The road to compliance within the Dutch housing corporation sector

The road to compliance within the

Dutch housing corporation sector

Research regarding the requirements for issuing an in control

statement by Dutch housing corporations

Name: Barry Bakker

Student number: S0991511

Course: MSc BA – Organizational & Management Control

Date: 24-08-2010

2

Preface

In front of you lies the result of a desk research on the topic of the possibility of issuing in control statements by Dutch housing corporations. The applicable thesis forms the closing part of the master Organizational & Management Control at the Rijksuniversiteit Groningen.

Started out in 1998 with the Dutch version of Business Administration, Bedrijfskunde, also at the Rijksuniversiteit Groningen, one can imagine that after a long road I am very happy to finally be at the point of finishing my study. Already in November 2005 I started working fulltime at the international accounting firm Deloitte, where, in 2009, I had gained the idea for performing a

research on the topic of Dutch housing corporations being in control. Amongst others, this was due to the fact that Deloitte itself was performing a study on Dutch housing corporations becoming in control. I played a small part in the applicable study and writing the resulting manual, but due to a switch in employer in January 2010, unfortunately it was not allowed for me to use the resulting figures of the Deloitte study for the sake of this thesis. After consulting my thesis supervisor, Pieter

Molenaar, the decision was made to alter the research strategy, which ultimately resulted in this master’s thesis.

Already mentioned above, I would like to use this opportunity to thank Pieter Molenaar for his clear feedback, solid advice, but most of all the patience he has raised during the course of this thesis. Furthermore, of course the support of friends, parents and parents-in-law, which was always very

welcome. Finally, and most of all, I would like to thank my girlfriend for her continuous support, constructive criticism and unconditional belief in me during the entire course of my study.

Groningen, August 2010

3

Table of Contents

Preface

2

1. Introduction

5

1.2.1 Dutch housing corporations 5

1.2.2 The Dutch Governance Code 6

1.3 Research design 7

1.3.1 Objective definition 7

1.3.2 Question definition 8

1.3.3 Theoretical framework 9

1.3.4 Definitions and conceptual model 10

1.3.5 Research strategy 12

2. Theory and Literature

14

2.1 Dutch Housing Corporations 14

2.1.1 The organization and environment 14

2.1.2 Housing corporations’ stakeholders 15

2.1.3 Market trends 15

2.1.4 Conclusion / Summary 16

2.2 The necessity to be in control 17

2.2.1 In control practice and theory 17

2.2.2 Corporate Governance 20

2.2.3 Housing corporations governance 22

2.2.4 Conclusion / Summary 23

2.3 The requirements to be in control 24

2.3.1 Management control 24

2.3.2 Organizational control 24

2.3.3 Risk control 25

4

2.4 In control statements 27

2.4.1 The Dutch situation 27

2.4.2 A statement of what? 28

2.4.3 Embedding ICS in the management cycle 28

2.4.4 ICS implementation 29

2.4.5 Success and fail factors 30

2.4.6 Conclusion / Summary 31

3. Research methodology

33

3.1 Necessary data 33

3.2 Data selection and collection 34

3.3 Data analysis 34

4. Data analysis

35

4.1 Elements of control 35

4.2 Comparison of Dutch housing corporations 37

4.2.1 Woonpartners Midden Holland 2008 37

4.2.2 Woonpartners Midden Holland 2009 39

4.2.3 Domesta 2009 40

4.3 Conclusion / Summary 43

5. Conclusions and recommendation

44

5.1 Objective and question definition 44

5.2 Limitations and recommendations 48

5

1. Introduction

1.1 Background

In the past several years multiple accounting scandals within big multinationals all over the world have made the daily news. The most renowned are the scandals within Ahold, Parmalat, Worldcom and of course Enron. What happened with these companies is that the annual account did not give a true and reliable image of reality due to the fact that these particular companies have tampered

with their financial figures. This incident is also known as accounting fraud. What it comes down to is that these companies were not as financially strong as presented in their annual account. A consequence can be that the company needs to file a profit warning, as a result of which stock and bond prices will fall sharply. Best case scenario is that everything blows over and the company is able

to get back on its feet and continue its normal operational management. Worst case scenario, on the other hand, is that the company needs to shut down its operations and file for bankruptcy.

It should be clear that the accounting scandals mentioned above are disastrous for the concerning organization, as well as for the stockholders which have invested in the particular organization. Basically, for this reason Corporate Governance Codes and legislative acts have been introduced

since 2002, to which different organizations at different level need to live up to. The difference between a code and an act is that an act is an actual legislation whereas a code is a set of guidelines which can be used to execute this legislation. The Sarbanes-Oxley Act (SOx) is the first and probably the most renowned of these codes. Every organization which is quoted at the American stock exchange or every foreign organization with an affiliate which is quoted in America, need to live up

to SOx regulations and fulfill SOx requirements. In The Netherlands the “Code Tabaksblat” is the standard. Both aim at reaching “good governance” using various principles and articles.

1.2 Context

1.2.1 Dutch housing corporations

As a consequence of the Code Tabaksblat, as it is implemented in The Netherlands and applies to companies quoted on the Dutch stock exchange, the “Governance Code” came into existence. The Governance Code applies specifically to housing corporations founded in the Netherlands. In The

6 amongst other things, building, renting out and managing social rental houses. In order to finance and operate their predetermined policy, the housing corporations together have an estimated financial capacity of several tens of milliards of Euro’s (Deloitte, 2006, p. 9). The housing corporations are free in their choice of how to spend this money. Taking this into account the question arises whether and how much risk the housing corporations should and are allowed to

take, how to resist the investment pressure which arises from the environment in which they operate en when the housing corporations are actually performing well and according to plan and policy. By performing well and according to plan, performance in accordance with the business process descriptions is meant. So doing the work in the manner as it is written down in work

descriptions in accordance with the responsibilities which are given to certain positions within the organization. By working in accordance with the business process descriptions, organizations actually give direction and control their business.

1.2.2 The Dutch Governance Code

The Dutch Governance Code is applicable as of January first 2007 and is in principle applicable to all housing corporations who actually acknowledge the Governance Code. Just as by means of the Code

Tabaksblat, the Governance Code requests housing corporations to provide optimal transparency regarding their actions and the corresponding accountability. In this case the “comply or explain” principle holds, meaning that the applicable corporation has to follow the rules and articles as stated in the Governance Code or, in case of deviation from these rules or when a certain rule does not apply to the particular corporation, has to explain why the rule and/ or article does not apply.

An outcome of compliance to the Governance Code can be that the housing corporations’ Board of Directors can possibly issue an “in control” statement. That is, the Board of that particular housing corporation states that it has insight in the risks which can arise within their organization and working environment and subsequently adequately control these risks. Thereby assurance regarding

the faithfulness of the financial reports is reached as well as assurance regarding the daily transactions (business processes) within the corporation. Especially this last aspect is important when looking at the large amount of different housing projects the corporation has to face on a daily basis. Within these projects and project administrations many different items are discussed, agreed upon, communicated and arranged and therefore it is of the utmost importance that all of this is

7 fraudulent activities. In short, what needs to be reached is control of risks within the corporation as well as control of operational business processes and communication thereon.

1.3 Research design

In the previous section the general context of this thesis is explained. In the following section the research design of the thesis is presented. The design of a research consists of two components, that is, the conceptual design and the technical design (P. Verschuren, 2007, p. 16). In this section the conceptual design is presented. In the conceptual design a reflection is given on what is to be

reached with the research. In other words, what is the objective of the research. The objective definition of this research is presented underneath:

Objective definition: To provide insight in the requirements for Dutch housing corporations to become in control and thereby being able to issue an in control statement.

In order to be able to reach the objective as stated above, research questions need to be formulated

and answered. But before going into the matter of presenting relevant research questions, a research model is presented. According to Verschuren & Doorewaard (2007), a research model is a useful schematically reproduction of the objective of the research and the steps that need to be made in order to reach the research’s objective. Underneath the basic model for this research is presented:

Dutch housing corporation literature

In control statements

Current policy Dutch housing corporations In control requirements Conclusions and recommendations Control theory Corporate Governance theory

8 As can be seen in the research model as presented above, the research starts with an investigation in current literature on Dutch housing corporations as well as different theories on corporate governance, risk control and general in control issues. This is done to gain insight in the various aspects of the topic of being in control. In paragraph 2.2.1 up-and-to 2.2.3 this is elaborated. Based on this information the requirements for becoming in control are acquainted, which is to be found in

paragraph 2.3. Thereupon information regarding the conditions for issuing an in control statement is presented and is to be found in paragraph 2.4. At the same time the current situation regarding being in control is investigated. This is done based on the annual reports of a number of Dutch housing corporations. Paragraph 4.2 provides further insight on the matter.

1.3.2 Question definition

Now that the objective of this thesis is known as well as the research model, several questions need to be formulated in order to achieve the presented objective. These research questions are chosen and formulated in such a way that the answers to these questions are necessary or useful for realizing the objective definition. Together, these questions form the question definition of the research (P. Verschuren, 2007, p. 95). The question definition for this research is presented

underneath:

Question definition: Which conditions do Dutch housing corporations need to fulfill in order to become in control and thereby being able to issue an in control statement?

As mentioned, in order to provide a complete and comprehensive answer to the question definition as stated above, as well as to make sure that the research will be performed in a proper and

structured manner, the following sub questions need to be answered:

1.What is a Dutch housing corporation?

2.Why should a Dutch housing corporation be in control?

3.When is a Dutch housing corporation in control?

9 When all sub questions have been answered, the conditions for issuing an in control statement by Dutch housing corporations are acquainted and therefore an answer to the research’s question definition can be provided.

1.3.3 Theoretical framework

In the previous paragraph the central question definition and associated sub questions are presented. In this paragraph a little more insight is given in the literature to be used in order to

answer the various sub questions.

Sub question 1 deals with defining Dutch housing corporations as entities as well as the market in which they operate. This is done in order to gain insight in the main research objective of this thesis. Accounting firm Deloitte has performed research amongst Dutch housing corporations. In the

resulting report a lot of information regarding Dutch housing corporations is presented. Furthermore, on the websites of Aedes and Centraal Fonds Volkshuisvesting information regarding housing corporations can be found. The Aedes association is a collective advocacy for Dutch housing corporations that works together with her members in order to professionalize the industry. Centraal Fonds Volkshuisvesting is the financial supervisor of the housing corporation market. It is an

independent administrative body set by the ministry of VROM.

Sub question 2 goes in to the matter of the necessity for Dutch housing corporation to gain control over their risks and daily business processes and thereby reaching a state of being in control. Strikwerda (2005) talks about the essence of being in control, that is, when the Board of Directors of an organization can state that they are in control. Furthermore, Simons (1995) has written an article

about managers gaining control in organizations that demand flexibility, innovation, and creativity (Simons, 1995, p. 80). Finally, because corporate governance is inextricably connected with different forms of control and moreover forms the basis for control elaboration, literature and theory on corporate governance is discussed in this section.

Sub question 3 discusses the requirements of being in control. A general understanding of controls and control systems is provided by Merchant & Van der Stede (2007). They state that “Management control failures can lead to large financial losses, reputation damage, and possibly even to organizational failure” (K. A. Merchant, 2007, p. 3). Furthermore, Birnberg (1998) has written a useful article on the evolution of organizational control. He states that a shift in focus from

10 changing environment in which contemporary organizations exist. This, as a consequence has an impact on the design of the organizations’ control system (Birnberg, 1998, p. 27). Finally, also risk control is a topic which will be discussed in this section, because control over organizational risks is one of the most important aspects of being in control. A short introduction on the topic comes from Hubbard (2003). Amongst other things he discusses the control activities necessary to mitigate or

fully control present risks (Hubbard, 2003, p. 23-25). A second useful article is that of Solomon, Solomon, Norton & Joseph (2000). A discussion on the relationship between corporate governance and risk disclosure is set out as well as the arrangement of a framework for internal control (Solomon, Solomon, Norton & Joseph, 2000, p. 447-478).

Sub question 4 deals with the actual in control statement. Starting point for answering this question is an abstract from Van der Sanden (2006) who writes about in control statements after the so called “Commissie Frijns”, which is a Dutch corporate governance monitoring commission and investigated the compliance to the Code Tabaksblat. Furthermore, Driessen et al (2003) discus the in control statement as a certificate concerning the quality of business and answer the question to which

degree management controls their business processes (J. Driessen, 2003, p.1). Finally, the report by Deloitte (2009) is useful in answering this sub question. In the report Deloitte actually provides a proposal on how a possible in control statement could be issued and what it should look like.

1.3.4 Definitions and conceptual model

The final part of the conceptual design of this research is the presentation of a conceptual model, in which a visual overview is provided of the key elements of this research as well as the relationships

between them. The key elements presented in the objective definition and the question definition are presented underneath as well as a definition for these elements as used in this thesis:

Dutch housing corporation: A housing corporation is a non-profit organization which primarily focuses on building and managing affordable living space. In this research only

housing corporations situated in The Netherlands are under discussion.

11
In control statement: An in control statement is a declaration from the Board of Directors in the form of a certificate concerning the quality of business and answers the question to which degree management controls their business processes (J. Driessen, 2003, p.1).

Uncertainty: Uncertainty is present when it is not possible to indicate whether an event will occur. Besides not being able to tell about possible occurrence also the amount of possible

occurrences is unknown.

Risk: In this thesis risk is defined as an uncertainty which can (negatively) affect the organizational goals. The degree to which the impact of a risk can affect the organization is determined by the impact multiplied by the chance that the risk actually occurs.

Business process: A business process is a series of structured activities or tasks that produce a service or product. In this research the business processes of housing corporations are defined as the daily operational activities and tasks of the employees of the housing corporation along with the associated communication.

Corporate governance: Corporate governance is a relationship among stakeholders which is used to determine and control the strategic direction and performance of organizations (M.A. Hitt, 1999, p. 353). Furthermore, corporate governance concerns the management of the organization, the associated internal supervision and the internal and external accountability on the matter.

Now that the key elements of this thesis are defined a conceptual model of the research objective

can be presented. In short, a conceptual model is a collection of key definitions between which certain relationships are supposed (P. Verschuren, 2007, p. 279). In this thesis it is a visual design of the research in which is determined what is being investigated and therefore also what not.

12

The conceptual model as presented above should be read as follows. The main starting point for the

current research are governance issues in the Dutch housing corporation sector. Corporate governance, as defined earlier, concerns amongst others the management of an organization as well as the arrangement of the internal supervision and the internal and external accountability. Corporate governance in turn affects the control of housing corporations’ risks as well as the business processes. When the applicable housing corporation manages to cope with present risks,

governance issues as well as being able to work in accordance with predefined business processes, the housing corporation can reach a state of being in control. Being in control in turn is a prerequisite for issuing an in control statement by the corporations’ Board of Directors thereby guaranteeing that the corporation operates according to business processes and can cope with present risks.

1.3.5 Research strategy

As mentioned in the beginning of this chapter a research typically consists of two components, that is, the conceptual design and the technical design. In the previous section the conceptual design is presented and discussed. In the following section the technical design will be under discussion. The technical design deals with the question of how the research object will be approached and how the

research itself is conducted. Furthermore, insight is provided in the way the research material is generated.

Management control

Corporate governance

Risk control

Dutch housing

corporation in control In Control statement

Figure 2: Conceptual model

13 The research can be characterized as a qualitative research, because the data used cannot be seen as absolute, objective data. Mostly different perspectives and opinions will be investigated. Furthermore, another characteristic of qualitative research is that multiple data sources will be used in the research and that the focus is on understanding the applicable situation (P. Verschuren, 2007, p. 201-207).

The first part of the research can be characterized as desk research. Desk research can be performed within three different categories, namely:

Literature;
Secondary data;

Official statistical material

Starting off with investigating current existing literature an understanding of the topic under discussing is generated. Literature to be used is mentioned earlier in this thesis. Furthermore, after investigation of the literature, the requirements for the issuance of an in control statement by the Board of Directors of a housing corporation are acquainted.

The second part of the thesis also consists of desk research, but this time secondary data is under investigation. The data to be used are the annual reports of a selected group of Dutch housing corporations. This is done in order to find out to which degree these housing corporations actually are in control and, if not, to provide recommendations based on the literature research what can be done by the applicable housing corporations to reach a state of being in control and thereby being

14

2. Theory and Literature

2.1 Dutch Housing Corporations

Dutch housing corporations are the topic of investigation of this thesis. Therefore it is important to gain insight in how these organizations are managed as well as to gain insight in the environment in which they operate. Furthermore, housing corporations are defined as non-profit organizations, which basically means they do not have a profit generating strategy and/ or focus.

2.1.1 The organization and environment

In The Netherlands most rental homes are property of housing corporations. These housing

corporations traditionally are associations, but nowadays also are categorized as foundations. Many housing corporations after and as result of the Dutch Housing Act which came to effect in 1902 (http://www.vrom.nl). In turn, the Housing Act is arranged into two general enactments of government, namely the Besluit Centraal Fonds Volkhuisvesting (BCFV) and the Besluit beheer

sociale-huursector (BBSH) (http://www.cfv.nl).

Housing corporations are social, non-profit organizations which means that they do not have a profit generating strategy and are focused on so called corporate social entrepreneurship. Their main task and responsibility is building, managing and renting out affordable living space. Furthermore, they have a public, social task to fulfill. They need to do this in a market environment where they have to

employ there resources in the most efficient en effective way in order to realize their goals as well as to take care of their own financial continuity (Ministerie van VROM, 2006, p. 2).

As said, housing corporations are active in a market environment. With this, I mean that housing corporations move between government and market. Important and interesting is to find out to which extend housing corporations are able to make their own decisions with regard to, for instance,

financial investments. Fact is that (financial) privatization of Dutch housing corporations has been shaped and implemented since so much as fifteen years ago. Nevertheless, housing corporations are still only allowed to make investments in the interest of housing facilities and not in a different market and/ or facility. As mentioned earlier, these responsibilities and possibilities are captured in

15 The Dutch ministry of Volkshuisvesting Ruimtelijke Ordening en Milieubeheer (VROM) and the Centraal Fonds Volkshuisvesting (CFV) are in turn responsible for the external supervision on Dutch housing corporations meaning that these organizations keep an eye on, amongst others, the financial investments of housing corporations. Furthermore, the ministry of VROM sets policy regarding rent increase, rent subsidy as income limits and the corresponding grants to be paid

(http://www.vrom.nl). The CFV is an independent board which is constituted by the ministry of VROM and is the financial supervisor for the housing corporation sector. On a yearly basis the financial position of individual Dutch housing corporations is reviewed and CFV reports on these findings for the corporation sector as a whole.

2.1.2 Housing corporations’ stakeholders

Typical stakeholders of housing corporations are tenants, municipalities, project developers, care- and welfare institutions and so forth. Especially tenants are an important group, because this stakeholder group is the reason why housing corporations exist, the raison d’être if you will. Furthermore, project developers are an important supplier, partner (financially as well as organizationally) and competitor (when it concerns acquiring new building locations) to housing

corporations. Municipalities are an important stakeholder because of the performance agreements which are made with housing corporations. Municipalities are interested in upgrading the livability of cities, city districts and neighborhoods, which can be achieved in collaboration with housing corporations. Furthermore, also for, for instance, building permits the municipalities are an important stakeholder. A final important stakeholder group concerns care- and welfare institutions.

Again, housing corporations have a public, social task to fulfill, which also concerns taking care of special living facilities for disabled, elderly of chronically ill people. Cooperation with care- and welfare institutions makes it possible for housing corporations to fulfill these tasks.

2.1.3 Market trends

Transparency and accountability provided by Board members of, mostly large, organizations is a topic which has received more and more attention over the past decade. This is, amongst others,

16 operational business, but also on topics as risk management, internal control and internal as well as external supervision.

Much is written regarding the provision of accountability over operational, daily business processes. This is to be found in, amongst others, the Governance Code. Principles of good governance and providing public, social accountability for the current policy and risk management are main topics of

the Governance Code. The control of daily operational business is becoming more important by the minute. In order to capture the information regarding the topics mentioned above, an in control statement can be used. This ultimately provides an answer on the question to what extend a housing corporation is in control. An ICS can thus be described as a notice from the board members

regarding the quality of business and answers the question to what extend management controls (daily) business processes.

2.1.4 Conclusion / Summary

Housing corporations are social, non-profit organizations, meaning that they do not have a profit generating strategy. The main focus is the provision of affordable living space. Dutch housing corporations are active in a market environment, which means that they move between government

and market and are therefore not solely responsible for all their decision making, especially with regard to financial investments.

Typical stakeholders of Dutch housing corporations are its tenants, which are probably the most important stakeholder group, municipalities, project developers and care and welfare institutions. Transparency towards these stakeholders regarding its operational business is becoming a more and

more important topic for Dutch housing corporations. Due to their strong public, social task providing transparency and being accountable is maybe even more important for housing corporations than for profit organizations. This (social) accountability is, amongst others, a topic which is described in the Dutch Governance Code for housing corporations and necessary in order

17

2.2 The necessity to be in control

When discussing the necessity to be in control it is important to gain insight in what is meant by this. As mentioned in paragraph 1.3.4. Definitions and conceptual model, being in control means that the

applicable organization (in this case the housing corporation) knows which organizational risks are present. Furthermore, it means that the organization is able to cope with the risks present, that is, it is not so much necessary that the organization eliminates all risks but more important the organization is able to mitigate the consequences of present risks. Finally, by being in control is

meant that the organization is performing in accordance with present business process descriptions. These business process descriptions are in turn in alignment with the organizations’ overall business strategy.

2.2.1 In control practice and theory

In recent years an increasing interest in risk management has risen, triggered by several (accounting) scandals which have had an enormous negative impact on the applicable organization as well as its

stakeholders (http://www.utn.nl). Legislators from countries all over the world have reacted by installing various acts and/ or legislative procedures which are to ensure that scandals with a scope and impact as large as we have witnessed in the last decade, will not happen again. This is, amongst others, provided by mandatory organizational screening and risk inventory and control. Probably the most renowned act is the Sarbanes-Oxley Act (SOx) which is passed on by US Congress in July 2002.

SOx imposed new requirements for corporations listed on the United States Stock Exchange (Merchant & Van der Stede, 2007). Improvement of transparency, timeliness and quality of financial reporting is one of the main goals of SOx.

Also, practice shows that stakeholders of organizations, for instance employees, clients, stockholders etcetera, want to know whether they are dealing with a reliable partner which operates socially

responsible. As a consequence it becomes more and more important for an organization to show that they are in control. And as mentioned above, not only should be certified that the financial figures are correct, but also insight is to be provided in the manner that organizations control their daily operational business. Statements regarding this last topic are demanded by stakeholders.

18 in this case the Dutch, stock exchange (Renes, 2004, p. 20). Code Tabaksblat arranges governance issues for organizations quoted at the Dutch stock exchange. In contrast to the Sarbanes-Oxley Act, the Dutch Code Tabaksblat applies the ‘comply or explain’ principle, which means that Dutch organizations have a certain freedom in arranging their risk paragraph (Groenland, Daals & Von Eije, 2006, p. 21). Tabaksblat has a broader perspective than SOx. It monitors the actual application of the

code on a milder level than SOx, due to the fact that an external audit on the code does not (have to) take place and whoever does not comply to the code has to explain why compliance does not take place, but does not get “punished” for non compliance.

Strikwerda (2005) elaborates on the question “when the Board of Directors is in control”? On the

question it self is not much written. Nevertheless, Strikwerda (2005) indicates that eight different aspects of in control can be distinguished:

1. The resource dependency conception; here applies that the organization is out of control when it does not have control over its resources as necessary for the continuity of the organization.

2. The power conception; organizations without market power, but also lack power towards institutions as government institutions which are important for the continuity, is out of control.

3. The system conception; the organization which has less variety in its acting, products or speed of adaption or is less quick in adjusting its costs or does not adapt to market

developments quick enough, is out of control.

4. The institutional economic conception; main point is that decisions made by the Board of Directors are being corrected by either the market or the Board of Supervision before it is corrected by its clients/ customers. When this last happens, the organization is said to be out of control.

5. The legal – accounting conception; the necessity for correct capture of historical data in order for the Board of Directors to fulfill its legal obligations.

6. The management conception; the organization is out of control when organizations management is not able to meet preset goals of to take measures to make sure that preset

19 7. The ‘principle of action’ conception; the supervisory board only intervenes when necessary

and does not flee for problems. If not, the organization is said to be out of control.

8. The psychological conception; this final conception assumes that a system is present that is in constant awareness of the above mentioned psychological legal aspects of corporate governance and that consultation regarding necessary correction occurs. When this is not

the case, the organization is out of control.

What it comes down to and also what Strikwerda (2005) stipulates is that in essence the organization needs to be in control with regard to its future and not, in accordance with Tabaksblat, with its past. This fits my own view of in being in control and does make an excellent point; look at

the future and not the past when talking about being in control. Redirecting an organization or managing it, must be done with future goals and strategy in mind. This is, at the same time, the importance and essence of being in control.

An important element which forms the basis of the road to compliance regarding in control rules and legislation is the ability to test whether the applicable organization is in control. Amongst others,

a sound and reliable administration needs to be present, but maybe even more essential is a thorough understanding of the (environmental) changes which occur and the possibility for the organization to act accordingly and sufficient (Strikwerda, 2005, p. 6). Import aspect of in control tests related to corporate governance should be whether the organization has organized a system of management control and also actually applies this system in accordance with international

literature. This is also mentioned by Simons (1995) who states that the essence of control failures is related to failures in management control systems or the applicable control mechanisms if you will. In short, according to Simons (1995) in an ever quickly changing environment, organizations’ managers should encourage employees to initiate process improvements and new ways of responding to customers’ needs, but always in a controlled way. Control should be defined narrowly,

measuring progress against plans to guarantee the achievement of preset goals (Simons, 1995, p. 81). Finally, due to the fact that management control should be an indispensible part of an organization being in control, also risk management will be addressed.

Risk management is an essential part of management control. Without thorough risk management,

20 risk effects or possibilities to take away causes that lead to risks is really important. With regard to this, Strikwerda (2005) states that due to the fact that in The Netherlands two highly unfortunate definitions of corporate governance are acknowledged, the pressure to install and apply a professional management control system is insufficient. This particularly holds for the public sector.

2.2.2 Corporate Governance

As can be read above, the step from control theory and practical examples to corporate governance

is easily made. Also, a lot of literature on the topic of being in control is often linked to corporate governance. As I defined earlier corporate governance is the relationship amongst stakeholders that is used to determine and control the strategic direction and performance of organizations (M.A. Hitt, 1999, p. 353). Furthermore, corporate governance concerns the management of organizations, the

corresponding supervision and external accountability.

According to Merchant & Van der Stede (2007) corporate governance systems and management control systems (MCSs) are inextricably linked. This opinion is supported by Strikwerda (2005). They argue that a corporate governance focus is slightly broader than an MCS focus is. The MCS focus can be described as a top down focus, because it takes the perspective of top management and asks

what can be done to ensure that employer behavior is in accordance with organizational strategy. The corporate governance focus in turn is concerned with the control of top management behavior and through their direction, that of all employees. Thus corporate governance adds the concern for controlling the behaviors of top management (Merchant & Van der Stede, 2007, p. 577).

So corporate governance combines rules, legislation, codes and policies to influence the way

organizations are managed and controlled. The way in which this is organized differs from country to country. Nevertheless, a generally accepted organization regarding the governance principles has erected and has been the standard since several decades. This organization is the Organization for Economic Co-Operation and Development, hereafter OECD. The OECD uses a broad definition for

corporate governance. It states that corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Furthermore, it provides the structure through which the objectives of the organization are set and the monitoring of the performance is determined. Good governance should provide proper incentives for the board and its management to pursue objectives that are in alignment with the organizations strategy and

21 The different definitions and elaborations on corporate governance presented above have in common that they all state that corporate governance regards the creation of certain guarantees that preset organizational goals are realized. This means that it ultimately regards the activities of managing, controlling, justifying (accountability) and monitoring. Underneath a visual overview of these activities and the mutual relationships is presented.

Figure 3 is an overview of the settlement of the mutual consistency of the method of managing, controlling, justifying and monitoring of an organization. This settlement is directed towards an

effective and efficient realization of preset goals and the open communication towards organizational stakeholders.

Starting of with managing, this means so much that in this stage organizational direction is settled by defining organizational strategy, goals and desired performance. Amongst others, this is linked to general risk management of the organization. When these aspects have been defined, the

translation of the defined strategy, goals and performance into organizational structure takes place. This typically is a controlling exercise, meaning that all necessary procedures and measures will be installed in order to ensure that the organization stays on its preset strategy. Furthermore, the installed procedure and measures should be able to identify present or upcoming risks and mitigate the effects of these risks. Hereafter, justification of operational activities takes place. Mostly this

justification regards external justification towards the organizations stakeholders. Finally monitoring of organizational performance as well as present risks takes place. This actually is an ongoing process of measuring whether the organizations stays within preset boundaries, follows preset strategy

Managing

Controlling Monitoring

Justifying

22 towards preset goals and stays within preset risk acceptance boundaries. Once the organization is able to comply with the above cycle, it goes towards a state of overall control.

Please note that with regard to figure 3 as well as the corresponding explanation it has similarities with the regular management control cycle, which goes from the stipulation of organizational policy to shaping the organization, executing activities and finally evaluation and, if necessary, adjustment

of strategy. Therefore, it is suggested or even recommended that activities regarding the governance cycle as presented above and thereby reaching a state of control should be part of the regular organizational management cycle and thereby organizational, operational business (Driessen, Kamstra & Molenkamp, 2003, p. 3).

2.2.3 Housing corporations governance

Often theory on corporate governance is reflected on private organizations. Therefore, most theories and visions on the matter has been analyzed with these types of organizations in mind. Nevertheless, also for public companies governance is an important issue. The public sector does differ from the private sector on several important aspects. Without going into to much detail, most obvious distinction is that public organizations have to contribute to the welfare of general society.

They do this by realizing certain social goals and effects. As mentioned earlier, in other words, public companies do not have a profit maximizing strategy but focus on an optimal usage of available resources. Therefore, the objectives of public companies are mostly qualitative of nature. The realization of these qualitative objectives is harder to measure than most quantitative objectives set by private organizations. For instance, taking housing corporations into account; how well can the

wealth of living of housing corporations’ tenants be measured?

A second present distinction between public and private organizations is that in not only the market, but also by a large part political decisions determine the allocation of resources. This, but also the aspects mentioned in the previous paragraph have their impact on governance of public companies.

The Dutch Ministry of Finance (2000) defines governance therefore as: “the insurance of the mutual consistency of the manner of managing, controlling and monitoring of an organization, focused on efficient and effective realization of policy and communicating and justifying on that topic in an open fashion towards stakeholders” (Ministerie van Financiën, 2000, p. 6).

To sum up, the main difference with regard to public and private governance is that “private

23 organizations’ strategic direction, whereas “public governance” is more focused on realization of set policy and the communication and justification of this policy towards its stakeholders.

2.2.4 Conclusion / Summary

When discussing the necessity to be in control, topics as risk presence and mitigation, business process control and accountability are reviewed. Accounting scandals which occurred in recent years have triggered the necessity to become in control and letting the organizations’ environment know

that the applicable organization is in fact in control. Furthermore, legislation aiming at mandating certain organizational audits has been installed in order to ensure that accounting scandals will not occur.

The most renowned legislative act is the American Sarbanes-Oxley Act (SOx), which is aimed at

improving transparency, timeliness and the quality of financial reporting. Especially transparency towards organizations’ stakeholders is proved to be important in business collaboration. It is up to both business partners to show one another that they are in control with regard to their daily business processes. As a result of the demand for control, the creation of the Dutch Code Tabaksblat became a fact. Where SOx obliges certain risk assessments towards organizations quoted at the

United States Stock Exchange, the Code Tabaksblat uses the ‘comply or explain’ principle, meaning that the applicable organizations have a certain freedom in arranging the risk paragraph in their annual report.

As this paragraph handles the necessity to be in control, certain statements regarding being (or becoming) in control have been mentioned. Amongst others, it is essential to understand that

organizations need to be in control with regard to future operations and not with its past. Also, a thorough understanding of the organizations environment and upcoming changes is necessary. Furthermore, actually being in control should be able to be tested by means of auditing the organizations administrative system. With the presence of a sound administrative system and a

periodic screening of this system, solid reaction on present risks is possible. Due to the close link with corporate governance, behavior control has been discussed. As described, by controlling the

behavior of top management, the entire organization can be controlled and handled. This element of

control is an important one due to the necessity to follow preset organizational strategy. A second governance element is appliance of the presented governance cycle in the organizations’ regular

24

2.3 The requirements to be in control

This paragraph deals with the question when exactly an organization and more specifically a housing corporation is in control. That is, what is necessary to reach a state of being in control? In the

previous paragraph several statements on this question have already been made. Underneath I will elaborate on these statements as well as introduce a topic which has not been under discussion in the previous paragraph; that is risk management.

2.3.1 Management control

The first statement regarding the essentials to create a situation of being in control refers to

effective management control. Merchant & Van der Stede (2007) stated that without a solid management control system an organization should have enormous difficulties reaching a state of being in control. This is because in order to state that the organization is in control with regard to its operational business processes as well as in accordance with the overall chosen strategy, a sound system on internal control should be present. Internal control is what I would like to refer to as a

tool that adds a certain assurance regarding the way internal operations are organized. Assurance is provided with regard to reaching certain preset goals and operate in accordance to organizations’ strategy. Good internal control helps an organization to utilize its resources correctly and to monitor the organizations’ performance.

Driessen, Kamstra & Molenkamp (2003) already stated that it is wise to adopt regular control

screening or checks in the organizational management cycle and thereby the organizations’ operational business processes. This means that also the outcome of (internal) control checks (which are also often referred to as risk assessments) should be recorded in the organizations’ management control system. Thereupon the organization should take action when necessary in case of deviations. So, in short, the organization should have a sound MCS in which, amongst others, outcome

regarding the (internal) control checks are recorded.

2.3.2 Organizational control

According to Birnberg (1998) the focus of control systems has shifted from controlling the individual to controlling the entire organization. This change is due to the dynamic nature of the environment within which organizations nowadays exist (Birnberg, 1998, p. 27). Also, because of the various

25 control to organizational control became a fact. Important to realize here is that the role of communication is an important one, especially when control has to be exercised over different organizational departments. Furthermore, according to Simons (1991) the interdependencies between the organizations MCS and strategy needs to be emphasized. Simons (1991) found that by linking the organizations’ strategy to the nature of the organizations’ environment the present MCS

would take on different characteristics. These characteristics were related to the need for a fit between the organizational goals, strategy, environment and organizational activities (Birnberg, 1998, p. 28). So one can imagine that organizations in a public or a private sector can require a different arrangement of its MCS.

But not only the arrangement of the organizations’ MCS can differ; also the manner in which the organization achieves effective people control can be arranged in two different ways. First, the organization can seek employees which exactly fit the description for that particular function within the organization. Second, the organization can invest in a managerial system which instructs monitors and evaluates employees which do not exactly fit the function description (Ouchi, 1979, p

840). Again, one can imagine that a difference exist in the way a public organization selects its personnel in comparison to a private organization. Amongst others, this is due to the influence of the applicable market, the ambition of the specific employee as well as the environment in which the organization is located and to what extend governmental influence is applicable.

2.3.3 Risk control

The final form of control which will be discussed in this section is risk control. Control over

organizational risks is an important aspect of being in control. According to Hubbard (2003), risk assessments and resulting risk controls are both steps which are management’s responsibility to perform. During risk assessments, it is up to the organizations management to identify and analyze risks which could be present in the achievement of organizational objectives. Furthermore, these

assessments form the basis for the determination of how present risks should be managed. Please note that management is responsible for the measures to be taken in order to mitigate important risks on the basis of probability versus impact, but that it is up to auditors to actually evaluate the risk assessment process (Hubbard, 2003, p. 23).

As said, it is important to assess whether present risks can disturb the achievement of set

26 to become in control. Furthermore, not the discussion regarding the list of present risks is important, but the actual discussion regarding the implementation of control measures is the important factor. This is due to the fact that a better understanding of the objective of risk assessments is created when organization member discuss the possibilities to mitigate present risks. Hereby they increase their ability to deal with additional, unknown risks (Hubbard, 2003, p. 25).

Risks assessments are thus important activities in the process of becoming in control. Solomon, Solomon, Norton & Joseph (2000) relate risk assessments to frameworks for risk disclosure. They state that in order to perform thorough risk assessments or disclosure, a framework for risk disclosure needs to be present. This framework should at least stipulate the form and preference of

risk disclosure, meaning in which manner risks are reported (separate of grouped) and whether all risks should be reported with equal importance. Furthermore, level of risk disclosure is important as well as the environment in which disclosure is performed (Solomon, Solomon, Norton & Joseph, 2000, p. 447). So in short, what should be the basis for risk disclosure and how should risks and corresponding controls be reported.

2.3.4 Conclusion / Summary

As is described above three different basic forms of control are identified. These three types are management control, organizational control and risk control. Within these three basic forms of control, several elements have been mentioned which are a necessary requirement to become in control.

As already mentioned in the previous paragraph, a solid system of management control should be

present in order to control the organizations’ operational business processes. This has also been referred to as the presence of a system of internal control, which adds a certain assurance regarding the way internal operations are organized and preset goals are realized. It is wise to test periodically whether this assurance is still valid. This is done for instance by performing so called risk

assessments. Outcome of these (internal control) checks should be recorded in the organizations

management control system in order to be able to react on possible deviations in a correct manner.

Organizational control handles the way in which organizations are managed. Through time a shift has occurred from controlling the individual towards controlling the entire organization. This shift is due to the dynamic nature in which organizations move nowadays. Correct communication is

27 imperative that the applicable organization reacts correspondingly. In order to achieve a correct response, it is important that a fit is present between organizational goals, strategy, the environment

and organizational activities.

Also risk management mentions this final remark, that is, are certain risks present which can possible disturb the realization of organizational goals. In order to comment on this, performance of risk

assessments and risk disclosure are thus important and therefore it is said that a framework for risk

disclosure should always be present within the organization. This framework should at least state the

form and preference of disclosure.

2.4 In control statements

As defined earlier in this thesis an in control statement is a declaration from the Board of Directors in the form of a certificate concerning the quality of business and answers the question to which degree management controls their business processes (Driessen, Kamstra & Molenkamp, 2003, p. 1).

To my opinion three different aspects are important. These are “the declaration from the Board of Directors”, “the quality of business” and “control over business processes”. Before going into the content of these aspects, a short introduction of the current Dutch situation is in place.

2.4.1 The Dutch situation

After the implementation of the Dutch Code Tabaksblat a new element regarding the responsibility of the Board of Directors concerning the internal risk control systems a new element came into

effect namely the fact that in the annual report a declaration was to be provided stating the adequacy and effectiveness of the internal risk control system (Sanden, 2006). This declaration should state that management declares with reasonable assurance that the present control systems are adequate and effective with regard to operational and compliance risks. Fact of the matter is that providing such a declaration is still only mandatory for organizations quoted at the Dutch stock

exchange. Dutch organizations have relatively limited experience with in control statements. So, when discussing Dutch housing corporations, the option to record a statement regarding their in control situation is not necessary. Therefore it is also not possible to “punish” the housing corporations when they do not have an in control statement in their annual report. Nevertheless, it

28 again means that it is almost impossible to gain insight in all present risks. Therefore, no organization can provide full assurance regarding their control system.

2.4.2 A statement of what?

Important aspects are thus the fact that the organizations’ Board of Directors (or in limited cases the organizations’ management) declares that the organization is in control. This is an important aspect due to the fact that the organizational strategy and goals are set at the highest level of the

organization. Therefore, also only at this highest level something can be said regarding the effectiveness of goal accomplishment as well as the effectiveness of mitigation of present risks which could obstruct that organizational goals are reached. Furthermore, responsibility regarding being in control should only lie with organizational members which can actually influence the way

business processes are executed and which strategy should be followed. Again, this is the highest organizational leadership level; mostly the Board of Directors (Driessen, Kamstra & Molenkamp, 2003, p. 4-6).

Furthermore, the in control statement says something about the quality of business and the control over business processes. By this is last aspect the extend in which the organization has implemented

the correct control measures in order to mitigate the present operational as well as compliance risks is meant. When this is implemented correctly present organizational goals can be realized effectively and efficient and management will be informed timely in order to redirect when necessary (Driessen, Kamstra & Molenkamp, 2003, p. 3).

2.4.3 Embedding ICS in the management cycle

Ideally the in control statement is part of the regular management cycle. This has been stated earlier

in paragraph 2.2.2 where a link is present with the governance cycle of managing, controlling, justifying and monitoring. Driessen, Kamstra & Molenkamp (2003) mention the regular management cycle which contains the phases of policy formulation, organizational setting, activity performance and evaluation & adjustment. The in control statement should then be part of the evaluation phase, because at this stage an evaluation can be performed to what extend preset defined goals are

29 organizational member knows what to do in which situation. This of course in accordance with organizational strategy. In the next phase incorporation of the standards are a fact and activities are performed correspondingly. Finally, evaluation by management takes place.

By embedding the in control statement in the regular management cycle, the in control statement gets a cyclic character which ensures that enough and timely attention is provided to the installment

of the in control statement. Furthermore, due to the cyclic character the organizational improvement processes as well as the organizational learning abilities are supported and insight is gained is the pace in which organizational improvement is realized (Driessen, Kamstra & Molenkamp, 2003, p. 4).

2.4.4 ICS implementation

Implementing an in control statement framework in an organization, or better being able to provide an in control statement will not occur overnight. Driessen, Kamstra & Molenkamp (2003) use a phasing method which follows five different steps to introduce a new product or other phenomenon in an organization. This phasing could also be helpful to come to an in control statement. The five different phases are:

1. Initiation: The most ideal impulse for the introduction should be when top management indicates that it wants to spend more attention to control issues. Thereby it also indicates that it wants more assurance regarding the way formulated goals are met trough out various organizational levels. Furthermore, organization wide commitment and support for the ICS should be created at this stage.

2. Design: At this stage the first ideas regarding the ICS will be developed further. Beside the design of methodology which is in alignment with the current steer- and control methods, attention needs to be directed to manner in which the in control statement should be presented within the organization. Furthermore, a manager or control expert is appointed

who is responsible for a successful implementation.

30 4. Implementation: This phase starts with an official announcement by top management that the in control statement is about to be implemented. Important is that announcements are frequent, successes need to be present and communicated within the organization. It is of utmost importance that the ICS is fully compatible with the current organizational steer- and control methods.

5. Evaluation: Finally, after the first experiences have been gained an official date of feedback and evaluation needs to be appointed. At this stage checks can be performed whether the ICS adds targeted value. Issues can be discussed and how to deal with these issues in the future can be determined. And last but certainly not least results have to be handed over to

top management.

When the fives phases as stated above have been passed through, the implementation of the prerequisites of issuing an in control statement is a fact. Important to note is that implementation is dependant on the manner in which ICS conditions are recorded. Drawing up an in control statement framework is useful in mapping the most important preconditions and control measures necessary

to attest to the fact that the applicable organization is controlled well. The in control statement herewith offers a useful tool to give insight in the control measures which are necessary in order to realize predefined organizational goals. Furthermore, the framework shows the relationship between policy formulation and the corresponding accountability regarding the realization of this policy at different levels within the organization (Driessen, Kamstra & Molenkamp, 2003, p. 17).

2.4.5 Success and fail factors

The formation of an in control statement can only be successful when certain conditions are met. First of all, management needs to be convinced of the added value of the in control statement and has to sent this message into the organization. Only when enough commitment and support is created, the implementation of the ICS has a chance to succeed. Furthermore, the in control

statement provides a certain form of transparency towards organizational stakeholders. Also, when performing various self assessments, managers will become more aware of organizational goals and strategy and the manner in which these will be achieved. When an ICS is implemented in the regular management cycle a cyclic character will be obtained making sure that enough attention is provided to the demands of the in control statement. This cyclic character in turn makes it possible for

31 It is important that the different roles towards the implementation are clear and corresponding responsibilities match the roles. Furthermore, when communication regarding the implementation is too scarce, possibilities exist that employee commitment will be insufficient. Especially the role division between the organizational controller and the internal auditor is an important one. Finally, effectiveness of the ICS will be in accordance when top management also states that the

organization is not in control with regard to risk control and its operational business processes when this is the case. Added value therefore is only created when the in control statement is used in accordance with its purpose and not only as a legal objective (Driessen, Kamstra & Molenkamp, 2003, p. 18).

2.4.6 Conclusion / Summary

In conclusion an in control statement can be described as a declaration from the Board of Directors of an organization regarding the quality of business as well as the internal risk control system. Thereby a declaration is made that the present control systems are adequate and effective with regard to operational and compliance risks. Please note that in The Netherlands a declaration like this is still only mandatory for organizations quoted at the Dutch stock exchange. Therefore, for

instance Dutch housing corporations still do not necessarily need to declare anything regarding their control situation. Furthermore, theory has indicated that the responsibility for the issuance of an in control statement should lie there where influence on the daily business processes as well as organizational strategy can actually be exercised. This is at the highest organizational leadership level; mostly the organizations’ Board of Directors.

Ideally the issuance of an in control statement is embedded in the organizations’ regular management cycle. When this is the case, the in control statement gets a cyclic character which should ensure that enough and timely attention is provided to the issuance of the applicable statement. It should of course be clear that the installment of the necessities of issuing an in control

statement does not occur overnight. Ideally, the first impulse for introduction should be when the organizations’ top management acknowledges the advantages and necessity of an in control

statement. This stage is called the initiation phase. Thereupon the introduction follows the design

phase, the building phase and the implementation phase, whereupon the installment if the ICS is evaluated during the evaluation phase. At this final stage insight is provided in the added value of

32 Finally, as mentioned above, ICS implementation can only be successful when top management is convinced regarding the added value of an in control statement. When implemented correctly, an ICS can provide desired transparency towards stakeholders. Furthermore, awareness concerning organizational goals and strategy will be triggered during various risk assessments. On the other hand it should be clear that successful implementation can only be reached when different

33

3. Research methodology

A research typically consists of two components, that is, the conceptual design and the technical design. The technical design has already commenced and discusses how the research object should be approached and how the research itself should be conducted. Also insight is provided in the way

the research material is gathered. These final points will be addressed in the subsequent paragraphs.

3.1 Necessary data

As mentioned earlier in the paragraph 1.3.5. Research Design, this entire research consists of desk research. Desk research in the different forms that is. In chapter two, theory and elaboration on the necessity and requirements of being in control has been displayed. Thereby a link with general corporate governance is made as well as with corresponding theory. Furthermore, also the outcome

of being in control is discussed, that is, the possibility for housing corporations’ Board of Directors to issue an in control statement. Finally success and fail factors regarding the issuance of an in control statement have been discussed. General outcome of this chapter is that several different elements of (housing corporations) being in control have been identified. These different elements are either prerequisites for becoming in control, a shift in management focus (in time) or a difference in the

way, for instance, risk assessments are processed.

In order to elaborate on the contemporary state of Dutch housing corporations being in control or handling the in control topic, the annual reports of a selected group of Dutch housing corporations will be reviewed. The selection of housing corporations is made as follows. As mentioned earlier in this thesis, Deloitte has performed a research amongst ten different housing corporations regarding

the topic of being in control. Information regarding these particular housing corporations is public. In order to be able to comment on the manner in which these housing corporations have handled the topic of being in control, I will examine the annual reports of 2008 as well as 2009 of one of these housing corporations. In doing so, it is possible to conclude on whether the particular housing