Report of the
Report of the
Financial
Other
Contents
Overview
Executive Board
Supervisory Board
statements
information
The HEINEKEN Governance, Risk and Compliance activities are organised within the HEINEKEN Business Framework which is applicable
to all HEINEKEN subsidiaries. Based on theCOSO reference framework and adapted to the Company's strategic goals and operating model,
this framework provides an overview of HEINEKEN's identity, mission and vision, organisation structure, Code of Business Conduct, Company
Rules and Risk Management.
Risk identification and assessment
HEINEKEN's risk management activities seek to ensure identification and appropriate response to any significant threat to the Company's
reputation, its assets, the safety of its employees, or the achievement of its strategic objectives. To this end, HEINEKEN has put in place
a comprehensive risk management system which identifies, assesses, prioritises and manages risks on a continuous and systematic basis,
and covers all subsidiaries across regions, countries, markets and corporate functions.
Ongoing identification and assessment of risks is an integral part of ElEINEKEN's governance cycle. Each reporting entity presents, along with
its business plan, a risk assessment which covers risks of various natures: operational (among others compliance, financial, safety), strategic
and external risks. Implementation of adeguate responses is then assessed on a guarterly basis. Simultaneously, the risks reported by the
operating companies are aggregated on a global level to determine El EINEKEN's main risks and coordinated risk response across geographies.
Accountability for mitigating, monitoring and reporting on each of the most significant risks is assigned to functional directors. These risks are
subject to half-yearly review to account for emerging risks or changes in the Company's internal or external environment that could reguire
a review of HEINEKEN's risk management priorities.
Internal control activities
HEINEKEN's internal control activities aim to provide reasonable assurance as to the accuracy of financial information, the Company's
compliance with applicable laws and internal policies and the effectiveness of internal processes.
The foundation for managing the Company's operations is the HEINEKEN Rulebook which translates the Company's objectives and strategies
into clear rules. These rules articulate how to work as they comprise all mandatory standards and procedures. Compliance with the rules
is tested every year through self-assessment of key processes and controls by management. Appropriate action plans for deficiencies are
established by local management. Progress on these remediation steps is monitored and reported on at least a guarterly basis.
Underpinning the Rulebook and supporting El EINEKEN's ethical culture, the first rule pertains to the Code of Business Conduct. The Code
of Business Conduct and its underlying policies set out the expected standard of behaviour of all HEINEKEN employees and third parties
working with HEINEKEN. Adherence to these policies is a.o. supported by adeguate trainings and a reporting platform available 24/7 where
employees can speak up confidentially and securely if they observe or suspect ethics violations.
Assurance
Three lines of defence structure
HEINEKEN has a three lines of defence structure in place:
Operational management, as first line of defence, has the ownership, responsibility and accountability for implementing, assessing,
controlling and mitigating risks.
Continuous improvement of processes and compliance with the HEINEKEN standards and procedures lies with the internal control
function (Process Control Improvement), HEINEKEN's second line of defence, which also facilitates periodic functional risk assessments
(Financial Reporting, Tax, Supply Chain, IT) and controls self-assessments.
Acting as third line of defence, Global Audit is mandated to perform group-wide reviews of key processes based on HEINEKEN's strategic
priorities and most significant risk areas.
Audit activities
The Global Audit department provides independent and objective assurance and consultancy services. Global Audit employs a systematic
and disciplined approach to evaluate and improve the organisation's governance and risk management processes including reliability of
information, compliance with laws, regulations and procedures, and efficient and effective use of resources. The methodology followed by
HEINEKEN internal audit team complies with the standards of the Institute of Internal Auditors and other relevant governing bodies.
23
Eleineken N.V. Annual Report 2014