In control and responsibility statement
The Management Board is responsible for TomTom's risk management and internal control systems. The Management Board believes that the company maintains an adequate and effective system of risk management and internal control that complies with the requirements of the Dutch Corporate Governance Code (the Code).
The internal control systems are designed to manage, rather than eliminate, the risk that we fail to achieve our business objectives and can provide reasonable, but not absolute, assurance against financial loss or material misstatements in the financial statements.
The Management Board reviews the effectiveness of TomTom's systems of internal control relative to strategic, financial, operational and compliance risks and discusses risk management and internal controls with the Audit Committee on at least a quarterly basis.
TomTom embeds risk management in its strategic business planning. A top-down approach is followed in which management identifies the major risks that could affect the company's business objectives - and assesses the effectiveness of the processes and internal controls in place to manage and mitigate these risks. For an overview of our most important business risks, please refer to the Business Risks section. Assurance on the effectiveness of controls is obtained through management reviews, monitoring control dashboards, control self-assessments, internal audits and testing of certain aspects of our internal financial control systems by the external auditors during their annual audit.
This, however, does not imply that certainty as to the realisation of our business and financial objectives can be provided, nor can the approach taken by the company to internal control over financial reporting be expected to prevent or detect all misstatements, errors, fraud or violation of law or regulations.
- Clearly defined lines of accountability and delegation of authority are in place, together with comprehensive reporting and analysis against approved budgets;
- A financial shared service centre with a centralised ERP environment which allows us to monitor our business throughout all regions and apply a consistent level of control;
- Operating risk is minimised by ensuring that the appropriate infrastructure, controls, systems and people are in place throughout the business;
- An organisational design is in place that supports business objectives and a culture that encourages open and transparent communication;
- Centralised Treasury operations manage cash balances and exposure to credit default and currency risks through treasury policies, risk limits and monitoring procedures; and
- A Code of Conduct is accessible to all staff via the intranet, which includes whistleblowing facilities.
- Commitments and expenditures are appropriately authorised by the Management Board;
- Records are maintained which accurately and fairly reflect transactions;
- Any unauthorised acquisition, use or disposal of the company's assets that could have a material effect on the Financial Statements are detected on a timely basis;
- Transactions are recorded as required to permit the preparation of financial statements; and
- Reporting of the financial statements is done in compliance with IFRS.
The Management Board believes, based on the activities performed in 2014 and in accordance with best practice provision II.1.5 of the Code, that the risk management and control systems with regard to the financial reporting risks have functioned effectively in 2014, and that the risk management and control systems provide a reasonable assurance that the 2014 financial statements do not contain any errors of material importance.
- The Management Board Report includes a fair review of the development and performance of the business and the position of the company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that the company faces.
Amsterdam, 12 February 2015