Risk Management Statement

Introduction

The Executive Board is responsible for setting up and maintaining an adequate system of risk management and control systems. A risk framework is used within Heijmans, the design and effectiveness of which has been assessed by the Executive Board during the financial year. The results were discussed with the Audit and Risk Committee, the Supervisory Board and the external auditor. The Executive Board recognises that there are inherent limitations to the risk framework and control systems. Although the framework and control systems are improved on a continuous basis, these systems cannot provide absolute assurance that all risks have been identified or adequately mitigated. The degree of assurance that can be provided is influenced by, among other things, inherent risks relating to risk management, business aspects such as the Company's risk appetite, the degree of flexibility in the Company's operations and the circumstances affecting the market in which the Company operates. Certain risks are outside the Company's sphere of influence because they depend on third parties, such as the government, or on circumstances beyond the Company's control. For a detailed description of the risk framework, control processes, risk appetite and key risks, please refer to the Risk Management chapter.

Management Statement

Based on its assessment and based on best practice 1.4.3 of the Dutch Corporate Governance Code, the Executive Board declares, to the best of its knowledge, that:

  1. the Management Report provides sufficient insight into shortcomings in the operation of internal risk management and control systems;

  2. that these systems provide a reasonable degree of assurance that the financial reporting does not contain material misstatements;

  3. that these systems provide at least a limited degree of assurance that the sustainability reporting included in the Sustainability Statement, part of the Heijmans Annual Report 2025, does not contain material misstatements;

  4. that the Executive Board is not aware that the internal risk management and internal control systems do not provide sufficient comfort that the operational and compliance risks, as described in the Risk Management chapter, are effectively managed, taking into account the Company’s risk appetite, where “sufficient comfort” is to be understood as sufficient comfort in view of the risk appetite and complexity of the Company and with due regard to the inherent limitations of those systems and other explanations of those systems in the Management Report;

  5. based on the current state of affairs, it is justified that the financial reporting is prepared on a going-concern basis; and

  6. that the Management Report sets out the material risks as referred to in best practice provision 1.2.1 and the uncertainties, insofar as these are relevant to the expectation of the Company’s continuity for a period of twelve months after the date of preparation of the Management Report.

As a result of inherent limitations to risk management and control systems, the above does not imply that these systems and procedures provide assurance with respect to the achievement of strategic, operational, compliance and reporting targets, nor that such systems can prevent any misstatements, deviations, inaccuracies, fraud, operational problems and non-compliance with laws and regulations.

Previous Next
Download