Risk Management
and Control Systems
This section presents an overview of Heineken's risk management and control systems including
a description of the most important risks, Heineken's exposure and its main mitigation efforts.
Managing risks is explicitly on the management's agenda and embedded in the Heineken Company
Rules. Our aim with the risk management and control systems is to meet our strategic objectives
whilst effectively protecting the Company and the brand against reputational damage. Continuity
and sustainability of the business are as important to the stakeholders as growing and operating
the business. As a business, we balance our financial sustainability with playing a role in society.
Social responsibility and sustainability underpin everything we do.
30
Report of the Executive Board
Risk Management and Control Systems
The Heineken Risk Management and Control Systems aim to
ensure that the risks of the Company are identified and managed,
and that the operational and financial objectives are met in
compliance with applicable laws and regulations at a reasonable
level of assurance. A system of controls that ensures adequate
financial reporting is in place. Heineken's internal control system
is based on the COSO Internal Control Framework.
Risk appetite
The Company is recognised for its drive for quality, consistency
and financial discipline. Entrepreneurial spirit is encouraged
across the Group in order to seek opportunities that support
continuous growth such as business development and
innovation, whilst taking controlled risks. The balanced
country portfolio and the robust balance sheet continue
to be a reflection of the risk appetite of the Company.
Risk profile
Heineken is a single-product company with a high level of
commonality in its worldwide business operations, spread
over many mature and emerging markets. The worldwide
activities are exposed to varying degrees of risk and
uncertainty. Some of these may result in a material impact on
a particular Operating Company if not identified or effectively
managed, but may not materially affect the Group as a whole.
Compared to other leading beer companies, Heineken has
a significantly wider spread of its businesses across the globe,
and does not depend on a limited number of markets.
Risk management
Heineken strives to be a sustainable and performance-driven
company. This is achieved by doing business, which involves
taking risks and managing those risks. Structured risk
assessments are integrated in change projects, business
planning, performance monitoring processes, common
processes and system implementations and acquisitions
and business integration activities. The Risk Management
and Control Systems are considered to be in balance with
Heineken's risk profile and appetite, although such systems
can never provide absolute assurance. Heineken's Risk
Management and Control Systems are subject to continuous
review and adaptations in order to remain in balance with
its continuous growth and the changes in the risk profile.
Responsibilities
The Executive Board has overall responsibility for Heineken's
Risk Management and Control Systems. It is responsible for
resource allocation and risk management policy setting.
Its overall effectiveness is subject to review by the Audit
Committee. Regional, Operating Company and Functional
Management are responsible for managing performance,
identifying and managing related risks and the effectiveness
of operations within the rules set by the Executive Board.
Heineken Company Rules
The Heineken Company Rules are a key element of risk
management and are in place to set the boundaries within
which Operating Companies should conduct their business.
A governance procedure and activities ensuring continuous
awareness, compliance and follow up are in place.
The annual Assurance Letter provides additional comfort
on financial reporting and elected Company Rules. Regional
Presidents, General and Finance Managers sign for compliance
on behalf of their management teams on an annual basis.
Governance
Heineken clarified its governance cycle consisting of strategic
planning, annual business planning and operational planning
and performance monitoring. Operating Companies' strategies,
business plans, key risks and quarterly performance are
discussed with Regional Management. Regional performance
is discussed with the Executive Board. The approved three-year
business plans from regions and global functions include clear
objectives, performance indicators and target setting that