Risk framework
To make sure we can recognise and manage all possible risks in time - and to take advantage of opportunities - we have established and implemented procedures and measures at every level of our organisation. We have placed responsibility for compliance with these procedures across the breadth of the organisation. The Executive Board creates the frameworks and provides the resources, and is also responsible for the overarching risks at Heijmans group level. Our risk management system is based on the COSO ERM framework, in which project-related risk management is the common thread.
Our internal control system is top-down and includes control measures at the strategic, tactical and operational levels of our organisation. Based on the framework, Heijmans has mapped out how all the components of the COSO ERM framework are embedded in the organisation in the first, second and third lines. We call this the Heijmans GRC model.
Culture and risk awareness
Heijmans believes that the culture of the organisation is a significant factor in the management of risks. Due to risks inherent in projects, they entail a certain degree of unpredictability that cannot be entirely mitigated by guidelines and procedures alone. This requires a certain level of flexibility and an open/transparent and action-oriented culture in which people show sufficient ownership to identify and discuss and solve any problems that may arise in a timely manner. The example set by management is crucial in this respect, as is calling each other to account for failing to comply with agreements, but also pointing out things that are going well or not going well. By giving training courses that incorporate conduct and culture-related elements, such as the Heijmans Code of Conduct, the Business Integrity programme and the GO! Compass, we make clear to our employees what behaviour we expect of them and what behaviour we find unacceptable.
Procedural measures
Management across the company is bound by clear frameworks regarding representation and decision-making.
Important aspects within the control framework are:
Management regulations and instructions for the management of the operating companies/business units, focusing on authorisations, project acquisition, entering into investment commitments and reporting and accountability obligations.
Conduct-oriented instruments such as the Heijmans Code of Conduct, the GO! Compass and the Transaction Register at Heijmans Property development.
An accounting manual with regulations for internal and external financial reporting and related procedures.
Business process systems for the primary and secondary processes of the infrastructure, construction and property development activities, aimed at the uniformity of processes across the group and the sharing of best practices.
Register of statements as an additional guarantee of integrity for senior management and specific positions. This includes Certificates of Good Conduct and Certificates of Judicial Background.
Audit programme aimed at compliance with control measures in the context of project-specific risks and the controls aimed at organisation-wide business process risks.
Internal guidelines
The Executive Board determines the operational parameters of the directors and management of the business areas. The authorisations related to project acquisition, entering into investment commitments and reporting and accountability obligations are embedded in management regulations and instructions to the management of the business areas:
Rules for internal and external financial reporting are laid down in the Accounting Manual, including related procedures such as the procedure for investments and entering into joint ventures with other parties.
Tender guidelines, tender board, go/no-go process for tenders in project risk category 2 and 3 and all project risk category 3 tenders subject to authorisation by the Executive Board. For each project risk category 3 tender, Heijmans conducts an independent risk review under the guidance of the Chief Risk Officer and this is reported to the Executive Board.
The business process systems include descriptions of primary and secondary processes of construction and property development activities, including risk management systems, which are used to identify and control project-related risks. This promotes uniformity of processes across the entire group. The Heijmans-wide SAP-based ERP platform is making an ever greater contribution to this uniformity.
Planning and control cycle
The Executive Board meets regularly with the management of the business areas and project management, and on an ad-hoc basis if this is deemed necessary. In these meetings, they review developments in relevant markets, financial progress relative to budget, the financial and operational progress of projects, short and long-term opportunities and risks, and safety, among other things, on the basis of monthly and quarterly reports. For projects in progress with a high risk profile (especially project risk category 3), the Executive Board, CRO and the managements of the business areas hold separate regular project reviews with the business areas, in the presence of the project management involved. The status of sales and options at Property development is reported weekly.
Liquidity and solvency is monitored through:
Active monitoring of liquidity development based on daily and weekly cash reports and 13-week rolling forecasts.
Specific ‘Cash themes’ to keep the focus on cash and working capital management continuously up to date.
in the Go / No Go criteria of new projects and monitoring of existing projects, the emphasis is on effective financing schedules.
Periodic recalculations of stress cases, always stating additional management measures to ensure cash headroom.
Conservative approach when determining the deferred tax position, goodwill and the value of development positions.
A guarantee policy with preconditions regarding types of guarantee, terms, amounts to be guaranteed, etc.
Good agreements with and information flows to other financial stakeholders. In addition, we regularly check the creditworthiness of partners, debtors and creditors. When the credit score is below standard, we request additional collateral.