2013 Registration document and annual financial report - page 131

Registration Document 2013
129
Corporate Governance
3
Report of the Chairman of the Board of Directors
As the final stage of the process, the consolidated financial
statements are examined by the Chief Financial Officer prior to their
review by the Audit and Risks Committee. The Board of Directors
then approves the consolidated financial statements based on the
recommendations of the Audit and Risks Committee.
Corporate Internal Audit assignments
Corporate Internal Audit carries out its audit assignments based
on an audit program validated by the Internal Control and Audit and
Risks Committees. The main types of assignments, as described
in the Internal Audit Charter, are as follows:
ƒƒ
operational audits,
which are aimed at evaluating the reliability
and effectiveness of the operating units’ internal control systems
as well as ensuring that they comply with Group standards.
These audits mainly include checking on a regular basis that the
internal control self-assessments have been properly performed
by the operating units;
ƒƒ
Head office audits (corporate functions),
which are designed
to optimize internal control procedures applied at the head
office and ensure that the head office is able to fulfill its role
of overseeing and supporting operating units as effectively as
possible. When carrying out their assignments within the Group’s
units, Corporate Internal Audit teams also verify that the main
risks identified in the risk map are being monitored appropriately;
ƒƒ
organizational and procedural audits,
which are aimed at
helping the Divisions to optimize and adapt their procedures
and operating process, notably when rolling out cross-functional
projects that lead to a change in organization structures;
ƒƒ
specific audits.
Review assignments are referred to as specific
audits when they comply with the professional standards
applicable to internal auditors and fall within their remit.
They can concern issues applicable to one or more operating
units or to a particular country, function or process.
As part of their assignments, Internal Audit teams perform due
diligence reviews to verify compliance with the anti-corruption
principles and procedures specified in the Accor Management
Ethics Guide.
Assignments performed by the local Internal
Audit Departments
These departments perform internal audits, either on a stand-alone
basis or jointly with Corporate Internal Audit, in line with the
program approved by their Division’s Internal Control Committee.
They also provide ongoing assistance to finance and operating
departments in managing and monitoring internal control issues
within their Division’s operating units.
They use methods, tools (including internal control assessment
processes) andwork programs that have been approved by Corporate
Internal Audit due to their direct ties with this department.
In accordance with ethical principles, the local internal auditors
do not audit head office or cross-functional departments, due to
possible conflicts of interest arising from the fact that the auditors
work in the Divisions.
Assignments performed by Group Information
Systems Internal Audit
Reporting to Corporate Internal Audit, the Information Systems
Internal Audit Department carries out assignments throughout
the Group. The main types of audit are as follows:
ƒƒ
information systems audits,
which are performed to ensure
that best practices are applied in relation to the organization and
monitoring of the audited units’ information systems;
ƒƒ
audits of applications and processes,
which are aimed at
ensuring that manual or automated checks in place provide an
appropriate level of internal control in view of the operations
covered by the applications concerned;
ƒƒ
project management audits,
which are designed to validate
the implementation of best project management practices;
ƒƒ
IT security audits,
which help to ensure the security of the
Group’s technological platforms. They are primarily performed by
the Information Systems Security Department, which reports to
Group Information Systems and Telecoms, and in some cases in
response to queries raised by Information Systems Internal Audit.
Control assignments performed by the Group
Safety and Security Department and the Group
Insurance and Hotel Risk Prevention Department
The Group Safety and Security Department and the Group
Insurance and Hotel Risk Prevention Department also carry out
control assignments throughout the Group.
3.2.2.5. Monitoring internal control
and risk management
Internal control and risk management procedures are regularly
reviewed to ensure that they are appropriate and aligned with the
Group’s objectives, particularly in view of the risks specific to each
business and the costs of performing the controls.
1...,121,122,123,124,125,126,127,128,129,130 132,133,134,135,136,137,138,139,140,141,...344
Powered by FlippingBook