Overleg tussen 2 Ordina medewerkers

Internal controls

Internal governance is a high priority for Ordina. We continuously assess and further professionalise this governance. We devote systematic attention to our governance structure, processes, systems and controls.

Our internal governance comprises the following building blocks:

  • Strategy development;
  • Analysis of results, forecasts and internal reporting cycles;
  • Transparent organisation;
  • Transparent process for dealing with incidents;
  • Project controls;
  • Control self-assessment and audits

Strategy development

Ordina scrutinises its strategy and the related targets and ambitions on an annual basis. Where necessary, we make adjustments based on market developments and the opportunities and threats we have identified. We conduct a strengths and weaknesses analysis and a strategic risk assessment to identify any potential need for any adjustment. This is the responsibility of the Management Board. The Board also discusses Ordina’s strategic direction extensively with the Supervisory Board at least once a year.

Ordina’s overall strategic targets and the various divisions’ contributions to achieving one or more of those targets serve as the basis for our business plans and long-term plans. The long-term plan is based on estimates of the assumed market developments in the Netherlands and Belgium/Luxembourg.

The business plan includes a financial budget per business unit. On top of this, it includes concrete business targets that have been translated into several Key Performance Indicators (KPIs), which we monitor for progress continuously throughout the year. In addition, Ordina uses the OGSM (Objective, Goals, Strategies and Measures) method to translate our goals and ambitions into concrete and measurable actions and to monitor the progress.

Man luistert aandachtig

Analysis of results, forecasts and internal reporting cycle

We analyse the financial results of the business units and their forecasts on a monthly basis, both at local and at corporate level. This analysis also includes newly identified risks, as a complement to the risk assessment in the budget phase. We translate any risks that have been identified into measures. The management subsequently reports periodically on the results of these measures.

The management and the business controllers of the various business units submit monthly written progress reports. They report to the Management Board on the status of the targets defined in their business plan, the related KPIs and financial performance and related risks. Based on these reports, we hold monthly review meetings to discuss at the very least the following subjects:

  • actions agreed upon during prior reviews;
  • relevant commercial developments;
  • significant client developments;
  • the financial performance over the past month and updated forecasts;
  • progress in terms of the risks identified;
  • turnover and recruitment of staff;
  • progress and risks in the execution of key contracts.

Transparent organisation

At Ordina, we have formalised processes, responsibilities and mandates, the division of tasks, policies and guidelines, administrative requirements and controls within the company in a clear and accessible manner in the Business Management Framework (BMF), in combination with our Risk Control Framework.

The business unit management is responsible for the correct application of processes and systems. Business control supports the management in the application and continued development and professionalisation of the management system as a risk management tool.

The Legal & Risk Management department monitors the correlation of the management system with Ordina’s goals right across the Ordina organisation. Our management system is an integrated system, incorporating the requirements for quality (ISO 9001), business operations (AO), the environment (ISO 14001), sustainability and CSR (ISO 26000) and data security (ISO 27001) set by international norms and laws and regulations. Ordina is assessed externally by an independent certified body for compliance with these norms and standards.

Ordina’s financial administration runs on SAP, which is the primary system for the administration and business operations in the Ordina organisation.

The continued optimisation and concretisation of the operational management remained on schedule in 2017. In the year under review, Ordina also met the requirements for a level 5 certification in the CO2 Performance Ladder and achieved FIRA silver level in the Netherlands and EcoVadid gold level in Belgium.

Transparent process for dealing with incidents

Ordina has set up a transparent process for incidents in the fields of security, privacy, integrity and compliance. All cases are registered and the designated member of staff monitors the resultant procedures. These are chosen from a limited number of potential scenarios and we devote attention to potential improvements to reduce the likelihood of such incidents in the future.

For instance, in the event of a report via one of the channels cited in the Speak Up policy of the Code of Conduct, we first look for independent verification of the issue cited in the report. If the report is sufficiently concrete, we conduct a preliminary investigation of the facts. Depending on the outcome of such an investigation, measures are then taken. These can be measures against people or measures aimed at making improvements or the tightening of policy and/or guidelines.

We also have a data leak procedure in place in the event of any (potential) data leaks, and the employee responsible resolves any issues and (if necessary) makes the required reports.

These reports, investigations and the outcome of same are compiled in quarterly reports. These reports are discussed in the Management Board and the Supervisory Board. The Management Board receives weekly progress reports during any investigations.

Privacy & Security

Ordina sees the subjects privacy and security as a major priority, given the tightening of privacy laws and the increase in threats and risks in digital environments. On this front, in addition to the regular activities of the responsible functionary, we are also working full out on the preparations for the imminent introduction of the European General Data Protection Regulation (GDPR), also partly under the supervision of our Privacy Officer.

Project Management

Deal Review System

Ordina strives for the sound and effective management of projects in which we bear responsibility for results. This starts with a critical review of opportunities and threats during the commercial process. We also review the mandatory involvement of the right level of management, depending on the size and the risk of a potential contract.

We launched the Deal Review System (DRS) to safeguard this process. For instance, this system enables us to make well-informed decisions at every stage of the tender process as to whether or not to submit a bid for a project. Key elements of the DRS include the assessment of risks and the control measures we have available to mitigate those risks.

When we accept projects and management contracts, we obviously accept a certain level of risk. However, we believe these risks have to be manageable and transparent. Our track record, experience, strict project management and contractual agreements with our clients, including a realistic division of liability, are all key factors in the mitigation of these risks. Our Legal & Risk Management department monitors the consistent application of the DRS.

excellent Project execution

Ordina has developed an approach to project execution it has dubbed excellent Project execution (excellente Project executie) or xPx in short. The xPx approach is equivalent to Prince2, with the addition of a number of steps aimed at generating buy-in and commitment from all those involved in a project. For Ordina, sound project management is a key condition for the realisation of project targets. We want to provide our clients with added value by maintaining a clear focus on what we can do to help them achieve their own business goals and by making sure that our services continue to facilitate those goals. The progress of key projects is discussed in the business units’ monthly review meetings, together with the main conclusions in the findings of the internal audit function.

Internal control


The internal audit function reports directly to the Management Board and conducts independent audits of the correct application of and compliance with internal procedures and guidelines. These audits focus on both financial and operational elements. The department reports its activities to both the Management Board and the audit committee on a quarterly basis.

The goal is to use the audit findings as a basis for the continuous professionalization of our internal control structure. In addition, these formalised procedures also help us to continuously increase risk awareness within Ordina.

The external audits are conducted by organisations such as DNV-GL (Det Norske Veritas-Germanischer Lloyd) and our external auditor EY.

The external audits cover the management system used, the administrative organisation, the Risk Control Framework and the financial results. In the context of the audit of the annual financial statements, the external auditor assesses the correct set-up, existence and partially the operation of internal control procedures that are important when drawing up the annual financial statements. The external auditor reports the findings of their audits to the Management Board and to the Supervisory Board, both orally and in writing.


Risk management and control systems

Our internal risk management and control systems are designed to help ensure that we have sufficient certainty at all times regarding the extent to which we are achieving our strategic and operational goals. The systems are also designed to guarantee the reliability of our financial reporting, to ensure that we act in accordance with the laws and regulations that apply to our organisation.

Ordina sees the configuration of our internal risk management and control systems for our strategic, operational, compliance and financial (reporting) risks as a high priority. In view of internal and external developments, we continuously refine and improve these systems.

These systems can never provide absolute certainty and it is possible that Ordina’s reporting contains material inaccuracies.