Risk Management continued Reportofthe Reportofthe Financial Other Contents Overview Executive Board Supervisory Board Statements Information Risk Management and Internal Control The HEIN EKEN Governance, Risk and Compliance activities are an integral part of the HEIN EKEN Business Framework. Based on the COSO reference model, this framework provides an overview of how HEINEKEN's vision, purpose and values lie at the core of the Company's strategic priorities, organisation structure and behaviours. Translating this into policies and processes, the Code of Business Conduct, Company Rules and Risk Management process enable the achievement of HEINEKEN's strategic priorities while protecting the Company's employees, assets and reputation. Risk identification and assessment HEINEKEN's risk management activities seek to ensure identification and appropriate response to any significant threat to the safety of its employees, the Company's reputation, its assets and the achievement of its strategic objectives. To this end, HEINEKEN has put in place a comprehensive risk management system which identifies, assesses, prioritises and manages risks on a continuous and systematic basis, and covers all subsidiaries across regions, countries, markets and corporate functions. Ongoing identification and assessment of risks is an integral part of HEINEKEN's governance and business review. Implementation of adeguate responses and progress of risk mitigating measures is monitored on a guarterly basis. In parallel, the risks reported by the operating companies are aggregated on a global level and serve as a basis to determine HEINEKEN's risk management priorities and coordinated risk response across geographies. Accountability for mitigating, monitoring and reporting on each of the most significant risks is assigned to functional directors. Internal policies and operational controls are periodically updated to reflect both these key risks and the extent to which the Company is willing and able to mitigate them. Internal control activities HEINEKEN's internal control activities aim to provide reasonable assurance as to the accuracy of financial information, the Company's compliance with applicable laws and internal policies and the effectiveness of internal processes. The foundation for managing the Company's operations are the Company Rules which translate HEINEKEN's objectives and strategies into clear rules. They articulate how to work as they comprise all mandatory standards and procedures. Compliance with the rules is tested every year through self- assessment of key processes and controls by management. Appropriate action plans for deficiencies are established by local management. Progress on these remediation steps is monitored and reported on at least a guarterly basis. Underpinning the Company Rules and supporting HEINEKEN's ethical culture, the first rule pertains to the Code of Business Conduct. The Code of Business Conduct and its underlying policies set out the expected standard of behaviour of all H EIN EKEN employees and third parties working with HEINEKEN. Adherence to these policies is supported by regular training and a reporting platform available 24/7 where employees and third parties can speak up confidentially and securely if they observe or suspect ethics violations. Assurance HEINEKEN has a 'three lines of defence' structure in place: Operational management, as first line of defence, has the ownership, responsibility and accountability for assessing, controlling and mitigating risks. HEINEKEN's internal control function ('Process Control Improvement'), as second line of defence, oversees compliance with HEINEKEN's financial reporting policies, drives continuous process improvement, facilitates risk assessments and ensures follow-up of identified risks or deficiencies. Additional control activities are performed by the Accounting Reporting and Business Control functions. Acting as third line of defence, HEINEKEN's internal audit function ('Global Audit') is mandated to perform Group-wide reviews of key processes based on HEINEKEN's strategic priorities and most significant risk areas. Global Audit provides independent and objective assurance and consultancy services. Global Audit employs a systematic and disciplined approach to evaluate and improve the organisation's governance and risk management processes including reliability of information, compliance with laws, regulations and procedures, and efficient and effective use of resources. The methodology followed by Global Audit is in accordance with the standards of the Institute of Internal Auditors and other relevant governing bodies. 23 Helneken N.V. Annual Report 2015

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2015 | | pagina 24