De Nederlandse Corporate Governance Code

Monitoring Commissie Corporate Governance Code, 2016

Preambule

De Nederlandse corporate governance code (hierna: de Code) richt zich op de governance van beursgenoteerde vennootschappen en geeft een richtsnoer voor effectieve samenwerking en bestuur.

Governance gaat over besturen en beheersen, over verantwoordelijkheid en zeggenschap en over toezicht en verantwoording.

Het doel van de Code is het met of in relatie tot wet- en regelgeving bewerkstelligen van een deugdelijk en transparant stelsel van checks and balances binnen Nederlandse beursgenoteerde vennootschappen en het daartoe reguleren van de verhoudingen tussen het bestuur, de raad van commissarissen en de algemene vergadering/aandeelhouders.

Naleving van de Code draagt bij aan het vertrouwen in goed en verantwoord bestuur van vennootschappen en hun inbedding in de maatschappij.

De Code is voor het eerst vastgesteld in 2003 en eenmalig gewijzigd in 2008. Op verzoek van het Christelijk Nationaal Vakverbond, Eumedion, de Federatie Nederlandse Vakbeweging, Euronext NV, de Vereniging van Effectenbezitters, de Vereniging van Effecten Uitgevende Ondernemingen en de Vereniging VNO-NCW is de Code aangepast door de Monitoring Commissie Corporate Governance Code (hierna: de Commissie). Voortschrijdende ontwikkelingen, de tijdgeest en overlap met wetgeving zijn aanleiding geweest om de Code aan te passen. Onderhavige Code vervangt de Code uit 2008.

Reikwijdte

De Code is van toepassing op:

  • alle vennootschappen met statutaire zetel in Nederland waarvan de aandelen of certificaten van aandelen zijn toegelaten tot de handel op een gereglementeerde markt of een daarmee vergelijkbaar systeem; en
  • alle grote vennootschappen met statutaire zetel in Nederland (> € 500 miljoen balanswaarde) waarvan de aandelen of certificaten zijn toegelaten tot de handel op een multilaterale handelsfaciliteit of een daarmee vergelijkbaar systeem.

Voor de toepassing van de Code worden met houders van aandelen gelijk gesteld de houders van certificaten van aandelen die met medewerking van de vennootschap zijn uitgegeven. De Code is niet van toepassing op een beleggingsinstelling of instelling voor collectieve belegging in effecten die geen beheerder is in de zin van artikel 1:1 Wet op het financieel toezicht.

Inhoud van de Code
De Code bevat principes en best practice bepalingen die de verhouding reguleren tussen het bestuur, de raad van commissarissen en de algemene vergadering/aandeelhouders. De principes en bepalingen zijn gericht op de invulling van verantwoordelijkheden voor lange termijn waardecreatie, beheersing van risico’s, effectief bestuur en toezicht, beloningen en de relatie met (de algemene vergadering van) aandeelhouders en stakeholders.

De principes kunnen worden opgevat als breed gedragen algemene opvattingen over goede corporate governance. De principes zijn uitgewerkt in best practice bepalingen. Deze bepalingen bevatten normen voor het gedrag van bestuurders, commissarissen en aandeelhouders. Zij geven de ‘best practice’ weer en zijn een invulling van de algemene beginselen van goede corporate governance. Vennootschappen kunnen hiervan gemotiveerd afwijken. De voorwaarden voor afwijking worden hierna onder ‘Naleving van de Code’ toegelicht.

De verhouding tussen de vennootschap en haar werknemers (-vertegenwoordigers) is bij wet geregeld. In de Code komt deze verhouding aan bod in bepalingen die betrekking hebben op cultuur en de contacten tussen de raad van commissarissen en het medezeggenschapsorgaan.

De Nederlandse Corporate Governance Code 2016

COSO Enterprise Risk Management

Integrating with Strategy and Performance, June 2017

This project was commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on internal control, enterprise risk management, and fraud deterrence designed to improve organi- zational performance and oversight and to reduce the extent of fraud in organizations.

Foreword

“In keeping with its overall mission, the COSO Board commissioned and published in 2004 Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period, the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting. This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.

The updated document, now titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. The first part of the updated publication offers a perspective on current and evolving concepts and applications of enterprise risk management. The second part, the Framework, is organized into five easy-to-understand components that accommodate different viewpoints and operating structures, and enhance strategies and decision-making. In short, this update:

  • Provides greater insight into the value of enterprise risk management when setting and carrying out strategy.
  • Enhances alignment between performance and enterprise risk management to improve the setting of performance targets and understanding the impact of risk on performance.
  • Accommodates expectations for governance and oversight.
  • Recognizes the globalization of markets and operations and the need to apply a common, albeit tailored, approach across geographies.
  • Presents new ways to view risk to setting and achieving objectives in the context of greater business complexity.
  • Expands reporting to address expectations for greater stakeholder transparency.
  • Accommodates evolving technologies and the proliferation of data and analytics in sup- porting decision-making.

The figure illustrates the framework considerations in the context of mission, vision, core values, and as a driver of an entity’s overall direction and performance.

Sets out core definitions, components, and principles for all levels of management involved in designing, implementing, and conducting enterprise risk management practices.

Readers may also wish to consult a complementary publication, COSO’s Internal Control— Integrated Framework. The two publications are distinct and have different focuses; neither supersedes the other. However, they do connect. Internal Control—Integrated Framework encompasses internal control, which is referenced in part in this updated publication, and therefore the earlier document remains viable and suitable for designing, implementing, conducting, and assessing internal control, and for consequent reporting.

The COSO Board would like to thank PwC for its significant contributions in developing Enterprise Risk Management—Integrating with Strategy and Performance. Their full consideration of input provided by many stakeholders and their insight were instrumental in ensuring that the strengths of the original publication have been preserved, and that text has been clarified or expanded where it was deemed helpful to do so. The COSO Board and PwC together would also like to thank the Advisory Council and Observers for their contributions in reviewing and providing feedback.”

Robert B. Hirth Jr. (COSO Chair) and Dennis L. Chesley (PwC Project Lead Partner and Global and APA Risk and Regulatory Leader)

2017 COSO ERM: Integrating with Strategy and Performance (Executive-Summary)

The IIA’S Three Lines Model

The Institute of Internal Auditors, 2020

Organizations are human undertakings, operating in an increasingly uncertain, complex, interconnected, and volatile world. They often have multiple stakeholders with diverse, changeable, and sometimes competing interests. Stakeholders entrust organizational oversight to a governing body, which in turn delegates resources and authority to management to take appropriate actions, including managing risk.

For these reasons and more, organizations need effective structures and processes to enable the achievement of objectives, while supporting strong governance and risk management. As the governing body receives reports from management on activities, outcomes, and forecasts, both the governing body and management rely on internal audit to provide independent, objective assurance and advice on all matters and to promote and facilitate innovation and improvement. The governing body is ultimately accountable for governance, which is achieved through the actions and behaviors of the governing body as well as management and internal audit.

The IIA’s Three Lines Model

The Three Lines Model helps organizations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management. The model applies to all organizations and is optimized by:

  • Adopting a principles-based approach and adapting the model to suit organizational objectives and circumstances.
  • Focusing on the contribution risk management makes to achieving objectives and creating value, as well as to matters of “defense” and protecting value.
  • Clearly understanding the roles and responsibilities represented in the model and the relationships among them.
  • Implementing measures to ensure activities and objectives are aligned with the prioritized interests of stakeholders.

Principle are formulated related to:

  • Governance.
  • Governing body rules.
  • Management and first and second line roles.
  • Third line roles.
  • Third line independence.
  • Creating and protecting value.

Three-Lines-Model-Updated