• No results found

Improving Internal Control at European Mail Networks

N/A
N/A
Info
Downloaden
Protected

Academic year: 2021

Share "Improving Internal Control at European Mail Networks "

Copied!
72
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Download het nu ( 72 pagina )

Hele tekst

(1)

Improving Internal Control at European Mail Networks

Research conducted at European Mail Networks The Hague, The Netherlands

Thesis to obtain a masters degree in Management & Organisation at the University of Groningen, The Netherlands

Author: Gijs Kurvers 1063774 Principals: Drs. M.P. van der Steen (RUG)

Prof. Dr. H.J.J. Bronsema (RUG) Drs. N. Bronkhorst (EMN)

Place/Date: Amsterdam, 16

th

of September 2004

(2)

“When you control the ball, you control the score"

- Pele -

‘The author is responsible for the content of this thesis; the author holds the copyright of this thesis’

Author: Gijs Kurvers 1063774 Principals: Drs. M.P. van der Steen (RUG)

Prof. Dr. H.J.J. Bronsema (RUG) Drs. N. Bronkhorst (EMN)

Place/Date: Amsterdam, 16

th

of September 2004

(3)

Executive Summary

This thesis is the result of a research undertaken during an internship at European Mail Networks (EMN) in order to obtain a masters degree in Management & Organisation at the University of Groningen. This research was undertaken between January 2004 and July 2004.

The research objective is to provide the business-unit European Mail Networks with recommendations on how to improve its internal control.

This is achieved through the development of a system for internal control. Three conditions for control form the input for this new system, Enterprise Risk Management, Total Quality Management framework and Investors in People. These conditions are given by EMN. For every organisation the system for internal control is different, so a choice had to be made which components of these three frameworks had to be incorporated into this new system. EMN choose to incorporate all components of the three frameworks.

To improve the internal control, risk is an important subject therefore risk and risk management were assessed. This assessment had to identify any possible differences in the theory that was dealt with and the three conditions for control given by EMN. These differences had to be incorporated into the new control system. Two differences were identified, namely the transfer of risk as a form of risk response and the changing of risk in a changing environment.

To improve the internal control an organisation also has to look at the management control, because of

the relation that exists between these two systems. Management control was assessed according to

Rotate and Ouch. The conclusion is that EMN has to have in place management control in the form of

output and behavioural control. To benchmark the new control system, three systems for internal

control that are widely used were dealt with, namely COSO, CoCo and NIVRA. All systems are based

on COSO, so this is the most influential system and therefore the new system for internal control is

mostly based on COSO. Other additions were acquired from the CoCo (learning effect) and the

NIVRA (determining effectiveness of the control system). This information was all incorporated into a

new system for internal control. In this system all the gathered elements from the previous chapters

were incorporated.

(4)

RESEARCH BACKGROUND...7

CHAPTER 1 TNT POST GROUP...8

1.1 TNTPOST GROUP...8

1.2 EUROPEAN MAIL NETWORKS...9

1.3 STANDARDISATION &HARMONISATION...ERROR!BOOKMARK NOT DEFINED. 1.4 CHAPTER SUMMARY...10

CHAPTER 2 METHODOLOGY...11

2.1 CONCEPTUAL DESIGN...11

2.1.1 Research Objective ...11

2.1.2 Research Issue ...11

2.1.3 Research framework ...11

2.1.4 Definitions and clarifications ...12

2.2 RELEVANCE OF THE RESEARCH...13

2.3 TECHNICAL RESEARCH DESIGN...13

2.3.1 The research material ...13

2.3.2 The research strategy...13

2.4 CHAPTER SUMMARY...14

CHAPTER 3 CONDITIONS FOR CONTROL FROM EMN ...15

3.1 ENTERPRISE RISK MANAGEMENT FRAMEWORK...15

3.1.1 Framework overview ...15

3.1.1.1 Definition of Enterprise Risk Management ... 15

3.1.1.2 Framework Overview... 17

3.1.2 Effectiveness of Enterprise Risk Management ...19

3.1.3 Benefits of Enterprise Risk management ...19

3.1.4 Which components are relevant for the new system for internal control?...20

3.1.5 Conclusion ...20

3.2 THE EUROPEAN FOUNDATION FOR QUALITY MANAGEMENT MODEL...21

3.2.1 Framework Overview ...21

3.2.2 Which criteria are relevant for the new system for internal control?...24

3.2.3 Conclusion ...24

3.3 INVESTORS IN PEOPLE...25

3.3.1 Framework Overview ...25

3.3.2 Which principles are relevant for the new system for internal control?...Error! Bookmark not defined. 3.3.3 Conclusion ...26

3.4 CHAPTER SUMMARY...27

CHAPTER 4 RISK & RISK MANAGEMENT...28

4.1 RISK...28

4.2 RISK MANAGEMENT...29

4.3 FINDINGS VS.CONDITIONS FOR CONTROL FROM EMN...32

4.4 CHAPTER SUMMARY...33

(5)

CHAPTER 5 CONTROL SYSTEMS...34

5.1 WHY ORGANISATIONS USE CONTROL SYSTEMS...34

5.2 THE CONTROL CYCLE...35

5.3 SYSTEMS FOR CONTROL...37

5.3.1 Management Control Systems...37

5.3.1.1 Rotch ... 37

5.3.1.2 Ouchi ... 38

5.3.1.3 EMN Management Control Policy ... Error! Bookmark not defined. 5.3.1.4 Conclusion... 41

5.3.2 Internal Control Systems ...42

5.3.2.1 Guidance on Control ... 42

5.3.2.2 NIVRA-Report ... 43

5.3.2.3 The Internal Control – Integrated Framework ... 45

5.3.2.4 A Comparison between the three internal control systems ... 47

5.3.2.5 Conclusion... 48

5.4 CHAPTER SUMMARY...49

CHAPTER 6 THE DEVELOPMENT OF THE NEW SYSTEM FOR INTERNAL CONTROL ...50

6.1 CONCLUSIONS FROM THE PREVIOUS THREE CHAPTERS...50

6.2 THE DEVELOPMENT OF THE NEW SYSTEM FOR INTERNAL CONTROL...51

6.2.1 Explanation of the development of the new system for internal control ...51

6.2.2 Management control and internal control ...51

6.3 CHAPTER SUMMARY...66

CHAPTER 7 GAP ANALYSIS & RECOMMENDATIONS ...67

7.1 THE QUESTIONNAIRE FOR THE GAP ANALYSIS...ERROR!BOOKMARK NOT DEFINED. 7.2 RECOMMENDATIONS TO EMN ...ERROR!BOOKMARK NOT DEFINED. 7.3 CHAPTER SUMMARY...ERROR!BOOKMARK NOT DEFINED. CHAPTER 8 GENERAL CONCLUSIONS...67

LIST OF REFERENCES...70 APPENDICES... ERROR! BOOKMARK NOT DEFINED.

(6)

PREFACE

This research forms the end of my study Management & Organisation at the University of Groningen.

I conducted this research at European Mail Networks, a business unit within TPG. This internship lasted from the third of January until the second of July of 2004.

The choice for an internship within an organisation was not very difficult. I think it is an experience one should not want to miss. The research I conducted had the goal to improve the internal control of European Mail Networks. A subject I did not have a lot of knowledge about. During the last six months I got a hold of this subject and turned it into this thesis. My six months stay in The Hague was a docile and great experience, not only because of the experiences concerning my thesis but also the ones of working in a team.

Of course, I could not do this al by myself and I would like to thank the people who have been of help to me with this research. First of all I would like to give my thanks to Niels Bronkhorst who has guided my within the dynamic world that is called European Mail Networks. Another thanks goes out to all the employees at European Mail Networks who made me feel at home from the first minute a stepped into the office. Three people I would like to render thanks in person and the first one is Joost Roelofsz without whom I would not have had the opportunity to conduct this research at European Mail Networks at all. The second one is Jabe Mertens who helped me with my thesis with useful comments and who let me participate in some of the real-life cases of EMN. I would like to thank Sake Beekman for the many trips back to Amsterdam and his excel magic.

I would also like to thank Martijn van der Steen who always provided me with useful feedback and was with his inexhaustible enthusiasm a great support from the beginning of this thesis. Another word of thanks to Mr. H. Bronsema for commenting my thesis.

A special thanks goes out to my parents who have stood by me unconditionally.

Amsterdam, September 2004,

Gijs Kurvers

(7)

Research background

In this research background I will explain how I applied for this internship and how the research objective evolved.

To finalise my study, Management & Organisation at the University of Groningen, I had to conduct a research. I choose to do this research within an organisation so I applied for an internship at TPG. This application has three rounds. First recruitment evaluates the resume of a potential candidate, then an interview takes place with a recruiter and finally the candidate has an interview with a line manager of the business unit where you want to conduct the research. I got through these three rounds and started working on this research on the third of January 2004. The business unit I would conduct this research was European Mail Networks (EMN).

Together with my supervisor, Mr. van der Steen, I concluded that the initial research (to combine two frameworks) was not at a level needed to graduate at the university. Therefore I tried to find out what it was that EMN wanted to achieve with this research. Together with Mr. Bronkhorst

1

we concluded that EMN wanted to improve the internal control through the development of a system for internal control and giving recommendations. Two frameworks that initially formed this research would become the conditions for this system that should improve the internal control within EMN. I included, next to these two frameworks, the Investors in People programme.

The initial research EMN wanted to be conducted was the combination of two frameworks, namely the

‘Enterprise Risk Management framework’ by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and the framework, ‘Creating Excellence’ by the European Foundation for Quality Management Model (EFQM). Enterprise Risk Management contains the tools to comply with the new Sarbanes-Oxley act. This act prescribes corporations with severe regulations in the field of accounting, the control over the processes and accountability on this subject. Every organisation with a quotation at the New York Stock Exchange (NYSE) has to comply on the first of January 2005 with SOX legislation. If a system for control is imbedded in an organisation that is based on Enterprise Risk Management framework, then it is assumed the Sarbanes-Oxley act is complied with. Therefore the SOX legislation will not be emphasised in this research. The EFQM is used in the new framework because of the stakeholder view.

I will start this research with a general chapter on TPG and EMN. Then, in chapter two I will deal with the methodology that is used in this thesis. Because the system for internal control has three conditions it has to comply with, these are described in chapter three. It is namely indispensable to have knowledge on these three frameworks, because elements of these three systems will have to be incorporated in the new system for internal control. An important issue that derives out of the fact that the internal control has to be improved, is risk. Subsequently I therefore deal with risk and risk management. To control the risks an organisation is facing it has to have control mechanisms in place.

To find out what ways for control are mostly used, I searched for the systems that were widely used and recognised in the field of control. These are described and compared to combine them and use this as a basis for the new system for internal control that I will built. The information gathered in these chapters will lead to the development. This is described in chapter six. To eventually improve the internal control, I made a gap-analysis that represents the current situation within EMN and the ideal situation (the situation according to my system). This Gap-analysis will lead to recommendations for EMN on how to improve the internal control.

1 Niels Bronkhorst is my principal with this research. He is a manager financial accounting at EMN Head Office in The Hague where I conducted this research.

(8)

Chapter 1 TNT Post Group

2

This first chapter contains general information about the TNT Post Group (paragraph 1.1) and, more specifically, information about European Mail Networks (paragraph 1.2), the business unit of TPG Post where this research was conducted. In paragraph 1.3 the process EMN is currently undergoing will be looked at and this chapter will finish with a summary (paragraph 1.4).

1.1 TPG

In 1799, the small individual postal services in the Netherlands were brought together to form the first Dutch national postal service. The businesses were brought together for financial and social reasons.

Since that time, national postal services have been organised by the state.

PTT Post

3

remained a state-owned company until its incorporation on 1 January 1989, at which time it became together with PTT Telecom the operating companies of KPN. This allowed PTT Post to undertake new commercial activities. In addition to conventional postal services, the company developed national and international express-delivery and logistics services. In December 1996, PTT Post acquired the Australian Company TNT and thus became a key player at the world market. PTT Post was subsequently able to generate sales on the same level as PTT Telecom.

On 29th of June 1998, KPN demerged into PTT Post and PTT Telecom. TNT and PTT Post became TNT Post Group (TPG). PTT Telecom became Royal KPN NV. PTT Post and TNT, respectively, remained as the brand names for TPG's mail and express-delivery activities. TPG was the first mail company to 'go public' and has been listed on the stock exchanges of Amsterdam, Frankfurt, London and New York. On 1 May 2002, the name PTT Post was officially changed to TPG Post

4

.

Figure 1.1. Structure of TPG5

TPG Post

TPG’s Post division provides services for collecting, sorting, transporting and distributing domestic and international mail, including letters, printed matter and parcels, as well as for distributing addressed and unaddressed direct mail. TPG Post also provides a range of value-added services including direct marketing services and services for managing physical and electronic information flows (Cendris). Furthermore the business-unit Spring is a global joint venture in cross-border mail, combining the expertise, systems, networks and products of TPG, Royal Mail Group and Singapore Post. The business-unit European Mail Networks will be explained further on.

TNT Express

TPG’s express division provides on-demand, time-definite and day-certain door-to-door delivery services for documents, parcels and freight. The company provides regional, national and global express delivery services, predominantly under the TNT brand.

TNT Logistics

TPG’s Logistics division provides services in all aspects of supply chain management, particularly at the non-asset-based, re-engineering end, which requires a high level of management skills and IT skills.

2 TNT stands for Thomas Nationwide Transport, in the rest of this research the name TNT is used.

3 PTT stands for ‘Post Telecom en Telegrafie’.

4 www.tpg.com, June 17 2004.

5 www.tpg.com, June 17 2004.

(9)

TPG manages infrastructure, processes and technologies for its customers to ensure that the right goods, in the right quantities and conditions, are available at the right place and time. TPG’s Logistics’

services are delivered under the company’s TNT brand

6

. 1.2 European Mail Networks

The TPG’s business unit European Mail Networks (EMN) is responsible for the networks of TPG Post in Europe. EMN is responsible for the acquisition, development, operation and expansion of addressed and unaddressed mail networks in European countries. It offers addressed, unaddressed and segmented distribution solutions for direct mail, brochures, leaflets and samples. Addressed mail speaks for itself.

With this is meant the delivery of mail with an address on the parcel. Unaddressed mail is, according to the name, mail without an address on it. This is, among other things, the case with leaflets.

Structure

EMN is currently organised as a multi-country organisation within EMN, also called an area manager organisation. The main responsibility for the business lies with the area manager, who has specific knowledge of the area.

EMN is split up in five areas: Southern Europe, United Kingdom, Benelux, Germany and Central Europe. An area manager is responsible for the direct guidance of his or her area. They also represent their area in the EMN board (management board) together with a member of the board of TPG Post and the director of the head office. They decide on the direction and development of EMN.

Vision

To be the market leader in unaddressed delivery, the number one challenger in the addressed distribution and the industry leader in both quality as well as customer-oriented development of products and services.

6 Data has been used from a company profile report from Datamonitor (www.datamonitor.com) February 15 2004.

Netherlands

Belgium Italy

Southern Europe Benelux United Kingdom

Czech Republic Slowakia

Austria Germany Central and

Eastern Europe Head Office

EMN

Figure 1.2. Structure of EMN

(10)

Mission

To offer customers a full service concept for mail based upon a high quality and a wide coverage in addressed and unaddressed delivery as well as a broad portfolio of services to reinforce distribution activities.

Long term objectives

In every targeted country a strong position, second only to the incumbent postal operator.

To fulfil its mission EMN prefers to build an own network within the different countries with its own employees. At first one or a couple of small companies are used as a bridgehead for further expansion.

Although in the past the strategy has been focused on acquisition, the focus is now changing to organic growth. The existing network of EMN contains mostly unaddressed networks because it is difficult to acquire companies with an addressed network. After liberalisation it is the goal of EMN to become active in the addressed markets using the unaddressed mail networks.

1.4 Chapter Summary

This chapter described the TNT Post Group in general and more specifically, the entity for which this

research is undertaken, namely European Mail Networks. EMN has been organised as a multi-country

organisation, where the primary responsibilities lie with the area manager. We also saw that EMN is

currently undergoing changes trough standardising & harmonising their primary, back-office and ICT

processes.

(11)

Chapter 2 Methodology

This chapter will describe the methodology according to Verschuren and Doorewaard (1999). First the conceptual design (paragraph 2.1) will be dealt with which consists of the following parts: the research objective, the research issue, the research framework, and finally the definitions used within this research. In paragraph 2.2 I will deal with the relevance of this research. Paragraph 2.3 will deal with the technical research design, which consists of the following parts: the research material and the research strategy. The last paragraph (2.4) will contain the summary of this chapter.

2.1 Conceptual Design 2.1.1 Research Objective

The research objective is to provide the business-unit European Mail Networks (EMN) with recommendations on how to improve its internal control to ascertain that the objectives of EMN are reached, by developing a control system and analysing the gap between the ideal and the current situation within EMN.

2.1.2 Research Issue

The research issue consists of one central question and six sub-questions.

Central Question

How can the internal control of EMN be improved by developing a control system that complies with the conditions of EMN/TPG?

This raises the following sub questions:

1. What are the conditions EMN wants the new control system to comply with?

2. What does the theory on risk management say regarding to internal control?

3. Why are control systems used in organisations, which types of control systems exist and what are the internal control systems widely recognised?

4. What does the new control system look like taking the conditions of EMN and the discussed literature into account?

5. What are the differences between the current situation within EMN and the newly developed control system (gap-analysis)?

6. Which recommendations can be given to EMN to improve its internal control?

2.1.3 Research framework

A

C Conditions of

EMN

Theory in risk management

Why control systems and which

ones are used

Development of the new control system, taking conditions into

account

Gap-analysis Recommendations to EMN on how to improve its internal

control

Figure 2.1. The research framework E

B

D F

(12)

Explanation of the research framework

The framework consists of six parts, and in each part a specific part of the research is carried out. In the following each part will be explained.

In Part A conditions of EMN for the new control system are discussed. These conditions are Enterprise Risk Management, the European Foundation for Quality Management framework and the Investors in People programme. This is done because these conditions will form the basis for the new to be developed system for internal control. So knowledge on these three conditions is essential.

In part B theory on risk management will be discussed. The reason why risk management is chosen is because an increase in internal control, the ultimate goal of the research, can be achieved through identifying and controlling the risks an organisation is facing.

In part C the theory on control systems will be explained. This part is split in why organisations use control systems and what kinds of control systems (management and internal control systems) are widely recognised in the theory on control systems.

In part D the new control system will be developed. The conditions of EMN will be taken into account together with the conclusions from part B and C.

In part E the new control system will be compared with the current situation within EMN (a gap- analysis).

In part F the recommendations will be given on how EMN can improve its internal control.

2.1.4 Definitions and clarifications

To be clear on the various subjects it is necessary to define and clarify these. In the following ‘internal control’, ‘improve’ and the ‘ideal situation’ will be defined and clarification on the objectives EMN wants to achieve will be given next to what is meant with EMN.

Internal control

Internal control (Internal Control – Integrated Framework, 1992) is a process, effected by an entity’s board of directors, management and other personnel, designated to provide reasonable assurance regarding the achievements of objectives in the following categories:

• Effectiveness and efficiency of operations

• Reliability of financial reporting

• Compliance with applicable laws and regulations

The reason why this definition is chosen is because in the latest and most influential reports on internal control this is the leading definition

7

.

To be able to give a reasonable assurance regarding these achievements EMN has to identify and control the risks it is facing. Therefore a control system is necessary.

Improve

In the current situation it is not possible to measure any level of internal control, because there is no instrument for internal control. With the development of the new control system it will be possible to measure a level of internal control, therefore in this research is chosen for the term ‘improve’.

Ideal situation

The ideal situation within EMN is the situation where EMN is able to achieve the objectives set.

7 This definition is not only used in internal control – integrated framework by COSO, but also as the main definition in the report ‘Guidance on control’ by the Canadian institute of chartered Accountants (1995). Besides these reports, the NIVRA in their report ‘through internal control to corporate governance’ (2002) uses the same definition. Also in the report by the law firm Covington & Burling ‘Internal Control’ (2003) this definition has been used. This definition is also used in the SOX legislation.

(13)

The objectives of EMN are the following

The objectives of EMN are twofold. First the internal control has to be improved and second EMN has to comply with the Sarbanes-Oxley requirements. This research will cover both objectives.

European Mail Networks

Because EMN has a lot of different entities, it has to be clear on what is meant with EMN. With EMN is meant EMN Head Office that is responsible for the different entities. For example, the objectives that have to be set are at entity level, and do not go as far as to give a complete job description for a production employee in Germany.

2.2 Relevance of the Research

Verschuren and Doorewaard (1999) distinguish two kinds of research; theory-oriented research and practice oriented research. Theory-oriented research is about solving a problem encountered in the theory building process. Practice-oriented research is not about knowledge for knowledge’s sake as in theory-oriented research discussed above, but is about intervention in order to change an existing practical situation.

This research is both a theory-oriented research as well as a practice-oriented research. Looking at the first kind of research, this thesis looks at providing the three conditions of control from EMN (ERM, EFQM and IIP) with additions from the theory that is dealt with concerning risk, risk management, management control and internal control. So this thesis can be seen as theory-oriented research. The reason why this thesis can be looked at as a practice-oriented research is because the recommendations that led from the gap-analysis will intervene in the existing practical situation of EMN.

2.3 Technical Research Design

In the technical research design will be discussed what needs to be done to effectively arrive at a sound answer to the questions of the research issue within a reasonable time span. It consists of the following parts: The research material and the research strategy.

2.3.1 The research material

The research material consists of written sources, like the theory on risk management and control systems and documents by EMN and other internal sources. This material will primarily be used for the first two research questions. For the research questions four and five the expertise of EMN employees will be used. This information will be acquired through interviews with these employees.

To identify the gap between the current and the ideal situation a questionnaire will be used.

Questionnaires can best be used for descriptive research, such as research undertaken to identify different phenomena in organisational practices (Saunders; p. 279). A researcher can choose between open and closed questions. Open questions allow respondents to give answers in their own way.

Closed questions provide a number of alternative answers from which the respondent can choose. The latter is usually easier to answer, as they require minimal writing. Responses are also easier to compare as they have been predetermined. However if these responses cannot be easily interpreted then these benefits are, to say the least, marginal (Saunders; p. 291). A researcher can choose between a few types of closed questions. One is the category question. These questions are designed so that each respondent’s answer can fit only one category. Such questions are particularly useful if you need to collect data about attributes (Saunders; p. 293). Given the information above, the questionnaire has to be easy to interpret.

2.3.2 The research strategy

In this research two different strategies will be carried out, namely desk research and empirical

research, through interviews and a questionnaire. In chapter four and five of this research, various

points of view held by various authors on the theory will be dealt with and compared. Verschuren and

Doorewaard (1999) call this desk research. Empirical research is done in the field in order to gather or

generate relevant material. Therefore interviews and a questionnaire will be conducted.

(14)

2.4 Chapter Summary

In this chapter I described the methodology that was used in this thesis. For this thesis the methodology of Verschuren and Doorewaard (1999) was used. It consists of the conceptual design, the relevance of this research and the technical research design. The research objective is: “to provide the business-unit European Mail Networks (EMN) with recommendations on how it can improve its internal control to ascertain that the objectives of EMN are reached, by developing a control system and analysing the gap between the ideal and current situation within EMN”. The central question was

“How can the internal control of EMN be improved by developing a control system that complies with

the conditions of EMN/TPG”? This question was further divided into six sub-questions. In paragraph

2.3 the Technical Research Design, which contains the research material and the research strategy,

was discussed.

(15)

Chapter 3 Conditions for control from EMN

In this chapter the conditions for control are described. These conditions are the three frameworks that EMN wants the new system for internal control to comply with. These conditions will therefore form the basis for the new system for internal control. This is described in the research background on page 7. So all the information that is given here is coming from documents by the COSO, EFQM and IIP.

Paragraph 3.1 will deal with the first condition, namely the COSO framework (the Enterprise Risk Management framework). In paragraph 3.2 the model of the European Foundation for Quality Management will be described. TPG has committed itself to this framework and therefore EMN wants to comply with this framework. In the next paragraph (3.3) the Investors in People concept will be displayed. This is a programme TPG also has a commitment to. Although EMN has no Investors in People certificate, it nevertheless wants to identify the businessconduct with the standards of Investors in People. These are the three conditions the new control system has to comply with. The conclusion of this chapter will bring a table, which gives the elements of the three conditions, that the new system for internal control has to contain.

3.1 Enterprise Risk Management Framework

The description of the Enterprise risk management Framework is based on the draft that is presented by The Committee of Sponsoring Organisations of the Treadway Commission (COSO). The framework was released in July 2003 for public comment and is currently being revised. The final framework will be presented in the summer of 2004. COSO initiated this project to develop a framework that provides integrated principles and common terminology and practical implementation guidance to support entities to develop or benchmark their enterprise risk management processes. In this chapter I will look only at the integrated principles and the common terminology. The reason why the guidance for implementation is left out is because this thesis only covers the development of a system for internal control.

The underlying premise of enterprise risk management is that every entity exists to provide value to its stakeholders. Within TPG this is the case. Management has to decide how much uncertainty their entity is prepared to accept as it strives to increase stakeholder value. This uncertainty presents risk and therefore also opportunity. Enterprise risk management offers a framework to effectively deal with uncertainty and associated risk and opportunity and thereby enhance its capability to create value.

Enterprise Risk Management is a dynamic, multidirectional iterative process where every component influences another one. There is not one absolute ERM framework. Every organisation has different capabilities on risk management or differs in size or industry.

The goal of this paragraph is to describe the Enterprise Risk Management Framework on the basis of the report written by the COSO. The reason for this is that it is a condition for the new to be developed system for internal control. The eight components that shape the Enterprise Risk Management framework will probably form a big part of this new to be developed system. It is therefore indispensable to have knowledge about this framework. The conclusion of this chapter (which components of ERM have to be taken into account when I develop the new system for internal control) will form the input for the new to be developed system for internal control (chapter 6).

3.1.1 Framework overview

3.1.1.1 Definition of Enterprise Risk Management ERM is defined as follows:

Enterprise risk management is a process, effected by an entity’s board of directors,

management and other personnel, applied in strategy setting and across the enterprise,

designed to identify potential events that may affect the entity, and manage risk to be within

its risk appetite, to provide reasonable assurance regarding the achievement of entity

objectives.

(16)

This definition contains a few elements. These elements will be discussed in the order in which they occur in the definition.

ERM is a process, which means it is not an event but it is a series of actions that permeates an entity’s activities.

Employees affect enterprise risk management with what they do and say. But it also works the other way around. People are influenced by ERM. Every employee has different needs and abilities and therefore they all respond to risk in a different manner. ERM is a mechanism to help people understand risk in the context of the organisation’s objectives.

ERM is applied in strategy setting, in which management considers risks relative to alternative strategies. Each strategy encompasses new risks also. Therefore organisations have to identify the risks a strategy engenders before they commit themselves to the strategy.

To successfully apply ERM, an entity must consider its entire scope of activities. Activities at all levels have to be taken into account. ERM also requires an entity to take a portfolio view of risk. This means that managers have to make a risk-assessment for their business-unit. These risks combined give a view of the total risks, and this enables senior-management to determine whether the total risk is aligned with the organisation’s risk appetite.

Risk appetite is the amount of risk an entity is willing to accept in pursuit of value. Risk appetite is directly related to an entity’s strategy. It is considered in strategy setting, where the desired return of a strategy should be aligned with the entity’s risk appetite. ERM helps management in selecting a strategy that is consistent with the entity’s risk appetite. Emphasising the different strategic alternatives an organisation has when looking at the risks associated with the range of strategy choices does this. Various event identification and risk assessment techniques can be used for this

8

.

Well-designed and operated enterprise risk management can provide management and the board of director’s reasonable assurance regarding achievement of an entity’s objectives. Reasonable assurance implies that management realises risk and uncertainty related to the future, and the future is not always certain. There are also other reasons why only a reasonable assurance and no absolute assurance can be given. For example one can look at human limitations when making decisions or responding to risk, and employees can also circumvent controls.

Within the chosen strategy and mission an organisation determines its objectives. This framework views entity objectives as follows:

• Strategic – related to goals and mission of the organisation.

• Operations – related to effective and efficient use of resources.

• Reporting – related to the reliability of reporting.

• Compliance – related to the compliance with laws and regulations.

Enterprise Risk Management encompasses Internal Control

Internal control is an integral part of the Enterprise Risk Management framework. Internal control is defined in ‘internal control – integrated framework’. This definition is already mentioned in chapter 2 on page 12. The entirety of internal control – integrated framework is incorporated by reference into this framework. ERM is broader than internal control, expanding and elaborating on internal control to form a more robust conceptualisation focusing more fully on risk.

8 Look at appendix 2 for event identification techniques.

(17)

3.1.1.2 Framework Overview

Enterprise risk management consists of eight interrelated components (they are horizontally displayed). These components will be dealt with in this paragraph. The elements of a component will be displayed in a table, which is shown in each paragraph. There are four objective categories (strategic, operations, reporting and compliance). The third dimension displays the organisation and its units.

Relationship of objectives and components

Each component row “cuts across” and applies to all four objective categories. For example, financial and –non-financial data generated from internal and external sources, which is part of the information and communication component, is needed in strategy setting, and to effectively manage business- operations, report effectively and determine that the organisation is complying with applicable laws.

Similarly, looking at the frameworks objectives categories, all eight components are relevant to each other. Taking one objective category, effectiveness and efficiency of operations, all eight components are applicable and important to its achievement.

ERM is relevant to an entire enterprise or to an individual business unit. This relationship is depicted by the third dimension, which represents subsidiaries, divisions and other business units.

The eight components

Now the eight components of the framework are described. Each component will first be introduced.

In appendix 1 a table will show the elements the eight components contain. This will be done per element. These elements will be used in the new to be developed system for internal control. This of course depends on the question if the component will be used in the new system. If the component is actually used in the new system, it will be explained further in chapter six.

Figure 3.1. Framework for Enterprise Risk Management

(18)

Internal Environment

The entity’s internal environment is the foundation for all other components of enterprise risk management, providing discipline and structure. It encompasses the tone of an organisation and influences the risk consciousness of its people.

Objective setting

Objectives must exist before management can identify events that potentially affect their achievements. ERM ensures that management has a process in place to set objectives and that the chosen objectives support and align with the entity’s mission/vision and are consistent with the entities risk appetite.

Event identification

Potential events that might have an impact on the entity must be identified. This includes identifying factors – internal and external – that influence on how potential events may affect strategy implementation and achievements of objectives. Management identifies interrelationships between potential events and may categorise events in order to create and reinforce a common risk language across the entity and form a basis for considering events from a portfolio perspective

9

. Event Identification consists of the following elements:

Risk Assessment

Management has to consider both inherent and residual risk. Inherent risk is the risk to an entity in absence of any action management might take to alter either the risk’s likelihood or impact. Residual risk is the risk that remains after management responds to the risk. Identified risks are analysed in order to form a basis to determine how they should be managed. Risks should be considered in two ways: Likelihood and impact. Likelihood represents the possibility that an event will occur, and the impact represents its effect. An assessment can be done with two methodologies: qualitative and quantitative. The first one is often used when risks can not be quantified or when sufficient data for qualitative assessments are not available. Quantitative techniques are more precise and are used in more complex activities.

Methods for risk assessment that are described are divided in qualitative and quantitative methodologies. The following methods are mentioned: Benchmarking, Probabilistic models and non- probabilistic models

10

.

Management may assess how events correlate, where sequences of events combine and interact to create significantly different probabilities or impacts.

Risk Response

This component contains the responses used to align assessed risks with the entity’s risk appetite.

There are four categories of risk responses: avoidance, reduction, sharing and acceptance. To determine what kind of response would be best; management can consider for example cost versus benefits. After the selection of the response an implementation plan has to be developed. Risk

Control Activities

Control activities are policies and procedures, which are the actions of people to implement the policies, to help insure that managements risk responses are carried out. Control activities occur throughout the organisation at all levels and in all functions. The component control activities consists of the following elements:

9 For further explanation see appendix 2

10 For further explanation see appendix 3.

(19)

Information and Communication

Information is needed at all levels of an organisation to identify, assess and response to risk, and to otherwise run the entity and achieve its objectives. Information has to be clear about the role and responsibilities of employees.

Monitoring

Of course the whole process of Enterprise risk management must be monitored. Monitoring is a process that assesses the preference and functioning of its components over time. The process must also be modified if necessary to react dynamically to chances.

3.1.2 Effectiveness of Enterprise Risk Management

To be effective all eight components have to be present and should be functioning properly. This does not mean that they have to function the same way or that they have to be implemented the same way.

For example a small organisation can use a more flexible and less formal methodology for implementation.

ERM can be considered in the context of an organisation as a whole or as an individual unit. But also when effective ERM is considered for a unit, all eight components must be used as a benchmark.

When an organisation has joint ventures or partnerships there are two ways to ensure effective ERM.

First, the organisation may achieve effective ERM if it identifies the potential events that may affect the investment and in turn affect the organisations ability to achieve its objectives; ensures its risk assessment, risk response and control components appropriately address these events; and monitors the mechanisms it has designed to manage the risk associated with the investment. Alternatively, an entity may achieve effective ERM if it has monitoring mechanisms to ensure the investment vehicle itself has effective ERM

11

.

3.1.3 Benefits of Enterprise Risk management

Enterprise Risk Management (ERM) enables management to operate more effectively in a risk-bearing environment. ERM provides enhanced capabilities to:

Align risk appetite and strategy – Risk appetite is the degree of risk that a company is willing to accept in pursuit of its goals. Management considers the entity’s risk appetite first in evaluating strategic alternatives, then in setting objectives aligned with the selected strategy and in developing mechanisms to manage the related risks

Link growth, risk and return – Entities accept risk as part of value creation and preservation, and they expect return to coincide with the risk. ERM provides an enhanced ability to identify and assess risk, and establish acceptable levels of risk relative to growth and return objectives.

Enhance risk response decisions – ERM provides the rigor to identify and select among alternative risk responses, namely risk avoidance, reduction, sharing and acceptance.

Minimise operational surprises and losses – Entities have enhanced capability to identify potential events, assess risk and establish responses, thereby reducing the occurrence of surprises and related cost or losses.

Identify and manage cross-enterprise risks – Every entity faces countless risks affecting different parts of the organisation. Management needs not only to manage individual risks, but also to understand interrelated impacts.

Provide integrated responses to multiple risks – Business processes carry many inherent risks, and ERM enables integrated solutions for managing those risks.

Seize opportunities – By considering a full range of potential events, rather than just risks, management gains an understanding of how certain events represent opportunities.

11 The reason why a system is considered effective if it encompasses all eight components is not assessed. It is the opinion within the COSO report.

(20)

Rationalise capital – More robust information on risk allows management to more effectively assess overall capital needs and to improve capital allocation.

3.1.4 Which components are relevant for the new system for internal control?

As indicated in the introduction of this chapter, this paragraph will now display the relevant components of the enterprise risk management framework. The new internal control system will contain these components. To identify these I conducted an interview with a manager financial accounting

12

(appendix 4). The outcome of this interview is written here. Next to the interview with the manager financial accounting an unstructured interview with the former finance manager was conducted

13

.

Of the eight components of ERM none is more important than the other is. This means that all eight have to be taken into account when the new system for internal control is developed. This is also derived from the fact that ERM is only effective when all eight elements are at least present

14

.

This leaves us with all eight components for the new internal control system that are specified further:

Internal Environment, Objective setting, Event identification, Risk assessment, Risk response, Control activities, Information & Communication and Monitoring.

Looking at the interrelationship of the components, it is not relevant for EMN to look at four different levels (entity-level, division, business unit and subsidiary). Within EMN a distinction between headquarters and entities exists, but this will not be displayed in the new system.

3.1.5 Conclusion

This paragraph dealt with the Enterprise Risk Management framework from the COSO. This is one of the three conditions the new system for internal control has to comply with. First the framework was displayed. ERM consists of eight interrelated components that are shown in the form of a cube.

Subsequently the effectiveness of the framework was shown. In the last paragraph of this chapter I displayed which elements of the COSO framework were of importance for the system for internal control. An interview gave the answer to this question. All components of the COSO framework have to be incorporated in the new system for internal control

12 The Manager financial accounting within EMN is Niels Bronkhorst. He is also the principal of this assignment and next to this he is responsible for the process to standardise and harmonise the back-office processes of EMN.

13 These are two managers who work within EMN for a long time and are able to provide this kind of information. Of the 12 employees at EMN they are the two with the most knowledge on this subject.

14 See on previous page.

(21)

3.2 The European Foundation for Quality Management Model

This paragraph describes the framework ‘Introducing Excellence’ from the European Foundation for Quality Management Model. The reason for this is that it is a condition for the new to be developed system for internal control. The nine criteria that shape this framework will probably form a big part of this new to be developed system. It is therefore indispensable to have knowledge about this framework. What can be concluded from this chapter (which criteria have to be taken into account when the new system for internal control is developed), will form the input for the new to be developed system for internal control (chapter 6).

3.2.1 Framework Overview

The European Foundation for Quality Management Model is a framework that is based on nine criteria, from leadership to Key Performance Results, for achieving sustainable excellence in all aspects of performance. In this paragraph each criterion is assessed. This will start with a definition of the criteria and thereafter the sub-criteria will be displayed.

The first five ‘enablers’ criteria represent how the organisation undertakes key activities. The achievements are covered by the ‘results’. The model is based upon the premise that: ‘Excellent results with respect to, performance, customers, people and society are achieved through leadership driving policy and strategy, people, partnership and resources, and processes’.

The arrows emphasise the dynamic nature of the model. They show innovation and learning, help to improve enablers, which in turn will lead to improved results.

Leadership

Leadership is how leaders develop and facilitate the achievement of the mission and vision, develop values required for long term success and implement these via appropriate actions and behaviour, and are personally involved in ensuring that the organisation’s management system is developed and implemented.

Leadership

People

Policy &

strategy

Partnerships &

Resources Society results

Customer results People results

Processes

Key Performance

Results

Figure 3.2. EFQM - Framework

Innovation and Learning

Enablers Results

(22)

Four sub-criteria should be addressed, namely

• Leaders develop the mission, vision and values and are role models of a culture of excellence.

• Leaders are personally involved in ensuring the organisation’s management system is developed, implemented and continuously improved.

• Leaders are involved with customers, partners and representatives of society

• Leaders motivate, support and recognise the organisation’s people.

Policy and Strategy:

With policy and strategy is meant how the organisation implements its mission and vision via a clear stakeholder focused strategy, supported by relevant policies, plans, objectives, targets and processes.

Five sub-criteria should be addressed, namely

• Policy and strategy are based on the present and future needs and expectations of stakeholders.

• Policy and strategy are based on information from performance measurement, research, learning and creativity related activities

• Policy and strategy are developed, reviewed and updated.

• Policy and strategy are deployed through a framework of key processes.

• Policy and strategy are communicated and implemented.

People

With the criterion people is meant how the organisation manages, develops and releases the knowledge and full potential of its people at an individual, team-based and organisation-wide level, and plans these activities in order to support its policy and strategy and the effective operation of its processes.

People cover the following five sub-criteria that should be addressed:

• People resources are planned, managed and improved.

• People’s knowledge and competencies are identified, developed and sustained.

• People are involved and empowered.

• People and the organisation are in dialogue.

• People are rewarded, recognised and cared for.

Partnerships and resources

With partnerships and resources is meant how the organisation plans and manages its external partnerships and internal resources in order to support its policy and strategy and the effective operation of its processes.

The following sub-criteria should be addressed:

• External partnerships are managed

• Finances are managed

• Buildings, equipment and materials are managed

• Technology is managed

• Information and knowledge are managed

(23)

Processes:

With this criterion is meant how the organisation designs, manages and improves its processes in order to support its policy and strategy and fully satisfy, and generate increasing value for its customers and other stakeholders.

These sub-criteria should be addressed:

• Processes are systematically designed and managed.

• Processes are improved as needed, using innovation in order to fully satisfy and generate increasing value for customers and other stakeholders.

• Products and services are designed and developed based on customer needs and expectations.

• Products and Services are produced delivered and serviced.

• Customer relationships are managed and enhanced.

Customer Results:

What the organisation achieves in relation to its external customers.

The two following sub-criteria should be addressed:

• Perception measures relating to overall image, products and services, sales and after-sales support and loyalty.

• Performance indicators relating to the same indicators as the perception measures.

People Results:

What the organisation achieves in relation to its people.

People results cover the following two sub-criteria that should be addressed:

• Perception measures relating to motivation and satisfaction.

• Performance indicators relating achievements, motivation and involvement, satisfaction and service for personnel.

Society Results:

What the organisation achieves in relation to local, national and international society as appropriate.

Society results cover the following sub-criteria:

• Perception measures relating to looking at the organisation as a responsible citizen and its involvement in the community.

• Performance indicators relating to the perception measures.

Key performance results:

What the organisation achieves in relation to its planned performance

Key performance results cover the following two sub-criteria that should be addressed.

• Key performance outcomes relating to financial and non-financial outcomes.

• Key performance indicators relating to processes, external resources including partnerships, financial items, buildings and the like, technology and information and knowledge.

Innovation and Learning

In this framework innovation is defined as ‘the practical translation of ideas into processes and

systems’ and learning is defined as ‘the acquiring and understanding of information which ma lead to

improvement or change’.

(24)

3.2.2 Which criteria are relevant for the new system for internal control?

The results have to be taken into account also. To apply EFQM in an organisation the results are of much the same importance as the enablers. EMN has to look at people, society, customer and key performance results.

In an organisation that acts in a complex and dynamic environment like EMN, the innovation and learning is an aspect that has to be taken into account.

3.2.3 Conclusion

In this paragraph I dealt with the framework for ‘Introducing Excellence’ from the European

Foundation for Quality Management. It consists of nine criteria, that are divided in five enablers and

four results. For the new system for internal control all nine criteria are relevant. So both enablers and

results have to be present in the new to be developed system for internal control. To be able to

continuously improve innovation & learning is also relevant for the new system for internal control.

(25)

3.3 Investors in People

Investors in People is developed in the early nineties in the United Kingdom. The developers were employers' associations, trade unions and the government

15

. Investors in People is an international standard for quality improvement for personnel management.

The IIP certificate connects activities for training and development to the organisation’s objectives. It offers an alignment between employees’ expectations and wishes towards their career possibilities in an organisation. Existing procedures and processes can be assessed objectively, restructured and improved.

The purpose of this paragraph is to describe Investors in People because it is one of the three conditions for the new to be developed system for internal control so it is indispensable to have knowledge about this standard.

The key principles in this process are commitment, planning, action and evaluation. These principles are to be followed in a successive order.

3.3.1 Framework Overview

Each key principle has a few criteria. There are in total 12 criteria. These criteria will be dealt with per principle.

Commitment

The organisation has to fully commit to the development of the personnel in order to realise the goals that are set. Four indicators apply to the first principle of Investors in People.

1 The organisation actively supports the development of its employees.

2 Employees are to be encouraged to improve their own achievement and the achievements of others.

3 Employees are convinced their efforts are acknowledged by the organisation.

4 The organisation does its best to guarantee equal opportunities for its employees.

Planning

The organisation is clear on the goals its pursuits and what its employees have to do to accomplish this. Three indicators apply to the second principle.

5 The organisation has a plan that supplies the employees with clear goals that are understood by everyone.

6 The development of employees is in accordance with the goals of the organisation.

7 Employees know how to contribute to realise to the goals of the organisation.

Action

The organisation looks after an effective development of its personnel to increase the performance of the organisation. Two indicators apply to the principle action.

8 Managers promote the development of its employees in an effective way.

9 The instructions and development of the employees is effective.

15 www.iipnl.nl, May 14 2004.

Figure 3.3. Investors in People

Commitment Planning Action Evaluation

(26)

Evaluation

The organisation knows what kind of influence an investment in the employees has on the performance of the organisation. These three indicators apply to the last principle.

10 The development of employees increases the performance of the organisation, teams and individual employees.

11 Employees are aware of the influence that development of employees has on the performance of the organisation, teams and individual employees.

12 The organisation improves the development of its employees.

3.3.2 Conclusion

In this paragraph I dealt with the concept of Investors in People. This is a standard for quality

improvement for personnel management. IIP consists of four key principles, which are commitment,

planning, action and evaluation. With this thesis it is not possible to certificate EMN with IIP, but

nevertheless awareness towards the IIP principles can be triggered. The way IIP’s philosophy can be

incorporated in the new system for internal control is through the element People from the EFQM

framework.

(27)

3.4 Chapter Summary

In this chapter three conditions for the new internal control system were displayed, the COSO- framework, EFQM and Investors in People. From each of the three conditions the important issues were identified.

For the Enterprise Risk Management framework all eight components were identified as important components, namely Internal Environment, Objective setting, Event identification, Risk assessment, Risk response, Control activities, Information & Communication and Monitoring.

The relevant elements from EFQM are the five enablers, namely Leadership, People, Policy &

Strategy, Partnerships & Resources and Processes. This is mainly because EMN currently is in the middle of standardising and harmonising the processes. But next to these five enablers also all results are considered relevant. So, the people, customer, society and key performance results are relevant for the new system for internal control.

What is important from IIP is that EMN wants to get the right people at the right place. The IIP philosophy can be incorporated in its entirety in the People component in EFQM.

In table 3.4 I the conclusions of chapter three are stated.

ERM EFQM IIP

Internal Environment Leadership IIP

Objective Setting People

Event Identification Policy & Strategy

Risk Assessment Partnerships & Resources

Risk Response Processes

Control activities People Results Information & Communication Customer Results

Monitoring Society Results

Key Performance Results

means that this element should be present in the new to be developed framework for internal control, in one form or another

The reason why this table is showed is that choices have been made within this research concerning this matter and eventually all elements of the three conditions were considered relevant for the new to be developed system for internal control. These choices have been made together with the three employees at EMN who have the most knowledge on the specific subjects. Within another organisation these choices could have been different. This would then result in a different system for (internal) control.

Table 3.4. Important elements of the conditions

(28)

Chapter 4 Risk & Risk Management

In this chapter attention is given to the subjects risk and risk management. This is done because risk is seen as an important component in the new to be developed framework. The reason for this is that the new control system has to comply with Enterprise Risk Management, in which risk is evidently important. Risk management is dealt with because an increase in internal control, the ultimate goal of the research, can be achieved through identifying and controlling the risks an organisation is facing.

In the first paragraph attention will be given to what risk is and in the second paragraph how risk can be managed.

The purpose of this chapter is to compare what is said in the theory on risk and risk management with what is said in the three conditions described in chapter three on this subject. This is of course especially done in the Enterprise Risk Management framework. If the theory can provide some new insights, this will be incorporated in the new to be developed system for internal control, which will be done in chapter 6. This chapter therefore has the purpose to enrich this new system on the subject of risk and risk management.

4.1 Risk

Risk is defined in a lot of different ways. In this paragraph a few of them are named.

Miller (1992; p. 312) claims risk is usually associated with negative outcomes and is used in reference with unanticipated variation or negative variation. Risk can be referred to as the unpredictability in corporate outcome variables or performance that cannot be forecasted ex ante. With corporate outcome variables like the variance of return on equity, return on assets and return on sales are meant.

The unpredictability is caused by the uncertainty about environmental and organisational variables and therefore increases risk.

Risk (Ciechanowicz, 1997; p. 224) can also be defined as ‘The potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the asset (i.e. an impact)’. This definition will be clarified by explaining the different components.

Assets: At the highest level this is understood to mean anything that is of value to an organisation. This will include for example computer hardware, employees and buildings.

Impact: This is defined as the consequence of an unwanted incident (either accidental or deliberate) affecting a set of one or more assets. The consequences can be a loss of availability, integrity, confidentiality, authenticity, as well as destruction of assets.

Threat: A potential violation of security. Threats may be environmental (e.g. earthquake or floods) or of human origin (accidental or deliberate). Examples are hacking, theft and eavesdropping.

Vulnerability: A character of property of an asset or group of assets which can be exploited by a threat (i.e. that makes it easier for the threat to get through) to cause loss or damage.

COSO divides risk into two categories: Inherent and residual risk. Inherent risk is the risk to an entity in the absence of any action, management might take to alter either the risk’s likelihood or impact.

Residual risk is the risk that remains after management has responded to the risk.

The risk that can potentially be eliminated by diversification is called unique

16

. Unique risk stems from the fact that many of the perils that surround an individual company are peculiar to that company and perhaps its immediate competitors. But there’s also some risk that you can’t avoid, regardless of how much you diversify. This risk is generally known as market risk (Brealy and Myers, 2000; p.

167).

16 Can also be called unsystematic risk, residual risk, specific risk or diversifiable risk.

Referenties

Download het nu ( PDF - 72 pagina - 429.75 KB )

GERELATEERDE DOCUMENTEN

Het mooie verhaal tijdens een crisis : een experiment naar het effect van storytelling tijdens een crisis op het corporate imago

Uit de MANOVA komt echter naar voren dat er geen significant verschil is tussen de drie groepen; participanten die zijn blootgesteld aan geen (storytelling en) alignment met

De relatie tussen visie en beleid bij het socialemediagedrag van medewerkers : kwalitatief onderzoek naar de manier waarop organisaties in Nederland omgaan met het socialemediagedrag van medewerkers van de organisatie

De respondenten zijn geselecteerd op basis van hun beroep en dagelijkse werkzaamheden: Ze zijn communicatieprofessionals die zich in hun dagelijkse werkzaamheden bezighouden met

Risk Matters: An approach to mitigate risk in the sourcing process

this phase showed less mitigation strategies specific to the contracting risk, but rather was used to reduce the impact of risks stemming from the supplier selection, as

Tijdelijk hogere sojaprijzen door diermeelverbod

Onder voorbehoud van de weersomstandigheden zal het aanbod in de belangrijkste productiegebieden dit jaar duidelijk hoger uitvallen, zodat de extra vraag vanuit de EU hier

Risk management: the management accountant as a risk or as a controller of risk

I expected that management accountants with a compliance and control expert role would approach risk management in a quantitative enthusiastic way.. I observed some

RISK MANAGEMENT AND ORGANIZATIONAL CULTURE: TOWARDS AN UNDERSTANDING OF MANAGING THE RISK CULTURE

It is introduced that the risk culture of firms may form a key element in understanding where to improve risk management and to guide appropriate

Trust,  control  and  risk:  The  trust-­‐control-­‐risk  relationship  in  strategic  alliances

[r]