Internal control and risk management systems

Internal control and risk management systems in relation to the preparation of the consolidated financial statements

The following description of Bekaert’s internal control and risk management systems is based on the Internal Control Integrated Framework (1992) and the Enterprise Risk Management Framework (2004) published by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”).

Control environment

The accounting and control organization consists of three levels: (i) the accounting team in the different legal entities or shared service centers, responsible for the preparation and reporting of the financial information, (ii) the controllers at the different levels in the organization (such as plant and segment), responsible inter alia for the review of the financial information in their area of responsibility, and (iii) the Group Control Department, responsible for the final review of the financial information of the different legal entities and for the preparation of the consolidated financial statements.

Next to the structured controls outlined above, the Internal Audit Department conducts a risk based audit program to validate the internal control effectiveness in the different processes at legal entity level to assure a reliable financial reporting.

Bekaert’s consolidated financial statements are prepared in accordance with the International Financial Reporting Standards (IFRS) which have been endorsed by the European Union. These financial statements are also in compliance with the IFRS as issued by the International Accounting Standards Board.

All IFRS accounting principles, guidelines and interpretations, to be applied by all legal entities, are grouped in the IFRS manual, which is available on the Bekaert intranet to all employees involved in financial reporting. Such manual is regularly updated by Group Control in case of relevant changes in IFRS, or interpretations thereof, and the users are informed of any such changes. IFRS trainings take place in the different regions when deemed necessary or appropriate.

The vast majority of the Group companies use Bekaert’s global enterprise resource planning (“ERP”) system, and the accounting transactions are registered in a common operating chart of accounts, whereby accounting manuals describe the standard way of booking of the most relevant transactions.

Bekaert has deployed in the majority of the Group companies a global ERP system platform to support the efficient processing of business transactions and provide its management with transparent and reliable management information to monitor, control and direct its business operations.

The provision of information technology services to run, maintain and develop those systems is to a large extent outsourced to professional IT service delivery organizations which are directed and controlled through appropriate IT governance structures and monitored on their delivery performance through comprehensive service level agreements.

Together with its IT providers, Bekaert has implemented adequate management processes to assure that appropriate measures are taken on a daily basis to sustain the performance, availability and integrity of its IT systems. At regular intervals the adequacy of those procedures is reviewed and audited and where needed further optimized.

Proper assignment of responsibilities, and coordination between the pertinent departments, assures an efficient and timely communication process of periodic financial information to the market. In the first and third quarters a trading update is released, whereas at midyear and yearend all relevant financial information is disclosed. Prior to the external reporting, the sales and financial information is subject to (i) the appropriate controls by the above-mentioned control organization, (ii) review by the Audit and Finance Committee , and (iii) approval by the Board of Directors of the Company.

The Board of Directors and the Bekaert Group Executive have approved the Bekaert Code of Conduct, which was first issued on 1 December 2004 and updated on 1 March 2009. The Code of Conduct sets forth the Bekaert mission and beliefs as well as the basic principles of how Bekaert wants to do business. Implementation of the Code of Conduct is mandatory for all companies of the Group. The Code of Conduct is included in the Bekaert Charter as Appendix 3 and available at www.bekaert.com.

More detailed policies and guidelines are developed as considered necessary to ensure consistent implementation of the Code of Conduct throughout the Group.

Bekaert’s internal control framework consists of a set of group policies for the main business processes, which applies Group-wide. Bekaert has different tools in place to constantly monitor the effectiveness and efficiency of the design and the operation of the internal control framework. A mandatory training on internal control is organized for all new employees and a self-assessment tool is in place allowing management teams to evaluate themselves on the internal control status. The Internal Audit Department monitors the internal control situation based on the global framework and reports to the Audit and Finance Committee at each of its meetings.

The Bekaert Group Executive regularly evaluates the Group’s exposure to risk, its potential financial impact and the actions required to monitor and control the exposure.

At the request of the Board of Directors and the Audit and Finance Committee management has developed a permanent global enterprise risk management (“ERM”) framework to assist the Group in managing uncertainty in Bekaert’s value creation process on an explicit basis. The framework consists of the identification, assessment and prioritization of the major risks confronting Bekaert, and of the continuous reporting and monitoring of those major risks (including the development and implementation of risk mitigation plans).

The risks are identified in five risk categories: strategic, operational, legal, financial and country risks.
The identified risks are classified on two axes: probability and impact or consequence. Decisions are taken and action plans defined to mitigate the identified risks. Also the risk sensitivity evolution (decrease, increase, stable) is measured to address the effectiveness of the action implementation and potential risk context changes.