A disciplined approach
to managing our risks
19
Risk Management
To deliver its strategy, HEINEKEN systematically manages the risks
linked to its daily operations as well as the main risks and opportunities
arising from its business environment.
Business Framework
Organisation and Accountability
HEINEKEN
Business
Framework
Strategy
Report of the
Report of the
Financial
Sustainability
Other
Introduction
Executive Board
Supervisory Board
Statements
Review
Information
Heineken N.V. Annual Report 2017
HEINEKEN's Risk Management and Internal
Control systems are based on the COSO
reference models and form an integral part
of the HEINEKEN Business Framework.
This framework provides an overview of how
HEINEKEN's vision, purpose and values 'We are
HEINEKEN' underpin the Company's strategic
objectives and ambition to deliver long-term value
creation, enabled by HEINEKEN's Governance
Cycle (planning and performance cycle), its
organisational structure 'We are HEINEKEN',
the HEINEKEN Code of Business Conduct and
the HEINEKEN Rules.
The HEINEKEN Code of Business Conduct
and its underlying policies promote doing
business with fairness and integrity and explain
to all HEINEKEN employees what is expected
from them in this regard. Adherence to the
Code and its policies is supported by regular
communication and training as well as
HEINEKEN's Speak Up framework. Speak Up
allows and encourages employees and third
partiesto report (suspected) misconduct
confidentially and without fear of retaliation.
The risk management cycle, the HEINEKEN
Rules, and the process and control standards
enable achievement of HEINEKEN's business
objectives while protecting the Company's
employees, assets and reputation.
Included in the performance reviews, our
Leadership Expectations foster a culture of
achievement, collaboration and growth,
underpinned by integrity and accountability in
everything we do. Together with the HEINEKEN
Behaviours framework, they reflect the
expected attitude in decision-making, including
risktaking.
HEINEKEN's risk management and internal
control activities are organised along three
'lines of defence':
- Operational management (first line of
defence), hasthe ownership, responsibility
and accountability for assessing, controlling
and mitigating risks.
- Management is supported by second line
of defence functions (e.g. internal control,
business conduct and other functional risk
management teams). These functions
oversee compliance with HEINEKEN's
policies, process and controls, facilitate
the implementation of effective risk
management practices and drive continuous
improvements of internal controls.
- As third line of defence, HEINEKEN's internal
audit function ('Global Audit') is mandated to
perform Group-wide reviews of key processes,
projects and systems, based on HEINEKEN's
strategic priorities and most significant
risk areas.
- Global Audit provides independent and
objective assurance and consultancy
services. It employs a systematic and
disciplined approach to evaluate and improve
the organisation's governance and risk
management processes including reliability
of information, compliance with laws,
regulations and procedures, and efficient and
effective use of resources. The methodology
followed by Global Audit is in accordance
with the standards of the Institute of Internal
Auditors and other relevant governing bodies.
The Executive Board bears the ultimate
responsibility for managing risks faced by
the Company, in line with the risk appetite it
has set, and for reviewing the adequacy of
HEINEKEN's risk management and internal
control activities.
We are
HEINEKEN
Governance
How we
govern internally
Behaviours
How we act
Ourglobal priorities
Code of
Business
Conduct
How we behave
HEINEKEN
Rules
How we work
Laws and Regulations
indardsa
'rocedure
Risk
iagen
How we
manage risks
Processe^ |systems|
Execution and change management