Risk Management and Control System 44 Annual Report 2009 - Heineken N.V. Report of the Executive Board Managing risks and protecting the business from the effects of disasters, failures and reputational damage is explicitly on the management's agenda. Continuity and sustainability of the business is as important to stakeholders as growing and operating the business. Risk Management and Control System The Heineken Risk Management and Control Systems aim to ensure that the risks of the Company are identified and managed, and that the operational and financial objectives are met in compliance with applicable laws and regulations at a reasonable level of assurance. A system of control that ensures adequate financial reporting is in place. Heineken's internal control system is based on the COSO Internal Control Framework. Risk appetite The Company is recognised for its drive for quality, consistency and financial discipline. An entrepreneurial spirit is encouraged across the Group in order to seek opportunities that support continuous growth such as business development and innovation, whilst taking controlled risks. The carefully balanced country portfolio and the robust balance sheet are a reflection of the risk appetite of the Company. Risk profile Heineken is a single-product company with a high level of commonality in its worldwide business operations, spread over many mature and emerging markets. The worldwide activities are exposed to varying degrees of risk and uncertainty. Some of these may result in a material impact on a particular Operating Company if not identified and managed, but may not materially affect the Group as a whole. Compared to other leading beer companies, Heineken has a significantly wider global spread of its businesses, and does not depend on a limited number of markets. Risk management Heineken strives to be a sustainable and performance-driven company. This involves taking risks and managing risks. Structured risk assessments are integrated into change projects, business planning, performance monitoring processes, common processes and system implementations, and acquisitions and business integration activities. The Risk Management and Control Systems are considered to be in balance with Heineken's risk profile and appetite, although such systems can never provide absolute assurance. Heineken's Risk Management and Control Systems are subject to continuous review and adaptations in order to remain in balance with its continuous growth and the changes in the risk profile. Responsibilities The Executive Board, under the supervision of the Supervisory Board, has overall responsibility for Heineken's Risk Management and Control Systems. Regional and Operating Companies management are responsible for managing performance, identifying and managing related risks and the effectiveness of operations within the rules set by the Executive Board. This is supported and supervised by Group functions. Heineken Company Rules The Heineken Company Rules are a key element of the Risk Management System and are in place to set the boundaries within which Operating Companies should conduct their business. A governance procedure and activities ensuring continuous awareness and compliance are in place. This is managed by the Heineken Company Rules Network that meets on a semi-annual basis. The annual Assurance Letter provides additional comfort on financial reporting and selected Company Rules and is signed by all Regional Presidents, General and Finance Managers on behalf of their management teams on an annual basis. Business planning and performance monitoring The main pillars of Heineken's internal governance activities are annual business planning and performance monitoring processes. Operating Companies' strategies, business plans, key risks and quarterly performance are discussed with Regional Management. Regional performance is discussed with the Executive Board. The approved business plans include clear objectives, performance indicators and target setting that provide the basis for monitoring performance compared to the business plan. These plans also contain an annual assessment of the main risks, mitigations and financial sensitivities. This process was further improved in the year under review. Heineken is finalising the implementation of an integrated management information system for reporting to Regions and Group. Internal control in Operating Companies Development and implementation of best practice processes are continuously being improved on a Group-wide basis, supported by common IT systems. Based on revenue at the end of 2009, 65 per cent of the operations worked in accordance with the evolving Heineken common system. Additionally, documentation, measurement and performance of processes under the Business Process Management Initiative are continuously being improved by Group functions. Best practice key control frameworks are embedded in developed common processes/systems. This ensures the integrity of the information processing in supporting the day-to-day transactions and financial and management reporting. Internal Audit is strongly involved in monitoring key controls embedded in main business processes and assessing its effectiveness based on a common audit approach. Control monitoring by management has strengthened with the implementation of an integrated management information system.

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2009 | | pagina 41