Risk Management (continued) Internal control Organisation Processes O Q, Introductio^^^^^^^^^^H Report of the Executive Board^^^^^l Report of the Supervisory Board HEINEKEN's internal control activities aim to provide reasonable assurance as to the accuracy of financial information, non-financial disclosures, the Company's compliance with applicable laws and internal policies, and the effectiveness of internal processes. Internal controls have been defined at entity- level (HEINEKEN Rules, comprising all mandatory standards and procedures) and at process level (Process and Control Standards) for key processes, including financial reporting, IT and Tax. Compliance with company policies is periodically assessed. Deviations from the defined standards are included in the global monitoring and follow-up processes, supporting management in addressing these deviations. Management is responsible for definition and timely implementation of action plans to remediate any deficiency identified as part of these assessments. The results are reported to the Executive Board. The Company Rules, policies and controls are periodically updated to reflect both the Company key risks and the extent to which the Company is willing and able to mitigate them. Risk committee The Executive Board of HEINEKEN is accountable for risk management, risk oversight and the protection of HEINEKENs reputation, value of assets and brands. The Board is assisted by the Risk Committee, chaired by the CFO, in regular reviews of the Group risk assessment cycle that summarises the Company's key risks, associated mitigating actions and monitoring activities. These reviews consider the level of risk that Heineken is willing to take and the type of HEINEKEN's objectives it impacts. The Risk Committee identifies changes to the Company's risk exposure and proposes interventions if required. For the organisation of risk management activities, HEINEKEN applies a 'three lines of defence' model. First and most important is the quality and behaviour of operational management, the first line of defence. They have the ownership, responsibility and accountability for assessing and mitigating risks. Operational management is supported by the second line of defence functions that oversee compliance with HEINEKEN's policies, processes and controls, facilitate the implementation of risk management practices and drive continuous improvements of internal controls. As third line of defence, the internal audit function ('Global Audit') is mandated to perform Group-wide reviews of key processes, projects and systems, based on HEINEKEN's strategic priorities and most significant risk areas. Global Audit provides independent and objective assurance and consultancy services. Financial Statements Sustainability Review Heineken N.V. Annual Report 2018 Other Information It employs a systematic and disciplined approach to evaluate and improve the organisation's governance and risk management process including reliability of information, compliance with laws, regulations and procedures, and efficient and effective use of resources. The methodology followed by Global Audit is in accordance with the standards of the Institute of Internal Auditors and other relevant governing bodies. To support the Executive Board's external representations, a formal bi-annual Letter of Representation (LoR) process is in place. It requires management to demonstrate accountability and covers financial and non-financial reporting disclosures, financial reporting controls, compliance with the Code of Conduct and other HEINEKEN Rules as well as fraud and irregularities. Risk assessment outcomes are aggregated at a global level and serve as basis for determining HEINEKEN's risk exposure and risk management priorities by the Risk Committee. Accountability for mitigating, monitoring and reporting on the most significant risks is assigned to functional directors who report on progress and residual risk levels three times per year to the Risk Committee. HEINEKEN continues to invest in the further improvement of risk management in the Company. Built on the basis of the existing risk and controls mechanisms, we have implemented several improvements. These are aimed at driving business ownership of risks, further increasing business involvement in risk management and expanding the integrated view of risks and controls. HEINEKEN's risk management activities seek to identify and appropriately address any significant threat to the achievement of the Company's strategy and business objectives, its reputation and the continuity of its operations. HEINEKEN's risk management system enables management to identify, assess, prioritise and manage risks on a continuous and systematic basis, and covers all subsidiaries across regions, countries, markets and corporate functions. Ongoing identification and assessment of risks, including new risks arising from changes in the global or local business environment, are part of HEINEKEN's planning, performance and risk management cycles. Risk assessments are performed by every subsidiary and global function. The implementation of responses and progress of risk mitigating measures is monitored on a quarterly basis.

Jaarverslagen en Personeelsbladen Heineken

Jaarverslagen | 2018 | | pagina 28