Annual Report 2020

Risk management system and governance

Risk Management plays an important role in implementing GrandVision’s strategy. Our Risk Management and Internal Control Framework are based on the COSO1 Enterprise Risk Management Framework, which are in line with the Dutch Corporate Governance Code. The Framework combines an effective and professional organization with a risk profile that GrandVision is willing to accept for the business. Additionally, Risk Management and Internal Controls significantly contribute to the prompt identification and adequate management of strategic, market and business risks. They also enable us to achieve operational and financial goals and comply with applicable legislations and regulations.

Our Management Board, under the supervision of our Supervisory Board, is ultimately responsible for GrandVision’s Risk Management and Internal Control Framework. The Management Board performs oversight by setting the desired 'tone from the top,' establishing risk appetite and risk strategy, and making decisions to identify, analyze or mitigate risks.

Business unit management teams implement our business strategy, achieve results, identify underlying opportunities and risks, and ensure effective controls. They form the first line of defense as risk owners. GrandVision has developed a comprehensive Internal Control Framework with a minimum set of internal control standards that all business units must comply with. The quality of internal control performance is also an integral part of management incentive schemes at country or business unit levels.

In order to detect control issues and proactively support the country management teams in solving underlying root causes, both internal and external resources are established at a group level. GrandVision country management teams act in accordance with policies and standards set by our Management Board. Global functional teams design and monitor these issues and are responsible for compliance, control and risk management, which form the second line of defense in the Framework.

GrandVision’s management of our independent Internal Audit function is partly outsourced to an international audit firm, which forms the third line of defense and assures and validates the overall Framework.

GrandVision's Internal Control Framework

1 For more information visit