Risk Management and Internal Control Systems
Introduction
Corio manages its operations from a holding company that is managed by the Management Board and which encompasses the following functions: Investor Relations, Public Relations, Strategy & Asset Allocation, Treasury, Finance & Control, Legal & Compliance, Information Management, Tax, Risk Management and Human Resources.
The operations are managed primarily by five business units, which are directly linked to the countries and regions in which Corio is active. These business units are responsible for all operational functions within their individual areas of activity. Corio is therefore a highly decentralized organization that can respond quickly and properly to changing market circumstances, seize opportunities and identify risks at an early stage. Operations are structured according to local conditions and insights. As all management is done in house, market information can be acted upon quickly before being filtered. This concerns the primary processes such as purchases and sales, development, letting and shopping centre management and supporting processes. The management of the business units monitors the effectiveness and efficiency of these processes. Monthly KPI and quarterly reports, closing the quarter and forecasting for the remainder of the year, are produced for the holding company. These reports are based on an approved annual budget, approved investment proposals and comply with the accounting manual.
Risk Assessment
Corio has a structured, pro-active risk management system. A risk and control framework has been developed, based on the guidance of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This framework focuses on material strategic, operational, compliance and financial reporting risks. Using this framework, the business units and the holding company go through a systematic process of identifying and evaluating risks and controls and, where necessary, improving the way in which risks are managed. Each year, business unit management signs a letter of representation. In addition to financial reporting statements, the letter of representation contains statements regarding risk management, corporate social responsibility, integrity and compliance with the code of conduct, accounting manual, statutory provisions and other rules and regulations. A joint letter of representation is issued by the aforementioned holding company functions as well. The above processes make the risks and the areas requiring improvement in the internal control systems transparent. It is, however, always possible for circumstances to arise in which unidentified risks become apparent or in which the impact of identified risks becomes greater than originally estimated.
Every year, the strategy is evaluated by the Management Board in consultation with the Supervisory Board and adjusted where necessary. Decisions are taken on the basis of the strategy and are approved by the Management Board. Special cases, as laid down in the Management Board rules, require the approval of the Supervisory Board. Minutes are made of all decisions taken by the Management Board and Supervisory Board.
Based on defined strategic pillars that reflect Corio’s risk appetite, opportunities and important business risks are identified and corporate objectives and strategy are evaluated and adjusted as required. A description of Corio’s environment, market developments, their impact on strategy and the way in which Corio is responding to them is contained in a separate section on strategy in this annual report. Information on the financing structure and key ratios is provided in the Report of the Management Board. The table below outlines the principal risks and the key controls implemented to manage these risks. The risk management section on the Corio website provides a more detailed overview of risks related to, for example, asset & property management, financing, information management and compliance.
| Risk |
Key controls |
| Liquidity and (re)financing risk |
Periodic reporting on the financing structure and key ratios based on financing policy |
|
|
Monitoring of headroom and leverage |
|
|
Cashflow forecasting |
|
|
Cash pool system |
|
|
Ongoing portfolio and pipeline management |
|
|
Continuous stress testing covenants against the relevant variables |
| Investment, disposal and (re)development risks |
|
|
|
Proposals for all investments, (re)developments and disposals including sensitivity analysis |
|
|
Quarterly reports based on annual budgets and approved investment proposals, including forecasting |
| Tenant credit risk |
Tenant screening on creditworthiness |
|
|
Obtaining deposits or guarantees |
|
|
Aging analysis and follow-up |
| Tax risk |
Ongoing monitoring of compliance with local tax regimes and tax-exempt status |
|
|
Reporting and monitoring of tax positions |
| Fraud and misstatements |
Setting the tone and culture |
|
|
Implemented control framework including segregation of duties, access controls and dual payment signatories procedures |
| Environmental and social risks |
CSR policy, target setting and periodic reporting |
|
|
CSR committees on both BU and Group level |
|
|
Partnerships, event organization and frequent contact with local communities and stakeholders |
| Ethics and integrity |
Code of Conduct |
|
|
Employee screening |
|
|
Contract party screening |
|
|
Whistleblowers Policy |
During 2009 a strategic project with a 5-7 year horizon was started with the objective of establishing a clear view on the ideal future IT structure for Corio. Based on the conclusions of this project and given the expiring agreement with a current real estate management system supplier, a system selection process has been initiated. The business units will implement their system locally in order to align it with local business requirements. The business units, supported by the centralized Information Management department, are responsible for an efficient and effective implementation. An overall steering committee monitors the business unit’s progress, costs against approved budgets and ensures that the outcomes remain in line with the conclusions of the strategic project. The project will be phased in at the various business units and not introduced simultaneously, in order to enable the sharing of best practices.
Source: Annual Report 2009, Chapter Corporate governance, page 80 (PDF, 66 kB)
Add to My report