45
HEINEKEN N.V. ANNUAL REPORT 2008
IT
Heineken's worldwide operations are highly dependent on
the availability and integrity of its (common) information
systems. IT processes and infrastructure are to a large
extent centralised and outsourced to professional
outsourcing partners. Structured monitoring processes
are in place, which includes clear agreements on assurance
from outsourcing partners. The harmonisation, centralisation
and outsourcing of IT have a positive impact on the overall
control environment.
Code of Business Conduct and Whistle-blowing
The Code of Business Conduct and Whistle-blowing
procedure are applicable to all majority-owned subsidiaries.
Compliance is supported through continuous monitoring of
effectiveness, rotational audits and employee perception
irveys. Employees may report suspected cases of serious
nisconduct to their direct superior, the local Trusted
epresentative or anonymously to an independently run
onfidential helpline. The Integrity Committee oversees the
inctioning of the Whistle-blowing procedure and reports
i-annually to the Executive Board and Audit Committee
m reported cases and effectiveness of the procedure,
dditional communication and training are planned for
009 to reaffirm the importance of responsible conduct
nd compliance.
upervision
he Executive Board oversees the adequacy and functioning
f the entire system of risk management and internal control,
ssisted by Group departments. Group Internal Audit
rovides independent assurance and advice on the entire
sk management and internal control system. The Assurance
leetings, at local and regional level, oversee the adequacy
nd operating effectiveness of the risk management and
iternal control systems in their respective environments,
egional Management and Group Internal Audit participate
the local meetings to ensure effective dialogue and
ansparency. The outcome and effectiveness of the risk
lanagement and internal control systems have been
scussed with the Audit Committee.
The worldwide external audit activities - which are based
on local statutory materiality levels, and therefore more
detailed than necessary for the audit of the Heineken N.V.
consolidated financial statements - provide additional
assurance on true and fair presentation of financial reporting
on operating company level. Within the scope of their
financial audit assignment, external auditors also report on
internal control issues through their management letters
and attend local and regional Assurance Meetings.
Special attention was given to the integration of financial
reporting of the acquired businesses from former S&N and
some other acquisition, including transfer to the Heineken
Accounting Policies. In 2009, the Heineken standard chart
of accounts will be implemented.
Considering Heineken's risk management and control system
described in this section, the financial reporting is adequately
designed and worked effectively in the year under review
in providing reasonable assurance that the 2008 financial
statements do not contain any material misstatements.
There are no indications that the risk management and
control systems relating to financial reporting are not
working properly in the current year.
This statement cannot be construed as a statement in
accordance with the requirements of Section 404 of the US
Sarbanes-Oxley Act, which is not applicable to Heineken N.V.
Main risks
Under the explicit understanding that this is not an
exhaustive list, Heineken's main risks are described below.
It includes mitigation measures and where possible quantifying
the potential impact. Risks concerning the Heineken brand
and Company reputation, volatility and rise of input costs,
availability and cost of capital, and increasing legislation (like
alcohol, excise duties and anti-trust) affecting the business,
are considered the most significant risks. The main Company
risks have been discussed with the full Supervisory Board.
inancial reporting
he risk management and control system over financial
eporting contains clear accounting policies, a standard
nart of accounts and 'assurance letters' signed by General
id Finance Managers. The Heineken common systems
nd embedded control frameworks, as implemented in a
arge number of the subsidiaries, support common
ccounting and regular financial reporting in standard forms,
esting of key controls relevant for financial reporting are
art of the Common Internal Audit Approach.