31 provide the basis for monitoring performance compared to the business plan. These plans also contain an annual assessment of the main risks, mitigation plans and financial sensitivities. Internal control in Operating Companies Best practice processes are continuously developed and implemented on a Group-wide basis, supported by Common IT Systems with embedded key control frameworks. This ensures the integrity of information processing in supporting the day-to-day transactions and financial and management reporting. Whereas the Heineken common systems are continuously rolled out to more Operating Companies, the application of these common processes are in progress for the most recent acquisitions. Internal Audit is strongly involved in monitoring key controls embedded in main business processes and assessing their effectiveness based on a common audit approach. Information Technology Heineken's worldwide operations are highly dependent on the availability and integrity of its (common) information systems. Many IT processes and infrastructures are now centralised and outsourced to professional outsourcing partners. To ensure the confidentiality and integrity of information and the availability of information systems, Heineken's Operating Companies and the Central IT services must comply with a strict information security policy, which is aligned with the ISO 27001:2005 standard. An IT risk management system is in place for all sites including; IT risk identification and monitoring, annual policy compliance assessments, progress of improvement monitoring and internal audits. The IT risk management system also includes clear agreements on assurance from IT outsourcing partners. The increased harmonisation and centralisation of IT systems augment central enforcement of security measures across Operating Companies and has a positive impact on the level of control. Code of Business Conduct and Whistle-blowing The Code of Business Conduct and Whistle-blowing procedure is applicable to all majority-owned subsidiaries, regional offices and head office and implementation is in progress for recent acquisitions. Compliance is supported through continuous monitoring of effectiveness and compliance reviews. Employees may report suspected cases of serious misconduct to their direct superior, the local Trusted Representative or anonymously to an independently run confidential helpline. The Integrity Committee oversees the functioning of the Whistle-blowing procedure and reports bi-annually to the Executive Board and Audit Committee on reported cases and effectiveness of the procedure. In the year under review, Heineken introduced an improved case management system and an e-learning tool to support training requirements. On-going training is being performed at Operating Company level to further increase awareness and understanding. Supervision The Executive Board oversees the adequacy and functioning of the entire system of risk management and internal control, assisted by Global functions. Internal Audit provides independent assurance and advice on the Risk Management and Internal Control Systems. Assurance Meetings at both local and regional level oversee the adequacy and operating effectiveness of the Risk Management and Internal Control Systems in their respective environments. Regional Management and Internal Audit participate in the local meetings in order to ensure effective dialogue and transparency. The outcome and effectiveness of the Risk Management and Internal Control Systems are evaluated with the Executive Board and the Audit Committee. Financial reporting The risk management and control systems over financial reporting contain clear accounting policies, a standard chart of accounts and Assurance Letters signed by regional and local management. The Heineken common systems and embedded control frameworks are implemented in a large number of the Operating Companies and support common accounting and regular financial reporting in standard forms. Testing of key controls relevant for financial reporting is part of the Common Internal Audit Approach in Operating Companies on common systems. The external audit activities provide additional assurance on the financial reporting. Within the scope of the external auditors' financial audit assignment, they also report on internal control issues through their management letters, and they attend the regional and certain local assurance meetings. In 2010, special attention was given to the integration of financial reporting of the acquired beer operations of FEMSA (Fomento Económico Mexicano, S.A.B. de C.V.), which included the application of Heineken's Accounting Policies. The internal risk management and control systems, as described in this section, provide a reasonable assurance that the financial reporting does not contain any errors of material importance. The risk management and control systems worked properly in the year under review. This statement cannot be construed as a statement in accordance with the requirements of Section 404 of the US Sarbanes-Oxley Act, which is not applicable to Heineken N.V. Main risks On the explicit understanding that this is not an exhaustive list, Heineken's main risks are described below, including the mitigation measures. The risks derived from the main risks are economic downturn, volatility of input costs, exchange rates, political instability, availability and cost of capital and increasing legislation affecting the business and are considered the most significant risks. The main Company risks have been discussed with the Supervisory Board and are annually reviewed. Strategic risks Heineken Brand and Company reputation As both the Group and its most valuable brand carry the same name, reputation management is of utmost importance. Heineken enjoys a positive corporate reputation and our Heineken N.V. Annual Report 2010

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2010 | | pagina 28