Governance
66 Heineken N.V. Annual Report 2004 Report of the Executive Board
The Heineken risk management and control system encompass policies, processes, tasks, behaviours
and other aspects of the company, which, taken together, are aimed at a reasonable level of assurance,
that the risks of the Company are identified and managed and that the operational and financial
objectives are met, where relevant in compliance with applicable laws and regulations. Embedded in
these processes is a system of controls over financial reporting in order to provide reasonable
assurance regarding the reliability of the Company's financial reporting. Heineken's internal control
system is based on the COSO Internal Control Framework.
Considering Heineken's overall risk profile, and based on the activities described below and the
assessments provided from these, we have no indication that current risk management and control
systems were not adequate nor effectively working in the year under review. The risk management and
control systems are considered to be in balance with Heineken's risk profile, although such systems
can never provide absolute assurance.
Following Heineken's continuing growth and changing risk profile, the Company's risk management
and control systems are subject to continuous review and adaptations. Currently, Heineken is further
structuring and formalising its risk governance activities, appropriate to the evolving structure and
needs of the group.
Risk management and control system
Overall Risk Profile
Heineken's operations and related risks are widely spread. The worldwide activities are exposed
to varying degrees of risk and uncertainty, some of which, if not identified and managed, may result
in a material impact on a particular operating company, but may not materially affect the group
as a whole.
Heineken's operating companies work in many different markets, environments and cultures.
However, Heineken is a single-product company, with a high level of commonality in its worldwide
business operations. This allows for the development of best-practice driven processes and systems
worldwide which has a positive impact on Heineken's overall operational risks and controls.
Overall, Heineken's risk profile is considered relatively low. However, due to continuous growth
and increasing complexity, the risk profile is changing.
Risk Management
Doing business inherently involves taking risks, and by managing these risks Heineken strives
to be a sustainable and performance driven company. This calls for a proper balance between
entrepreneurial attitudes and the control levels associated with exploiting business opportunities.
In the year under review, Corporate departments carried-out a structured integrated risk
assessment. On a process level, structured risk identification and management activities are partly
established in various operating companies, mainly driven by Heineken common systems.
In 2005 risk management will be further enhanced.
Responsibilities
The Executive Board, under the supervision of the Supervisory Board, is overall responsible for the
design and functioning of Heineken's risk management and control systems. Operating company
management teams are accountable for managing performance, underlying risks and effectiveness
of operations, within the boundaries set by the Executive Board. They are responsible for imple
menting, operating and monitoring an effective risk management and internal control system in their
operations, optimising the use of Heineken common processes, systems and other best practices,
supported and supervised by Corporate departments and the Executive Board.