During 2007 no material shortcomings were found in the internal structure for risk control. A brief explanatory description is given below of the main elements in this structure.

 

Policy principles and procedures These form the basis for the internal risk control structure and are drawn up centrally by the Board of Executive Directors of the Océ Group. All group companies must operate in accordance with these policy principles and procedures.
They include the following elements:

Océ policy principles The policy principles provide a high level indication of the objectives of the Océ Group, how these should be achieved and the ethical criteria that should be complied with. The Board of Executive Directors communicates these principles to all employees and ensures that they are adhered to. The Océ policy principles are reviewed at periodic intervals and amended where necessary.

Whistle blowing procedure In addition to the national legislation that is applicable to each individual group company, the Audit Committee has approved a group procedure that has been implemented world-wide. The aim of the procedure is to ensure that within the whole Océ Group any infringement of legislation and of existing policy, principles or procedures can be reported without the person making such report suffering any adverse consequences in his or her legal position. In the United States of America the procedure will again be brought to the attention of all employees at the beginning of 2008 to make sure that it operates effectively.

Code of ethics for senior financial officers This code is addressed to all members of the Board of Executive Directors and senior financial officers in the Océ Group and is aimed at emphasizing and promoting ethical and responsible behavior by this group of employees. The code is more detailed than the Océ policy principles and chiefly deals with the financial processes and reporting systems.

 

Strategic plans and budgeting process Strategic plans are drawn up for all parts of the Océ organization [operational and non-operational] and are converted into budgets. On a monthly basis the results actually achieved are evaluated in detail by the Strategic Business Units and the Board of Executive Directors and compared to the budgets.
Cash flow management is an important part of this process. In 2007 this was the focus of extra attention and a start was made on a Cash Conversion Cycle project aimed at reducing working capital. As regards working capital the company aims to become one of the best businesses in the industry.

 

Organization structure and authorization manual Within the organization the entire complex of tasks, responsibilities and powers is set out in the organization structure. The allocation of responsibilities and powers is laid down in detail in various authorization manuals. Océ ensures that employees are aware of the organization structure and the sections of the authorization manuals that are of relevance to them.

 

Information Manual [IM] This contains a detailed description of the guidelines for management reporting and external financial reporting. External financial reporting is based on IFRS guidelines.

 

Letter of Representation [LOR] All Managing Directors and Controllers of subsidiaries submit a detailed declaration every quarter. This declaration states, among other things, that the financial reporting is reliable and complies with the IM. In addition, several questions about potential risks are being answered specifically.
Any observations made in the LORs are reported to and discussed by the Board of Executive Directors and the Audit Committee. The issue of the LOR by the management of the subsidiaries is supported by a detailed risk analysis.

 

Governance / Compliance Although the termination of registration with the Securities and Exchange Commission in 2007 means that the American Sarbanes-Oxley Act 2002 is no longer applicable to Océ, the structure that existed for that purpose - now called Governance / Compliance - has been left intact.
As in previous years, this structure comprises a management assessment of the effective control of the financial reporting process. This management assessment is conducted within Océ by the management of the operating companies and group units designated for such purpose. The results of this assessment are reported to and evaluated by the Board of Executive Directors and the Audit Committee. The internal audit department participates in this evaluation.

 

Disclosure Committee [DC] The DC consists of the Group Controller [chairman], representatives of operational group companies, the Corporate Supply Centers, the Strategic Business Units and Océ corporate staff departments [Investor Relations, Corporate Strategy, Group Finance & Administration], the Company Secretary & Chief Legal Officer, the Chief Information Officer [CIO], the Corporate Risk Officer and the Group Internal Auditor.
The DC evaluates the findings of the in-depth risk analyses that are conducted by all operating companies. The results of this evaluation are initially reported to and discussed with the CEO and the CFO of Océ N.V. and are subsequently discussed by the Audit Committee.

 

Internal audits Within the framework of control mechanisms and assurance processes an audit plan is drawn up by the Group Internal Auditor each year. The internal audit plan is focused on the most important business processes and risks. The plan is discussed and approved by the Board of Executive Directors and the Audit Committee. The internal audits relate to financial reporting systems and the existence and proper functioning of operational policy and procedures. The internal control framework is largely evaluated as part of the activities of the internal auditors.
The internal auditors issue a formal report on the effectiveness of elements of the internal control framework. The findings of the internal auditors are discussed and agreed with the relevant management.
Subsequently the findings are discussed in the Internal Audit Committee and the Audit Committee.

 

Audit Committee [AC] The AC consists of two members of the Supervisory Board and takes care of the independent monitoring of the process of risk management on the basis of the supervisory role fulfilled by the Supervisory Board. The AC focuses on the quality of internal and external reporting, on the effectiveness of internal controls with regard to both manual and computerized processes and on the functioning of the external and internal auditors. The AC meets at least four times a year.
The relevant financial officers and the external and internal auditors are generally invited to attend these meetings. The AC holds periodic consultations with the external auditor and with the Group Internal Auditor at which no [other] Océ officers are present.

 

Internal Audit Committee [IAC] The IAC consists of the Board of Executive Directors, the operational Group Directors, the Company Secretary & Chief Legal Officer, the Group Controller and the Group Internal Auditor. The IAC concentrates on the structure of the internal control framework, on how it functions and on the implementation of the ‘key recommendations for risk reduction’ that result from the audits. The IAC also discusses specific accounting issues and monitors application of the IFRS guidelines.
In view of the size of the activities in the United States an Internal Controls Committee [ICC] operates there as an extension of the IAC. The members of the ICC are the CFO of Océ-USA Holding, Inc., the CEO of Océ North America, Inc., the Presidents of the principal operating companies, the General Counsel and the Internal Audit Director in the United States, as well as the CFO of Océ N.V. [who also chairs the ICC].

 

External audit The external auditors carry out the activities relating to the issue of an audit opinion on the annual financial statements. The external auditors focus on the financial reporting and take into consideration the systems that are intended to ensure reliable reporting. The external auditors report on any matters relating to internal control measures that have been identified during the auditing of the annual financial statements. The observations made by the external auditors are discussed in the Audit Committee.

 

 

In line with best practice provision II.1.4 of the Dutch Code and bearing in mind the recommendations of the Monitoring Committee Corporate Governance Code, Océ issues a declaration about the effectiveness of the system of internal control of the processes on which the financial reporting is based.
Océ’s system of internal controls is based on internationally accepted standards for corporate control, including those of COSO.
In 2007 the Board of Executive Directors assessed the effectiveness of the system of internal controls for financial reporting. During the investigation on which this assessment is based, no shortcomings were identified that might possibly have a material impact. On the basis of the results of the above assessment and the risk analyses that were carried out at Océ within the framework of Governance / Compliance, the Board of Executive Directors is of the opinion - after consulting with the Audit Committee and with the approval of the Supervisory Board - that the system of internal controls provides a reasonable degree of certainty that the financial reporting contains no inaccuracies of material importance. An inherent element in how people and organizations work together in a dynamic world is that systems of internal control can not provide an absolute degree [though they can provide a reasonable degree] of certainty as regards the prevention of material inaccuracies in the financial reporting, losses and fraud.

 

In view of the Board of Executive Directors the system of internal controls, focused on the financial reporting, functioned effectively over 2007. There are no indications that the system of internal controls will not function effectively in 2008.