VRC Code of Conduct - Unofficial English Translation

Preface

The first Code of Conduct of the Dutch Association of Registered Controllers (Vereniging van Registercontrollers or VRC) was approved by the General Assembly in 1988, and modified in 1996 and 1997. At the time of the last modification, the VRC had around 500 members. By 2008, the VRC has grown to around 2500 members. Along with these changes in the association, developments in corporate governance requirements mainly as a result of various corporate scandals, and the resulting invigorated role of the financial function as management’s conscience and advisor have led to the insight that a renewal of the VRC Code of Conduct is imperative. Taking up that challenge, the VRC Board has appointed a Committee to develop a new Code of Conduct.

This Code of Conduct (hereafter: the Code) provides the rules for all the members of the VRC who are allowed to bear the title Registered Controller (RC). It gives guidance for the behaviour of the Registered Controller to be in accordance with reasonable expectations of whoever relies on him or her.[1] These expectations primarily, but not exclusively, stem from the Registered Controller’s role as a professional in the finance & control area.

The VRC upholds the aims and principles of equal opportunities and fundamental human rights worldwide, including the handling of personal information. The VRC promotes the highest behavioural and business standards, and encourages its members to be good and responsible professionals. Good behaviour can include actions and deeds beyond those required by the law. In a highly competitive and complex business world, it is essential that the Registered Controller sustains his integrity and remembers the trust and confidence which is placed on him by whoever relies on him.

Registered Controllers throughout the world have a duty to observe the highest standards of conduct, thereby upholding the good standing and reputation of the profession. They must refrain from any conduct which might discredit the profession and must have regard for this Code irrespective of their field of activity, their contract of employment or any other professional memberships they may hold. Importantly, they should be guided not merely by the terms but by the spirit of this Code.

The VRC has adopted this Code of Conduct. To ensure consistency among the relevant peer groups in particular in the area of finance, accounting, auditing and control, this Code is derived from various existing codes, including the IFAC Code of Ethics for Professional Accountants and the CIMA Code of Ethics for Professional Accountants. The VRC Charter, Bylaws and Regulations may give detailed guidance on issues not covered by this Code.

This Code forms the basis of the VRC Disciplinary Measures.

The VRC Code of Conduct Committee

Amsterdam

General Meeting December 1 2008

Section 1 Introduction

1.1 This Code applies to all members of the VRC who are Registered Controllers as described in the VRC bylaws.

1.2 The following definitions apply:

a. VRC: Vereniging van Registercontrollers, or Dutch Association of Registered Controllers.

b. Employer: an organization or a member of an organization that hires the Registered Controller as an employee, external advisor or interim manager.

c. Postgraduate Controllers Program: a part-time Master of Finance and Control program that entitles its graduates to become listed in the VRC register, and that gives at least the minimum required number of ECTS credits.[2]

d. RC (Registered Controller): a graduate of one of the Postgraduate Controllers Programs who is a member of the VRC and is registered in the VRC register.

e. Stakeholder: he who relies on the Registered Controller’s work, including the Employer and users of the controller’s work outside of the Employer.

f. Disciplinary Committee: the VRC appointed committee that files and judges upon complaints against Registered Controllers.

1.3 The Registered Controller operates in two domains: the professional domain and the private domain.

1.3.1 In the professional domain, the Registered Controller may operate in two distinct roles:

a. a finance and control role; this includes all the activities on behalf of the Registered Controller’s Employer with respect to maintaining sound records of business transactions, ensuring that the Employer is compliant with applicable laws, regulations, contracts and internal procedures, and advising his Employer’s management on finance and control issues. These activities may receive varying levels of attention of the Registered Controller in his day-to-day practice.

b. a business role, not finance and control; this includes all the activities on behalf of the Registered Controller’s Employer that do not directly require specialist finance and control competences.

1.3.2 In the private domain, the Registered Controller either operates outside of his professional domain, but this may have effects in his professional domain or he employs professional activities in his private domain.

1.4 The Code applies to all the domains and roles where the Registered Controller may operate. Therefore it is not restricted to his professional domain nor his finance and control role. However, it is important to recognize that the finance and control role in his professional domain generally sets the expectations for the Registered Controller’s overall behaviour.

1.5 The Registered Controller’s activities in the private domain that do not have any effect in his professional domain or that are unrelated to his professional activities are beyond the scope of this Code.

1.6 A distinguishing mark of the Registered Controller is his acceptance of the responsibility to act in accordance with this Code. Therefore, the Registered Controller’s responsibility is not limited to exclusively satisfying the needs of an individual Employer. His responsibility includes the other Stakeholders as well.

1.7 Complying with this Code means that the Registered Controller must adhere to a set of fundamental behavioural principles. Registered Controllers are required to apply this Code to identify threats to compliance with the fundamental behavioural principles, to evaluate their significance and, if such threats are other than clearly insignificant, to apply safeguards to eliminate them or reduce them to an acceptable level such that compliance with the fundamental behavioural principles is not compromised.

1.8 If the Employer has more specific regulations in place than this Code, the specific regulations will overrule this Code insofar these are not in conflict with this Code. If the specific regulations are in conflict with the Code, then the Code will overrule these specific regulations.

1.9 The Registered Controller should notify his Employer and any other relevant party in due time that he is subject to this Code.

1.10 The Addendum to this Code[3] provides guidance on how to apply the Code. It contains examples of the application of the fundamental behavioural principles and describes potential threats to compliance with the fundamental behavioural principles and ways to address these threats. It also contains examples of rulings by the Disciplinary Committee.

Section 2 Fundamental behavioural principles

2.1 The Registered Controller is required to comply with the following fundamental behavioural principles:

a. Integrity;

b. Objectivity;

c. Professional Competence and Due Care;

d. Confidentiality;

e. Professional Behaviour.

2.2 The principle of integrity implies that the Registered Controller should be honest in all interactions. This imposes an obligation on the Registered Controller to be straightforward, fair and truthful at all times so that Stakeholders will not be deceived. An important aspect of integrity is that he should not be associated with reports, returns, communications or other information where he believes that these:

a. are false or misleading;

b. are furnished recklessly; or

c. are incomplete or obscuring certain issues where this would be misleading.

2.3 The principle of objectivity implies that the Registered Controller should not allow bias, conflict of interest or undue influence of others to override judgments. This imposes an obligation on him not to compromise his judgment because of bias, conflict of interest or the undue influence of others. An important aspect of objectivity is that relationships that could potentially bias or unduly influence the judgment of the Registered Controller should be avoided.

2.4 The principle of professional competence and due care implies that the Registered Controller has a continuing duty to act diligently, and in accordance with applicable technical and professional standards when providing professional services. This comprises three components:

a. attainment of professional competence, which is acquired through the education in the Postgraduate Controllers Programs;

b. maintenance of professional competence, which requires a continuing awareness and an understanding of relevant issues that enable the Registered Controller to continue developing his capabilities to perform competently within the professional environment; and

c. due care, which encompasses acting in accordance with the requirements of an assignment or any other duty, carefully, thoroughly and on a timely basis.

2.4.1 The Registered Controller must always comply with the continuing professional development requirements of the VRC.

2.4.2 The Registered Controller should take steps to ensure that the work of people working under his authority meets applicable quality requirements.

2.4.3 Where appropriate, the Registered Controller should make Employers aware of any limitations inherent in his services to avoid the misinterpretation of an expression of opinion as a fact.

2.5 The principle of confidentiality implies that the Registered Controller should not disclose to third parties nor use to his personal advantage any information acquired, without proper and specific authority unless there is a legal or professional right or duty to do so.

2.5.1 The following are circumstances where the Registered Controller is or may be required to disclose confidential information or when such disclosure may be appropriate:

a. Disclosure is permitted by law and authorized by the Employer or other Stakeholder;

b. Disclosure is required by law;

c. There is a professional right or duty to disclose, when not prohibited by law.

2.5.2 The Registered Controller should maintain confidentiality. He should be alert to the possibility of inadvertent disclosure, particularly in interactions with longstanding business partners, close acquaintances or family members. He should also maintain confidentiality of information disclosed by a prospective Employer, and be selective in distributing potentially confidential information within the Employer. Furthermore he should take all reasonable steps to ensure that staff under his control and persons from whom advice and assistance is obtained all respect his duty of confidentiality.

2.5.3 The need to comply with the principle of confidentiality continues even after the end of relationships between the Registered Controller and an Employer or other Stakeholder. The Registered Controller who has changed employment is entitled to use prior experience. He should not, however, use or disclose any confidential information either acquired or received as a result of a relationship with an Employer.

2.5.4 In deciding whether to disclose confidential information, the Registered Controller should consider the following issues:

a. Whether the interests of any Stakeholder could be harmed if the Employer or other Stakeholder consents to the disclosure of information by the Registered Controller;

b. Whether all the relevant information is known and substantiated, to the extent it is practicable; when the situation involves unsubstantiated facts, incomplete information or unsubstantiated conclusions, judgment should be used in determining the type of disclosure to be made, if any; and

c. The type of communication that is expected and to whom it is addressed; in particular, the Registered Controller should be satisfied that the parties to whom the communication is addressed are considered to be legitimate Stakeholders.

2.6 The principle of professional behaviour imposes an obligation on the Registered Controller to comply with relevant laws and regulations and avoid any action that may bring discredit to the profession. This includes actions which a reasonable and informed third party, having knowledge of all relevant information, would conclude negatively affects the good reputation of the profession. It is important to realize that, when forming a judgment about the effects of certain behaviour on the good reputation of the profession, cultural differences between countries must be taken into consideration.

Section 3 Behavioural conflict resolution

3.1 In evaluating compliance with the fundamental behavioural principles, the Registered Controller may be required to resolve a conflict in the application of the fundamental behavioural principles.

3.2 When initiating either a formal or informal conflict resolution process, the Registered Controller should consider the following, either individually or jointly with others, as part of the resolution process:

a. All the relevant facts;

b. The fundamental behavioural principles related to the matter in question;

c. Alternative courses of action to resolve the conflict; and

d. Consequences for the Registered Controller’s position.

3.3 The Registered Controller should determine a conflict resolution process that weighs the consequences of each possible course of action.

3.4 In his conflict resolution process the Registered Controller, if the matter remains unresolved, should consult within his Employer for help in obtaining resolution. This implies that he should consider consulting with those charged with governance within his Employer, such as the Board of Directors or Executive Directors, the Supervisory Board or Non-Executive Directors, the Audit Committee, compliance officers and security officers.

3.5 The Registered Controller should always document the substance of the issue and details of any discussions held or decisions taken concerning that issue.

3.6 If a significant conflict cannot be resolved internally, the Registered Controller should consider obtaining professional advice from the VRC or legal advisors to obtain guidance on behavioural issues without breaching confidentiality. The VRC has appointed a confidential counsellor.

3.7 If, after exhausting all relevant possibilities, the behavioural conflict still remains unresolved, the Registered Controller should, where possible, refuse to remain associated with the matter creating the conflict. This may imply that the Registered Controller notifies his Employer that he, under the circumstances, can no longer be held responsible for the tasks that gave rise to the conflict. Leaving an Employer without having tried to resolve the conflict or having informed the relevant representatives of the Employer is – generally spoken – deemed unprofessional behaviour.

3.8 It is the Registered Controller’s duty to discuss any observed deviation from this Code by another Registered Controller with the other Registered Controller and, if the other Registered Controller refuses to take corrective measures, report and motivate the situation to the VRC along with the appropriate evidence.

3.9 If the Registered Controller has been subject to a ruling by the Disciplinary Committee of another professional body or is or has been revocable or irrevocable convicted in a criminal case in his professional domain, he should report this to the VRC.

Section 4 Enforcement

4.1 This Code will be in effect as per January 1st, 2009 and replaces the prior codes insofar behaviour on or later than January 1st, 2009 is concerned.

4.2. The date on which a certain behaviour is displayed determines which code applies.

4.3 In case of non-compliance with this Code, the Registered Controller will become subject to disciplinary actions as laid down in the Bylaws of the VRC and particularly the Disciplinary Committee Regulations.

4.4 The Registered Controller will be subject to an investigation and a ruling by the Disciplinary Committee of the VRC when:

a. the VRC lodges a complaint;

b. the Employer lodges a complaint;

c. another Registered Controller lodges a complaint;

d. any other Stakeholder lodges a complaint.

Section 5 Final clauses

5.1 Per January 1st , 2009 available on www.vrc.nl

5.2 The following Postgraduate Controllers Programs entitle their graduates to be registered in the VRC register:

a. Erasmus Universiteit, Rotterdam

b. Rijksuniversiteit Groningen, Groningen

c. Universiteit Maastricht & Universiteit van Amsterdam, Maastricht

d. Universiteit Maastricht, Maastricht

e. Universiteit Nyenrode, Breukelen

f. Universiteit van Amsterdam, Amsterdam

g. Universiteit van de Nederlandse Antillen, Willemstad

h. Universiteit van Tilburg, Tilburg

i. Vrije Universiteit, Amsterdam

[1] For efficiency reasons, the remainder of this Code will refer to the Registered Controller using the pronouns him and his. The same holds for any other person that is referred to.

[2] The European Credit Transfer System is the uniform system for assigning a specific study load to a course that is given by a university that resides in the jurisdiction of this system.

[3] This Addendum is available in Dutch.