26 Risk Management (continued) Operational risks (continued) Information security Recent developments Social media Recent developments Execution and change management Recent developments Heineken NV. Report of the Report of the Financial Sustainability Other Annual Report 2016 Introduction Executive Board Supervisory Board Statements Review Information What could happen HEINEKEN's business relies heavily on its IT infrastructure. Failure of its IT system or a breach in the security infrastructure may lead to business disruption, loss of confidential information, financial and reputational damage. What are we doing to manage this risk HEINEKEN has developed a comprehensive information security policy and framework addressing IT security, continuity and confidentiality. The dedicated Risk Management team performs central testing of the IT systems and focuses on enhancing the resilience of HEINEKEN's IT infrastructure. The rise of the Internet of Things and the expansion of Cloud uptake, combined with increasing professionalism of online threat actors puts Information Security on the map as a major corporate risk, both in terms of business continuity and of data privacy. This is also recognised by global regulations, such as the General Data Protection Regulation (GDPR), where mismanagement of security and data breaches becomes financially punitive. What could happen On social media, concerns related to HEINEKEN or any of its products, even when unfounded, could impact the Company's reputation and the image of its products. HEINEKEN may not be able to control information or respond in a timely manner to reputation threats, which could affect its brand equity and income-generating capacity at scale and at pace. What are we doing to manage this risk HEINEKEN has set up continuous monitoring of the main social media platforms, in several languages, employee training in digital communication, and an incident response system that includes a dedicated digital dashboard and a dedicated crisis communication team. Learnings from media crisis are shared in the organisation to drive continuous improvement. While robust social media risk management measures are now in place, social media crisis increasingly happen via private channels (e.g. WhatsApp) and cannot therefore always be tracked. Moreover, malicious attempts to spread false material becomes ever more sophisticated with substantial spend behind it. In 2016, the most significant attack faced by HEINEKEN (a fake video of HEINEKEN products being tampered with) was successfully managed, proving the robustness and maturity of its crisis communication system. What could happen In the last years, HEINEKEN has engaged in several significant business improvement projects. The large number of operating companies and their varying level of integration represent a specific challenge to these projects. These strategic transformation programmes may not deliver the expected benefits or may incur significant cost or time overruns. What are we doing to manage this risk By taking a portfolio approach, applying consistent project methodology and governance, and placing ownership of each of them at top management level, HEINEKEN is able to prioritise and optimise resource allocation across its major projects to ensure they deliver on their objectives. The Group portfolio of global projects now contains more than 40 programmes and has supported the implementation of new capabilities in the area of finance, supply chain, procurement and human resources, thereby serving HEINEKEN's efficiency targets and key risk mitigation.

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2016 | | pagina 27