BPCE_REGISTRATION_DOCUMENT_2017

3 RISK REPORT

General structure of Groupe BPCE’S internal control system

This strong functional link is established throughthe followingrules: the appointment or dismissal of Internal Audit directors of the ● affiliatesor direct subsidiariesis subjectto the prior approvalof the Group Head of Internal Audit; the existenceof a single Group Audit Chartercoveringall of Groupe ● BPCE. It sets out the purpose, powers, responsibilitiesand general organization of the Internal Audit process in the overall internal control system and is applied to all Group companiesmonitoredon a consolidated basis. The charter is broken down into thematic standards (audit resources, audit of the sales network, audits, follow-up of recommendations, etc.); the Group’s InspectionGénérale division ensures that the Internal ● Audit divisions of Group entities have the necessary resources to perform their duties; the budget and staff levels of these divisions are set by the executive body of the affiliates and subsidiaries, in conjunction with the Group’s InspectionGénérale division; the Internal Audit divisions use audit methods defined by the ● Group’s Inspection Générale division that are drawn up in consultation with them; the multi-year and annual audit programs of the Internal Audit ● divisions are established with the approval of the Group’s InspectionGénérale division,which then consolidatesthe programs. The Group’s InspectionGénérale division is kept regularly informed of their implementationand of anychanges inscope; the entities trans, it their Internal Audit reports to the Group’s ● InspectionGénérale divisionas and when they are issued; audit reports from regulatoryauthoritiesrelatingto entities,related ● follow-up letters and answers to those letters, and sanction procedures are transmitted to the Group’s Inspection Générale division when they are received or issued, if sent directly to the institution; the Group’s Inspection Générale division is notified as soon as ● possible of the start of audits performed by regulators on entities and subsidiaries,as well as anyproceedings againstthem; the annual reports of the entities preparedpursuantto Articles ● to 264 of Ministerial Order A-2014-11-03on internal control are sent to the Group’s Inspection Générale division, which forwards them to the supervisory authorities. This type of structure is duplicated at parent company subsidiaries and affiliates.

The rules governing how the internal inspection business line is managed between Natixis and the central institution are part of Groupe BPCE’saudit process. Given the scope and nature of the audit function’s activities, the Group’s InspectionGénérale division and Natixis’ InspectionGénérale share coverage of the audit scope. They each conduct audits. A CoordinationCommitteemeets regularlyand involvesboth Inspection Générale divisions. It is responsible for all issues related to the operation of Internal Audit between the central institution and Natixis group. Activities in 2017 BPCE’s Inspection Générale division keeps audit standards and methodology regularlyupdated basedon best practices. The preparation and updating of audit guides were continued to maintain a current body of uniform guidelines covering the most commonly audited areas. In 2017, the division focused on methodologyin updating guides on financial security and KYC, ALM and accounting.A workinggroup was also formed to update the sales network audit guide. Another audit guide was drawn up for the Procurement function. Supplemented by appendices and supporting documentation, these audit guides are primarily accessible via the Group’s audit function’s intranet and/or the Group Inspection Générale ’s shared server. Priority audit items were also defined in terms of credit risk, compliance risk (AML-TF, Fraud, controls of investment services), financial risk (ALM, Cash management,Trading floor), accounting, finance control, the cooperative shareholder base and risk-takers. The Group’s Inspection Générale division and Natixis’ Inspection Générale maintained their close coordination, in terms of harmonizing ratings, assessing recommendation follow-up, and synchronizing respective annual macro-timetables for a common scope of auditableunits. They use a shared risk assessment approach, prepareaudit plans togetherand take a commonapproachto fields of investigation/auditstandards.In 2017, joint methodologyprojects led to the preparationof shared audit guides on market risks, insurance, structured financingand asset management. Finally,the featuresof the recommendationfollow-uptool, which has been shared by all Group entities since the end of 2014, are continuouslybeing expanded for the benefit of auditors and audited alike.

258

116

Registration document 2017

Made with FlippingBook - professional solution for displaying marketing and sales documents online