22 Risk Management (continued) Risk management and internal control Risk identification and assessment Internal control activities Assurance Heineken NV. Report of the Report of the Financial Sustainability Other Annual Report 2016 Introduction Executive Board Supervisory Board Statements Review Information The HEINEKEN Governance, Risk and Compliance activities are an integral part of the HEINEKEN Business Framework. Based on the COSO reference model, this framework provides an overview of how HEINEKEN's vision, purpose and values lie at the core of the Company's strategic priorities, organisation structure and behaviours. Translating this into policies and processes, the Code of Business Conduct, Company Rules and Risk Management process enable the achievement of HEINEKEN's strategic priorities while protecting the Company's employees, assets and reputation. HEINEKEN's risk management activities seek to ensure identification and appropriate response to any significant threat to the safety of its employees, the Company's reputation, its assets and the achievement of its strategic objectives. To this end, HEINEKEN has put in place a comprehensive risk management system which identifies, assesses, prioritises and manages risks on a continuous and systematic basis, and covers all subsidiaries across regions, countries, markets and corporate functions. Ongoing identification and assessment of risks is an integral part of HEINEKEN's governance and business review. Implementation of adequate responses and progress of risk mitigating measures is monitored on a quarterly basis. In parallel, the risks reported by the operating companies are aggregated on a global level and serve as a basis to determine HEINEKEN's risk management priorities and coordinated risk response across geographies. Accountability for mitigating, monitoring and reporting on each of the most significant risks is assigned to functional directors. Internal policies and operational controls are periodically updated to reflect both these key risks and the extent to which the Company is willing and able to mitigate them. HEINEKEN's internal control activities aim to provide reasonable assurance as to the accuracy of financial information, the Company's compliance with applicable laws and internal policies and the effectiveness of internal processes. The foundation for managing the Company's operations are the Company Rules which translate HEINEKEN's objectives and strategies into clear rules. They articulate how to work as they comprise all mandatory standards and procedures. Compliance with the rules is tested every year through self-assessment of key processes and controls by management. Appropriate action plans for deficiencies are established by local management. Progress on these remediation steps is monitored and reported on at least a quarterly basis. Underpinning the Company Rules and supporting HEINEKEN's ethical culture, the first rule pertains to the Code of Business Conduct. The Code of Business Conduct and its underlying policies set out the expected standard of behaviour of all HEINEKEN employees and third parties working with HEINEKEN. Adherence to these policies is supported by regular training and a reporting platform available 24/7 where employees and third parties can speak up confidentially and securely if they observe or suspect ethics violations. HEINEKEN has a 'three lines of defence' structure in place: - Operational management, as first line of defence, has the ownership, responsibility and accountability for assessing, controlling and mitigating risks - HEINEKEN's internal control function ('Process Control Improvement'), as second line of defence, oversees compliance with HEINEKEN's policies, process and controls, drives continuous process improvement, facilitates risk assessments and ensures follow-up of identified risks or deficiencies. Additional control activities related to financial reporting are performed by the Accounting Reporting and Business Control functions - Acting as third line of defence, HEINEKEN's internal audit function ('Global Audit') is mandated to perform Group-wide reviews of key processes, projects and systems, based on HEINEKEN's strategic priorities and most significant risk areas. Global Audit provides independent and objective assurance and consultancy services. Global Audit employs a systematic and disciplined approach to evaluate and improve the organisation's governance and risk management processes including reliability of information, compliance with laws, regulations and procedures, and efficient and effective use of resources. The methodology followed by Global Audit is in accordance with the standards of the Institute of Internal Auditors and other relevant governing bodies.

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2016 | | pagina 23