BIC_REGISTRATION_DOCUMENT_2017

GROUP PRESENTATION Risk management and internal control procedures implemented by the Company

a) IC&A Department’s activities in 2017 A multi-year audit rotation schedule is in place to ensure that all sites and key processes are reviewed on average every three years. The 2017 schedule led the IC&A Department to perform 22 audits, in manufacturing and distribution entities, combining initial and follow-up visits. These audits were carried out in accordance with the methodology and procedures set by the IC&A Department, including in particular: performance of tests (walkthroughs and detailed testing) and ● interviews with the contributors of the cycles reviewed on a risk based approach; the issuance of a report after the audit, which lists ● recommendations for improvements to be considered by the site/department, in accordance with a precise action plan and deadlines. The IC&A report is an excellent communication tool and plays an important role in the continuous improvement of controls within the Group. No significant issue was identified further to these reviews. The recommendations issued in the audit reports highlighted improvements required to certain controls to improve their effectiveness. Local Management has shared its response to these recommendations and proposed action plans, together with the related implementation dates and the responsibility for their execution. These implementations have been checked during follow-up visits performed by the IC&A Department. Furthermore, quarterly follow-up of action plans progress contributes to an efficient monitoring of the recommendations implementation related to significant audit issues. Dashboards are communicated quarterly to the representatives of the continents and categories. Finally, best practices in terms of internal control noted while performing these reviews are communicated and shared within the Group. In addition, all General Managers and Finance Directors of subsidiaries signed a document confirming that the internal controls in place are comprehensive and operate adequately to manage the operations. In this document, they also attest to the reliability of the financial information reported and compliance with relevant laws and regulations in force. If necessary, the General Manager of the subsidiary provides details of non-significant weaknesses for which corrective actions will be implemented the following year. These actions should ensure that reasonable confidence can be placed on the achievement of operational goals, the reliability of financial information reported and compliance with relevant laws and regulations in force. This

information has all been consolidated for 2017 and no new major risk has been identified to date. In 2017, the IC&A Department enhanced the self-assessment process by adding a more detailed questionnaire to ensure that the main controls are in place in each subsidiary. The IC&A Department collects the data provided by the subsidiaries and performs analyses to enhance the risk-based approach in the determination of the annual audit plan and the performance of audit work. The results will be shared with Group Statutory Auditors and the Audit Committee. A summary of the work performed by the IC&A Department during the year is presented to the Leadership Team, Audit Committee and Board of Directors. The analysis includes a summary of the main audit findings and recommendations as well as a summary of the risk analysis and action plans implementation progress. b) Perspectives and Action Plan for 2018 The IC&A Department will continue to focus on processes and efficiency improvements, testing of operational effectiveness of key controls and enhancing the overall review process. The 2018 audit schedule, prepared by the IC&A Department and validated by the Audit Committee and the Leadership Team, meets the multi-year rotation principle for site and processes reviews. It maintains the same level of intervention as in 2017, in terms of number of audits and type of sites and processes audited. Finally, the IC&A Department will maintain its coordination role for the continuous improvement of Group procedures, and will continue to be involved in the risk management approach. The Risk Management Department collects, analyzes and ranks the external and internal arising risks that could have an impact on the Group. It coordinates the risk monitoring in agreement with the Leadership Team. Employees 1.7.3.6. Each employee is involved in the internal control in accordance with his/her respective knowledge, and has access to the information used to design, operate and monitor the internal control system. For employees with access to the Group Intranet, Group Internal Control Policies including the Group Controllers’ Manual are available online. The Risk Management 1.7.3.5. Department

36

BIC GROUP - 2017 REGISTRATION DOCUMENT

Made with FlippingBook - professional solution for displaying marketing and sales documents online