20
Risk Management (continued)
Risk management
Internal control
Risk profile
Risk appetite
Report of the
Report of the
Financial
Sustainability
Other
Introduction
Executive Board
Supervisory Board
Statements
Review
Information
Heineken N.V. Annual Report 2017
To support the Executive Board's external
representations, a formal bi-annual Letter
of Representation (LoR) process is in place.
It requires management to demonstrate
accountability and covers financial and
non-financial reporting disclosures, financial
reporting controls, compliance with the Code
of Conduct and other HEINEKEN Rules as well
as fraud and irregularities.
Effective management of risks forms an
integral part of how HEINEKEN operates as
a business and is embedded in day-to-day
operations. HEINEKEN's risk management
activities seek to identify and appropriately
address any significant threat to the
achievement of the Company's strategic
objectives, its reputation, the continuity of its
operations and the safety of its employees.
HEINEKEN's risk management system enables
management to identify, assess, prioritise and
manage risks on a continuous and systematic
basis, and covers all subsidiaries across regions,
countries, markets and corporate functions.
Ongoing identification and assessment of risks,
including new risks arising from changes in the
global or local business environment, are an
integral part of HEINEKEN's governance and
performance management. Risk assessments
are performed annually by every operating
company and global function, and the
implementation of adequate responses
and progress of risk mitigating measures is
monitored on a quarterly basis. In parallel, the
outcome of these risk analyses is aggregated
on a global level and serves as a basis to
determine HEINEKEN's risk exposure and risk
management priorities. Accountability for
mitigating, monitoring and reporting on the
most significant risks is assigned to functional
directors, who report on progress and residual
risk levels biannuallytothe risk committee.
HEINEKEN's internal control activities aim
to provide reasonable assurance as to
the accuracy of financial information, the
Company's compliance with applicable laws
and internal policies, and the effectiveness of
internal processes.
Internal controls have been defined at
entity-level (HEINEKEN Rules, comprising all
mandatory standards and procedures) and at
process level (Process and Control Standards)
for key processes, including financial reporting,
IT and Tax. Compliance with company policies
is periodically assessed both in OpCos and
in Global Functions. Deviations from the
defined standards are included in a global
monitoring and follow-up tool, which supports
management in addressing these deviations.
Management is responsible for defining
and timely implementation of action plans
to remediate any deficiency identified as
part of these assessments. The results are
reported to the EB in the bi-annual Letter of
Representations. The Company Rules, policies
and controls are periodically updated to reflect
both the Company key risks and the extent
to which the Company is willing and able to
mitigate them.
HEINEKEN is predominantly a single-product
business, operating throughout the world in the
alcohol industry. HEINEKEN is present in more
than 70 countries, with a growing share of its
revenues originated from emerging markets.
An increasingly negative perception in society
towards alcohol could prompt legislators to
implement further restrictive measures such
as limitations on availability, advertising,
sponsorships, distribution and points of sale
and increased tax. This may cause changes
in consumption trends, which could lead to
a decrease in the brand equity and sales of
HEINEKEN's products.
HEINEKEN has undertaken business activities
with other market parties in the form of
joint ventures and strategic partnerships.
Where HEINEKEN does not have effective
control, decisions taken by these entities may
not be fully harmonised with HEINEKEN's
strategic objectives. Moreover, HEINEKEN may
not be able to identify and manage risks to the
same extent as in the rest of the Group.
The international spread of its business, a
robust balance sheet and strong cash flow,
as well as a commitment to prudent financial
management, form the context based on
which HEINEKEN determines its appetite to
risk. A structured risk management process
allows HEINEKEN to take risks in a managed
and controlled manner. Key to determining the
risk appetite is the nature of the risks:
Strategic:
Taking strategic risks is an inherent part of
HEINEKEN's entrepreneurial heritage. In its
pursuit of balanced growth, HEINEKEN is open
to certain risks linked to its presence in a wide
array of developing countries.
Operational:
Depending on the type of the operational risk,
HEINEKEN's risk appetite can be described as
cautious to averse. In particular, ensuring its
employees' and contractors' safety, delivering
the highest level of product quality and
protecting its reputation have priority over
any other business objective.
Reporting:
HEINEKEN is averse to any risks that could
jeopardise the integrity of its reporting.
Compliance:
HEINEKEN isaversetothe risk of non-compliance
with applicable laws or regulations, as well as
with its own Code of Business Conduct.
