Entity Risk Management Program Q3 2007 & 2008

September 12, 2007

Corporate Accounting & Internal ControlBernard van OostGijsbert Visser

2

Agenda

▀ Why risk management?

▀ Responsibilities

▀ What is expected from you?

▀ Best Learnings from 06/07

▀ Risk Management program Q3-07 & 2008

▀ Appendix: methodology and best practices

3

Why Risk Management?

▀ Desire to understand our business, no surprises

▀ Manage entity risks with your management team

▀ Identify: What can go wrong and Threats realising your strategic and operational objectives

▀ Ensure responsive actions in place or get support

▀ Also Corporate Governance, compliance

4

Responsibilities

▀ Managing Director and his Management Team

▀ Key driver = Local Finance & Control function ▀ Report via Risk Template▀ With details on risks, impact and actions▀ Key contact to CA&IC

▀ Presidents & VP Divisions act as reviewer

▀ CA&IC = main contact, monitoring and reporting to Divisions, Ex. Board and Supervisory Board

5

What is expected from you?

▀ Risks on agenda of Local MT¹

▀ Risks on agenda Divisional review visits

▀ Risk Template is the reporting tool

▀ Quarterly update Risk Template to CA&IC

¹ Appendix: Methodology and Best Practices

6

Best Learnings from 06/07

▀ Risks needs to be discussed and agreed by the whole MT

▀ Risks too generic or not customised to the local situation:▀ What can go wrong when rolling out your local plans and impact

local objectives or organisation; ▀ E.g. Important contracts, single distributors, local legislation,

marketing, IT systems, turn around of staff, etc…

▀ Certain risks e.g. QFS are covered by central HQ functions

▀ Think about the potential impact

▀ No adequate or SMART action plan in place

▀ Improve alignment / support with Divisions

▀ Similar risks between countries

7

Quarterly update Risk Template Report on new risks, actions, progress and achievements Due dates Updated Risk Template:

Q3 = 28 September Q4 = 30 November Q1 = 28th February Q2 = 31 May

Risks Template part of Divisional review meetings

Quarterly review of Risk Template by IAD / Divisions

Quarterly update to CFO and Supervisory Board

RM Program Q3-07 & 2008

How to map your local risks

Methodology & Best practices

Appendix

9

Risk’s originate companies profits…

“Risk is good. The point of risk management is not to eliminate it. That would eliminate reward. The point is to manage it. That is, to choose where to place bets and where to avoid betting altogether”

Th. A. Stewart, ‘Managing Risk in the 21st Century’

10

Ernst & Young RiskUniverse™

… only manage Risks which really matters to you ! … only manage Risks which really matters to you !

Risk universe never ends….

11

Event identification

▀ Internal factors▀ Infrastructure▀ Organisation (employees)▀ Processes (procedures)▀ Technology

▀ External factors▀ Economics▀ Environmental▀ Politics▀ Social (demographic)▀ Technology

▀ Event is an incident or due to internal or external facts that might effect the strategy implementation or objectives of the unit.

12

Business objectives and

AOP Plan

Negative Risk assessment

Event identification Action plan

Response /

Action plan

Internal factors

External factors

EVENT

Impact Likelihood

Positive Opportunity

and

13

MT Meetings on Risks

• Each function presents their top 4 risks

• In a MT meeting these risks will be shared with the whole MT

• Discuss the risks, what are the top 4 local entity risks? ▀ Consider Impact & Likelihood▀ Consider Internal and external risks

• Agree on top 4 entity risks

• Agree on risk response strategy: • Accept, Transfer, Eliminate or Control?

• Determine action plan per risk and organise ownership

• Follow-up meetings to report on progress, action plan and risks

14

How to explain Impact

▀ Substantiate the risk in €, in one of the following: ▀ € NSV, € Operating Result, € EBITA;▀ € WC, € Equity, € Debtors etc……

Or

▀ Qualitative explanation of the risk impact e.g.▀ Reputation is on risk▀ Business interruption▀ Compliance with local regulations▀ Compliance with corporate policies

15

Action Plan

• Define SMART Actions • Specific, Measurable, Aligned, Realistic, Timely

• Develop detailed action plan:▀ What is objective▀ Who executes, owner action plan ▀ Which needs to achieve goals ▀ When, detailed timing / milestones

▀ Ensure progress on actions and report achievements

16

Q&A

If you have any further questions or recommendations please do not hesitate to contact us atConsolidation-department@numico.com

Bernard van Oost: + 31 20 456 9285Bernard.vanoost@numico.comorGijsbert Visser:    + 31 20 456 9201Gijsbert.visser@numico.com