Risk management
Managing risks is explicitly on the agenda of management
in order to protect the business from the effects of disasters,
failures and reputational damage. Continuity and sustainability
of the business is as important to the stakeholders as growing
and operating it.
42 Report of the Executive Board
Risk management and control system
The Heineken risk management and control
systems aim to ensure at a reasonable level
of assurance, that the risks of the Company are
identified and managed and that the operational
and financial objectives are met, in compliance
with applicable laws and regulations. A system
of controls to ensure adequate financial reporting
is included. Heineken's internal control system is
based on the C0S0 Internal Control Framework.
Risk appetite
The Company is recognised by its drive for quality,
consistency and financial discipline. Entrepreneurial
spirit is encouraged across the Group to seek
opportunities supporting continuous growth (like
business development and innovation), whilst
taking controlled risks.
Risk profile
Heineken is a single-product company, with a high
level of commonality in its worldwide business
operations spread over many mature and emerging
markets. The worldwide activities are exposed
to varying degrees of risk and uncertainty, some
of which, if not identified and managed, may result
in a material impact on a particular operating
company, but may not materially affect the Group
as a whole.
Risk management
Doing business inherently involves taking risks,
and by managing these risks Heineken strives
to be a sustainable and performance-driven
company. Structured risk assessments are part
of, amongst others, Heineken's Company-change
programmes, business planning and performance-
monitoring process, common process and system
implementations, acquisitions and business
integration activities. The risk management and
control systems are considered to be in balance
with Heineken's risk profile, although such systems
can never provide absolute assurance. Following
Heineken's continuing growth and changing risk
profile, the Company's risk management and
control systems are subject to continuous review
and adaptations.
Responsibilities
The Executive Board, under the supervision of
the Supervisory Board, has overall responsibility
for Heineken's risk management and control
systems. Regional and operating company
management are responsible for managing
performance, underlying risks and effectiveness
of operations, within the rules set by the
Executive Board, supported and supervised
by Group departments.
Heineken Company Rules
In the year under review, the governance process
of the Heineken Company Rules has been further
structured. Also, compliance monitoring by Group
departments has been further strengthened.
From 2007, local management has been requested
to sign a so-called 'Assurance Letter' to confirm
compliance with Company Rules in addition to
compliance with certain matters with regard to
financial reporting.
Business planning and performance monitoring
The main pillar of Heineken's internal governance
activities is the business planning and performance
monitoring process. Operating companies'
strategies, business plans, key risks and quarterly
performance are discussed with Regional
Management. Regional performance is discussed
with the Executive Board. The approved business
plans include clear objectives, performance
indicators and target setting, which provide
the basis for monitoring performance compared
to business plan. These plans also contain an
annual assessment of the main risks (including
mitigation plans) and financial sensitivities. In 2007,
Heineken started a Company-wide programme to
create a more integrated management nformation
environment for reporting to Regions and Group.
Internal control in operating companies
Heineken is progressing the Group-wide
development and implementation of best practice
processes supported by common IT systems.
At the end of 2007, 69 per cent of Heineken's
Heineken N.V. Annual Report 2007