RISK MANAGEMENT AND INTERNAL CONTROL

“The Board believes that the Company maintains an adequate and effective system of risk management and internal control that complies with the Dutch Code of Corporate Governance.”		  
     
  Internal control systems are designed to manage, rather than eliminate, the risk of failure to achieve business objectives, and can provide reasonable, but not absolute, assurance against material misstatement or loss. As such, the controls are subject to regular review as the business evolves and changes.

The Company views the careful management of risk as a key management activity. The Board reviews the effectiveness of the systems of internal control relative to strategic, financial, operational and compliance risks. The Board discusses risk management and internal controls with the Supervisory Board on at least a quarterly basis.

The Company embeds risk management into periodic planning and internal control mechanisms. A top-down approach is followed, whereby we identify the major risks that could affect our business and our preparedness should these problems arise.

The key features of the systems of internal control are:		  
     
 
clearly defined lines of accountability and delegation of authority, together with comprehensive reporting and analysis against approved budgets;
   
minimisation of operating risk, by ensuring that the appropriate infrastructure, controls, systems and people are in place throughout the businesses. Key policies employed in managing operating risk include segregation of duties, authorisation of transactions, monitoring, and financial and management reporting;
   
centralised treasury operations to manage the investment of cash balances and exposure to currency transaction risks. Treasury policies, risk limits and monitoring procedures that are approved annually by the Supervisory Board; and
   
a Code of Conduct and a Code of Ethics accessible by staff via our intranet site. The Code of Conduct is also available on the TomTom website (www.tomtom.com).
   
 
     
  Assurance on compliance with systems of internal control, and on their effectiveness, is obtained through management reviews, control self-assessment, internal audits and testing of certain aspects of the internal financial control systems by the external auditors during the course of their audit.

During 2007 we made the following changes to our internal control systems, which we believe have led to improvements in our control environment:		  
     
 
adoption of our principle-based Product Creation Framework for all major product lines. As part of this framework, components used in our products are de-risked at the earliest possible opportunity in the design phase to ensure a smooth transition from design to mass production;
   
broadening of our Information Technology and Telephony infrastructure and capabilities;
   
in order to reduce our time-to-market for new innovations and to increase the predictability and reliability of our development processes we reorganised our Development department into separated Product Design and Technology departments;
   
formation of our Security Committee and Security department;
   
strengthening of our supply chain capability, predictability and flexibility, by dual-sourcing our high volume products and by expanding our Engineering and Quality Assurance departments;
   
implementation of our General Performance Scheme, a consistent framework for performance management which aligns clear target and objective setting with personal development; and
   
review of the Group Corporate Insurance portfolio and implementation of changes to improve coverage, and to identify and mitigate additional areas of risk.
 
     
  INTERNAL CONTROL OVER FINANCIAL REPORTING
Internal control over financial reporting is a process designed to provide reasonable, but not absolute, assurance regarding the reliability of management and financial reporting, in accordance with generally accepted accounting principles. Controls over financial reporting, policies and procedures include controls to ensure that:		  
     
 
commitments and expenditures are appropriately authorised by management;
   
records are maintained accurately and fairly reflect transactions;
   
any unauthorised acquisition, use or disposal of the Company’s assets that could have a material effect on our financial statements would be detected on a timely basis; and
   
transactions are recorded as required to permit the preparation of financial statements.
   
 
     
  Due to inherent limitations, internal controls over financial reporting may not prevent or detect misstatements. Risk management and control systems provide reasonable assurance that the financial reporting does not contain any material inaccuracies. No material weaknesses were identified during the year. These systems are deemed to have functioned properly during the year under review, and there is currently no indication they will not continue to do so in the forthcoming period.

Amsterdam, 21 February 2008