2014 Registration Document and Annual Financial Report - page 122

Corporate GOVERNANCE
Report of the Chairman of the Board of Directors
3
In connectionwith their audit of the consolidated financial statements,
the Statutory Auditors audit the consolidation packages transmitted
by the subsidiaries included in the scope of their audit. Corporate
Internal Audit also reviews from time to time the proper application
of Group accounting standards and policies by the subsidiaries, and
reports to Group Finance any issues identified during the review.
As the final stage of the process, the consolidated financial
statements are examined by the Chief Financial Officer prior to their
review by the Audit and Risks Committee. The Board of Directors
then approves the consolidated financial statements based on the
recommendations of the Audit and Risks Committee.
Corporate Internal Audit assignments
Corporate Internal Audit carries out its audit assignments based on
an audit program validated by the Internal Control and Audit and
Risks Committees. The main types of assignments, as described
in the Internal Audit Charter, are as follows:
ƒƒ
operational audits,
which are aimed at evaluating the reliability
and effectiveness of the operating units’ internal control systems
as well as ensuring that they comply with Group standards.
These audits notably include checking on a regular basis that the
internal control self-assessments have been properly performed
by the operating units;
ƒƒ
head office audits (corporate functions),
which are designed to
optimize internal control procedures applied at the head office and
ensure that the head office is able to fulfill its role of overseeing
and supporting operating units as effectively as possible. When
carrying out their assignments within the Group’s units, Corporate
Internal Audit teams also verify that the main risks identified in
the risk map are being monitored appropriately;
ƒƒ
organizational and procedural audits,
which are aimed at
helping the Divisions to optimize and adapt their procedures and
operating processes, notably when rolling out cross-functional
projects that lead to a change in organizational structures;
ƒƒ
specific audits.
Review assignments are referred to as specific
audits when they comply with the professional standards applicable
to internal auditors and fall within their remit. They can concern
issues applicable to one or more operating units or to a particular
country, function or process.
As part of their assignments, Internal Audit teams perform due
diligence reviews to verify compliance with the anti-corruption
principles and procedures specified in the Group’s Ethics and
Corporate Social Responsibility Charter.
Assignments performed by the local Internal
Audit Departments
These departments perform internal audits, either on a stand-alone
basis or jointly with Corporate Internal Audit, in line with the program
approved by their Division’s Internal Control Committee. They also
provide ongoing assistance to finance and operating departments
in managing and monitoring internal control issues within their
Division’s operating units.
They use methods, tools (including internal control assessment
processes) and work programs that have been approved by Corporate
Internal Audit due to their direct ties with this department.
In accordance with ethical principles, the local internal auditors
do not audit head office or cross-functional departments, due to
possible conflicts of interest arising from the fact that the auditors
work in the Divisions.
Assignments performed by Group Information
Systems Internal Audit
Reporting to Corporate Internal Audit, the Information Systems
Internal Audit Department carries out assignments throughout the
Group. The main types of audit are as follows:
ƒƒ
information systems audits,
which are performed to ensure
that best practices are applied in relation to the organization and
monitoring of the audited units’ information systems;
ƒƒ
audits of applications and processes,
which are aimed at
ensuring that manual or automated checks in place provide an
appropriate level of internal control in view of the operations
covered by the applications concerned;
ƒƒ
project management audits,
which are designed to validate the
implementation of best project management practices;
ƒƒ
IT security audits,
which help to ensure the security of the
Group’s technological platforms.They are primarily performed by
the Information Systems Security Department, which reports to
Group Information Systems, and in some cases in response to
queries raised by Information Systems Internal Audit.
Control assignments performed by the Safety &
Security Department and the Risk Management
and Insurance Department
The Safety & Security Department and the Risk Management and
Insurance Department also carry out control assignments throughout
the Group on issues that fall within their respective remits.
Registration Document 2014
120
1...,112,113,114,115,116,117,118,119,120,121 123,124,125,126,127,128,129,130,131,132,...332
Powered by FlippingBook