43
operations (based on revenue) worked in
accordance with the evolving Heineken Common
System. Best practice key control frameworks, to
ensure the integrity of the information processing
in supporting the day-to-day transactions
and financial and management reporting, are
imbedded and used for continuous controls
ïonitoring and improvements.
ode of Business Conduct and Whistle-blowing
ocal Codes of Business Conduct and whistle-
'owing procedures have been implemented
-oup-wide based on Group policies applicable
majority-owned subsidiaries. On Group level
ontinuous awareness building is supported and
/ersees the functioning of the Code. The Integrity
ommittee oversees the functioning of whistle-
lowing and issued two reports to the Executive
oard and Audit Committee in the year under
aview on effectiveness of the procedure and
aported cases.
jpervision
he Executive Board oversees the adequacy
id functioning of the entire system of risk
anagement and internal control, assisted
Group departments. Group Internal Audit
ovides independent assurance on the entire
sk management and internal control system,
ne Assurance Meetings, at local and regional
vel, oversee the adequacy and operating
fectiveness of the risk management and internal
ontrol systems in their respective environments,
egional Management and Group Internal
udit participate in the local meetings to ensure
fective dialogue and transparency. The outcome
id effectiveness of the risk management and
ternal control systems have been discussed with
ie Audit Committee.
nancial reporting
ie risk management and control system over
nancial reporting contains clear accounting rules
nd a standard chart of accounts. The Heineken
ommon systems, as implemented in almost all
iajority-owned subsidiaries in terms of revenue,
support common accounting and regular
financial reporting in standard forms. In 2007,
the testing of key controls relevant for financial
reporting were added to the Common Internal
Audit Approach.
The worldwide external audit activities - which
are based on local statutory requirements,
and therefore more detailed than necessary for
the audit of the Heineken N.V. consolidated figures
- provide additional assurance on fair presentation
of financial reporting on operating company
level. Within the parameters of their financial
audit assignment, external auditors also
report on internal control issues through
their management letters and attend local
and regional Assurance Meetings.
Considering Heineken's risk management and
control system described in this section, the
financial reporting is adequately designed and
worked effectively in the year under review in
providing reasonable assurance that the 2007
financial statements do not contain any material
inaccuracies. There are no indications that the
risk management and control systems relating
to financial reporting will not work properly in the
current year.
This statement cannot be construed as a statement
in accordance with the requirements of Section
404 of the US Sarbanes-Oxley Act, which is not
applicable to Heineken N.V.
Main risks
Under the explicit understanding that this is
not an exhaustive list, Heineken's main risks are
described below. It includes mitigation measures
and where possible quantifying the potential
impact. Risks concerning the Heineken brand
and Company reputation, rising input costs
and increasing legislation (like alcohol, excise
duties and anti-trust) affecting the business, are
considered the most significant risks. The main
Company risks have been discussed with the full
Supervisory Board.
Heineken N.V. Annual Report 2007