•   Contact

Home Governance Risk management Risk management and internal control

Risk management and internal control

We strive to reduce the likelihood of errors, wrong decisions and surprises due to unforeseen circumstances as much as possible. However, there are no guarantees, and we cannot exclude the possibility of being exposed to risks of which we are currently unaware, or which may not yet be considered important at this time. No risk management or internal control system can provide an absolute safeguard against failure to achieve corporate objectives, nor fully prevent any possible loss, fraud or breach of rules and regulations. To name one example, Schiphol is particularly susceptible to adverse weather conditions and other natural phenomena; we simply cannot prevent or influence these. We can, however, ensure that the consequences remain as limited as possible.

To ensure effective risk management and internal control, we use a range of coordinated instruments:

  • Our risk management system identifies, analyses and monitors strategic, operational, financial and compliance-related risks;
  • Line managers (responsible for the implementation of risk management) report on their activities twice a year to their directors, who in turn report to the Risk & Compliance Committee;
  • Risk management is a fixed aspect within our monthly planning and control cycle;
  • Procedures and accounting policies are described in detail in manuals;
  • We use a tax control framework to control fiscal risks;
  • Multiple quality management systems, such as environmental and safety management systems;
  • Continuous security monitoring by government authorities through audits and inspections, periodic discussion in the Policy and Enforcement consultation, a security company escalation ladder for assessing tasks, as well as overall inspection by the European Union;
  • Chaired by the President and CEO, the Schiphol Group Management Team meets four times a year to discuss integral progress and results related to safety, the environment, people and society;
  • We impose codes of conduct and have whistle-blower and anti-fraud regulations;
  • Periodic consultation takes place between the Chief Financial Officer and the operational and commercial directors and their controllers on the results of audits conducted by external and internal auditors;
  • Assessment of risk management procedures by the internal and external auditors;
  • Follow-up of the recommendations contained in the external auditor’s management letter;
  • The business area management teams report to the Management Board at least once a month.

The Management Board reports on and accounts for the risk management and internal control system to the Supervisory Board, following discussion in the Supervisory Board’s Audit Committee.

In light of the above, we believe that risk management and internal control systems provide a reasonable degree of assurance concerning financial reporting risks, and that the financial reporting does not contain any material misstatements.

The Management Board declares that, to the best of its knowledge:

  • the financial statements give a true and fair view of the financial assets, liabilities, financial position and profits of Schiphol Group as well as the combined consolidated enterprises;
  • the annual report gives a true and fair view of the situation on the balance sheet date and of developments over the course of the financial year; and
  • the principal risks facing Schiphol Group are described in this annual report.