24
Risk Management (continued)
Supply chain continuity
Information security
Digital media
Report of the
Report of the
Financial
Sustainability
Other
Introduction
Executive Board
Supervisory Board
Statements
Review
Information
Heineken N.V. Annual Report 2017
Operational risks
What could happen
Disruptions in the supply chain could
lead to HEINEKEN's inability to deliver
products to key customers, revenue loss
and brand damage. Significant changes
in the availability or price of raw materials,
commodities, energy and water may
result in a shortage of those resources or
increased costs.
Recent developments
Political instability, terrorism, climate change
and in particular growing water scarcity and its
effects on crop yield and grain prices, require
both the market and governments to take
measures, which will in the short term result in
additional coststothe business.
What are we doing to manage this risk
Business continuity plans have been developed
for HEINEKEN's key brands in all key markets,
and back-up plans are in place in all operating
companies. Business resilience is further
strengthened through ownership of several
strategic malteries, long-term procurement
contracts, water management plans and
central management of global insurance
policies. Taking a longer-term approach to
business continuity, HEINEKEN has included
water resources protection and sustainable
sourcing in the priorities of its Brewing a Better
World sustainability programme.
Operational risks
What could happen
HEINEKEN's business relies heavily on its
IT infrastructure. Failure of its IT system
or a breach in the security infrastructure
may lead to business disruption, loss of
confidential information, breach of data
privacy, financial and reputational damage.
Recent developments
The rise of the Internet of Things and the
expansion of Cloud uptake, combined with
increasing professionalism of online threat
actors puts Information Security on the map
as a corporate risk, both in terms of business
continuity and of data privacy. This is also
recognised by global regulations, such asthe
General Data Protection Regulation (GDPR),
where mismanagement of security and data
breaches becomes financially punitive.
What are we doing to manage this risk
HEINEKEN has developed a comprehensive
information security policy and framework
addressing IT security, continuity and
confidentiality. The dedicated Risk
Managementteam performs central
monitoring of IT controls and focuses on
enhancing the resilience of HEINEKEN's
IT infrastructure.
Operational risks
What could happen
On social media, concerns related to
HEINEKEN or any of its products, even when
unfounded, could impact the Company's
reputation and the image of its products.
HEINEKEN may not be able to control
information or respond in atimely manner
to reputation threats, which could affect
its brand equity and income-generating
capacity at scale and at pace.
Recent developments
While robust social media risk management
measures are now in place, social media crises
increasingly happen via private channels (e.g.
WhatsApp) and cannot therefore always
betracked. Moreover, malicious attempts
to spread false material becomes ever more
sophisticated with substantial spend behind it.
What are we doing to manage this risk
HEINEKEN has set up continuous monitoring
of the main social media platforms, in
several languages, employee training in
digital communication, and an incident
response system that includes a dedicated
digital dashboard and a dedicated crisis
communication team. Learnings from media
crisis are shared in the organisation to drive
continuous improvement.
Explore Further:
- Protecting water resources, pages 134,136-137
- Reducing CO2 emissions, pages 134,138-140
- Sourcing sustainably, pages 134,140-141