Risk Management and Internal Control procedures implemented by the Company and insurance
Dissemination of relevant and reliable
risk identification through a questionnaire completed by each ● member of the Executive Committee and an individual interview led by the project team; synthesis of main risk areas; ● ranking of risks according to criteria in terms of potential ● impact and management effectiveness. The year following the Risk Mapping, an update reviews the status of prior risks identified. Every other year, the Risk Mapping is reviewed and reassessed with any potential new risk. In 2017, the Top-down approach also included questionnaires sent to contributors outside of the Executive Committee. Risks listed by this approach have been considered for the internal audit schedule. The Risk Management function as the process coordinator challenges when required the answers received and the action plans mentioned in response to the identified risks. It also consolidates the documents and weighs the impacts to deliver a Group Risk Matrix. This matrix provides for all risk categories the impact for the BIC Group and a summary is shared with the Audit Committee and the Statutory Auditors. It is also shared with the Chairman of the Board. The analysis and measurement of the identified risks are conducted for internal use. A similar methodology has been applied to the process of preparing financial statements and consolidation. Risk Management and Mitigation b) The Executive Committee manages the major risks identified in the BIC Group risk mapping. These risks were followed and monitored during the year. Progress and status of action plans related to certain key risks have also been reviewed and discussed at Board Meetings. The other risks continue to be monitored closely. In addition, different procedures exist (see § 184.108.40.206 Internal Control procedures). The Executive Committee, Continents, and centralized Departments such as Legal, Sustainable Development or Treasury, monitor risks on an ongoing basis. They are involved in the management of risks: the Group Treasury manages and monitors interest rate ● exposure and foreign exchange exposure daily as well aw the liquidity risk; the Legal Department regularly monitors changes in ● laws/regulations and litigation in progress; the main industrial and environmental risks are considered by ● the Management and the Sustainable Development Department; the Executive Committee manages the significant strategic ● and operational risks. A yearly review of the Insurance coverage process is also performed: see Group Presentation – § 2.4.4 Insurance – Coverage of Risk. Risk monitoring c) The Executive Committee performs regular reviews of risk exposure. Each site/department creates its own scorecards and key indicators to detect, follow and measure the effectiveness of risk mitigation.
information The Company has implemented efficient information dissemination processes and systems that allow accurate communication to the appropriate level of responsibility and authority. The formats of these tools are diverse. They range from IT (Information Technology) solutions (including the Group intranet, the financial consolidation software, the integrated system implemented per continent, etc.) to existing procedures that include information management. These information tools aim to support the whole internal control system of the Company and to help the decision processes and follow-up for the achievement of Management’s objectives. 220.127.116.11 Risk management, among its objectives, aims to address the existing, evolving, and emerging risks that could potentially significantly impact the Company. All risks cannot be addressed. However, when addressed, the means used include a variety of internal and external mitigation processes and/or external insurance protection. This specific process incorporates a three-step approach based on the following activities: Risk management process Risk identification and analysis a) The Risk Management Department performs risk identification and analysis. The identification process highlights the main risks arising from both external and internal sources. The key driver for identification is the potentially significant impact on the Company’s strategy, objectives, personnel, assets, environment or reputation. To allow for a fluid approach, the risk identification and analysis process consist of two complementary components: a bottom-up free approach and a top-down structured approach. This two-fold approach allows to identify overlaps and gaps. Bottom-up approach Since 2015, within a framework defined by Group Risk Management function, a self-assessment of significant risks is conducted at the subsidiary level on a voluntary reporting basis. Questionnaires are addressed to the representatives of the targeted level (local General Manager/local Chief Financial Officer). They are requested to complete and return the questionnaire to Risk Management function whenever a risk must be notified. Top-down approach Following a recommendation of the Audit Committee and a request of the Executive Committee, in 2010, the Company initiated a project to improve the formalization of risk management. This project enables us to obtain a synthetic overview of major risks that the BIC Group is or could be exposed to. The approach that consisted of a risk mapping of the BIC Group can be summarized as follows: risk identification and analysis; ● risk management and mitigation; ● risk monitoring. ●
• BIC GROUP - 2020 UNIVERSAL REGISTRATION DOCUMENT •