unit. The GBP incorporate a whistleblower policy, standardized complaint reporting and a formal escalation procedure.
The Philips Ethics hotline seeks to ensure that alleged violations are registered and dealt with consistently within a company-wide system. To drive the practical deployment of the GBP, a set of directives has been published, which are applicable to all employees. There are also separate directives which apply to specific categories of employees (e.g. the Supply Management Code of Ethics and Financial Code of Ethics, refer to www.philips.com/gbp).
To seek to ensure compliance with the highest standards of transparency and accountability by all employees performing important financial functions, the Financial Code of Ethics contains, amongst other things, standards to promote honest and ethical conduct, as well as full, accurate and timely disclosure procedures in order to avoid conflicts of interest.
Both the Finance and Supply Management Code of Ethics are signed off on an annual basis by the relevant employees, to confirm their awareness of and compliance with, the respective codes.
The GBP self-assessment process is fully embedded in an automated workflow application (ICS) supporting Sector, Market and functional management in monitoring internal controls, as described under the Philips Business Control Framework. Embedding GBP self-assessments in ICS seeks to ensure that GBP compliance is now part of Sector, Market and functional management’s quarterly ICS/SOx (Sarbanes-Oxley) monitoring process, and that GBP non-compliance issues, if significant, are reported to the Board of Management/Executive Committee via the Quarterly Certification Statement process.
In June 2013, as part of the global GBP communications campaign, a business integrity survey was rolled out to all employees to obtain their input on the effectiveness of our GBP program. The insights that were derived from this survey were used to further enhance the effectiveness of the current compliance activities as well as the compliance road map. The business integrity survey also provided the kickoff for a global GBP communications campaign, culminating in a global event called the ‘GBP dialogue week’ held in October 2013, in which managers were invited to hold sessions with their teams to discuss GBP in relation to their function or business.
Mandatory web-based GBP training, which is designed to reinforce awareness of the need for compliance with the GBP, is available in 23 languages. Every quarter, all new employees are invited to take this training in their local language. In 2013, targeted audiences participated in a web-based training focusing on specific topics, including anti-bribery, antitrust, privacy and export controls.
In 2013, we introduced a mandatory sign-off on GBP for all executives.
For further details, please refer to the General Business Principles paragraph in Sustainability statements.
Financial Code of Ethics
The Company recognizes that its businesses have responsibilities within the communities in which they operate. The Company has a Financial Code of Ethics which applies to the CEO (the principal executive officer) and CFO (the principal financial and principal accounting officer), and to the heads of the Group Control, Group Treasury, Group Fiscal and Group Internal Audit departments of the Company. The Company has published its Financial Code of Ethics within the investor section of its website located at www.philips.com. No changes have been made to the Code of Ethics since its adoption and no waivers have been granted therefrom to the officers mentioned above in 2013.