26
Risk Management (continued)
Operational risks (continued)
Information security
Recent developments
Social media
Recent developments
Execution and change
management
Recent developments
Heineken NV.
Report of the
Report of the
Financial
Sustainability
Other
Annual Report 2016
Introduction
Executive Board
Supervisory Board
Statements
Review
Information
What could happen
HEINEKEN's business relies heavily on its
IT infrastructure. Failure of its IT system
or a breach in the security infrastructure
may lead to business disruption, loss of
confidential information, financial and
reputational damage.
What are we doing to manage this risk
HEINEKEN has developed a comprehensive
information security policy and framework
addressing IT security, continuity and
confidentiality. The dedicated Risk
Management team performs central testing
of the IT systems and focuses on enhancing
the resilience of HEINEKEN's IT infrastructure.
The rise of the Internet of Things and the
expansion of Cloud uptake, combined with
increasing professionalism of online threat
actors puts Information Security on the
map as a major corporate risk, both in terms
of business continuity and of data privacy.
This is also recognised by global regulations,
such as the General Data Protection
Regulation (GDPR), where mismanagement
of security and data breaches becomes
financially punitive.
What could happen
On social media, concerns related to
HEINEKEN or any of its products, even when
unfounded, could impact the Company's
reputation and the image of its products.
HEINEKEN may not be able to control
information or respond in a timely manner
to reputation threats, which could affect its
brand equity and income-generating capacity
at scale and at pace.
What are we doing to manage this risk
HEINEKEN has set up continuous monitoring
of the main social media platforms, in
several languages, employee training in
digital communication, and an incident
response system that includes a dedicated
digital dashboard and a dedicated crisis
communication team. Learnings from media
crisis are shared in the organisation to drive
continuous improvement.
While robust social media risk management
measures are now in place, social media crisis
increasingly happen via private channels
(e.g. WhatsApp) and cannot therefore
always be tracked. Moreover, malicious
attempts to spread false material becomes
ever more sophisticated with substantial
spend behind it. In 2016, the most significant
attack faced by HEINEKEN (a fake video
of HEINEKEN products being tampered
with) was successfully managed, proving
the robustness and maturity of its crisis
communication system.
What could happen
In the last years, HEINEKEN has engaged
in several significant business improvement
projects. The large number of operating
companies and their varying level of
integration represent a specific challenge to
these projects. These strategic transformation
programmes may not deliver the expected
benefits or may incur significant cost
or time overruns.
What are we doing to manage this risk
By taking a portfolio approach, applying
consistent project methodology and
governance, and placing ownership of each
of them at top management level, HEINEKEN
is able to prioritise and optimise resource
allocation across its major projects to ensure
they deliver on their objectives.
The Group portfolio of global projects now
contains more than 40 programmes and
has supported the implementation of new
capabilities in the area of finance, supply chain,
procurement and human resources, thereby
serving HEINEKEN's efficiency targets and
key risk mitigation.