199
Independent Auditor’s Report
Profit before income tax
Revenues
Introduction
25%
75%
Full scope audit coverage
Full scope audit coverage
Other coverage
Other coverage
Assets
21%
79%
Full scope audit coverage
Other coverage
Sustainability
Review
Other
Information
Financial
Statements
Report
of the
Supervisory
Board
Report
of the
Executive
Board
Our oversight procedures included (virtual) meetings with the component auditor and component management
and physical or remote working paper reviews for The Netherlands, United Kingdom, France, Spain, Italy, Austria,
Poland, Brazil, Mexico, USA, Nigeria, Vietnam, South Africa (Heineken Beverages), India, Greece, Ethiopia, Burundi,
DRC, Cambodia, Indonesia, UBL and Malaysia. We also reviewed component audit team deliverables for the
countries listed above and the additional countries in scope to gain a sufficient understanding of the work
performed based on our instructions. The nature, timing and extent of our oversight procedures varied based on
both quantitative and qualitative considerations. For smaller components, we have performed review procedures
or specific audit procedures.
By performing the procedures mentioned above at group entities, together with additional procedures at group
level, we have been able to obtain sufficient and appropriate audit evidence about the group's financial
information to provide an opinion on the consolidated financial statements.
Audit approach fraud risks
In accordance with Dutch Standards on Auditing, we are responsible for obtaining reasonable assurance that the
financial statements taken as a whole are free from material misstatements, whether due to fraud or error.
Inherent to our responsibilities for the audit of the financial statements, there is an unavoidable risk that material
misstatements go undetected, even though the audit is planned and performed in accordance with Dutch law.
The risk of undetected material misstatements due to fraud is even higher, as fraud may involve collusion, forgery,
intentional omissions, misrepresentations, or the override of internal control. Also, we are not responsible for the
prevention and detection of fraud and non-compliance with all laws and regulations. Our audit procedures differ
from a forensic or legal investigation, which often has a more in-depth character.
We identified and assessed the risks of material misstatements of the financial statements due to fraud. During
our audit we obtained an understanding of the entity and its environment and the components of the system of
internal control, including the risk assessment process and management's process for responding to the risks of
fraud and monitoring the system of internal control and how the Supervisory Board exercises oversight, as well as
the outcomes. We refer to section Risk management of the Executive Board report for the Executive Board’s
(fraud) risk assessment and section To the Shareholders (paragraph Audit Committee) of the Supervisory Board
report in which the Supervisory Board reflects on this fraud risk assessment. We note that management regularly
updates its risk assessment including fraud and updates its risk and control framework.
We evaluated the design and relevant aspects of the system of internal control and in particular the fraud risk
assessment, as well as the Code of Business Conduct, Company Rules, Speak Up policy, third party screening and
incident registrations. We evaluated the design and the implementation and, where considered appropriate,
tested the operating effectiveness of internal controls designed to mitigate fraud risks. Further, for certain selected
speak up cases, we evaluated management’s response and remedial actions and measures.
As part of our process of identifying fraud risks, we evaluated fraud risk factors with respect to financial reporting
fraud, misappropriation of assets and bribery and corruption in close co-operation with our forensic specialists. We
evaluated whether these factors indicate that a risk of material misstatement due fraud is present.
Following these procedures, and the presumed risks under the prevailing audit standards, we considered fraud risks
related to management override of controls. Our audit procedures to respond to these fraud risks include,
amongst others, an evaluation of relevant internal controls and supplementary substantive audit procedures,
including detailed testing of journal entries and post-closing adjustments based on supporting documentation.
Data analytics, including selection of journal entries based on risk-based characteristics, form part of our audit
approach to address the identified fraud risks.
Heineken
N.V.
Annual
Report
2023
18%
82%