18.104.22.168 Reporting procedure
The Reporting Department is responsible for overseeing the reporting procedure described in the Finance Manual. This procedure requires local teams to submit monthly reporting packages comprising an analysis of key business indicators and the main components of income, in the format prescribed by the Group. All reporting data submitted by local subsidiaries must be analyzable by nature, function and solution.
The reporting procedure is designed to provide a detailed analysis of monthly changes in consolidated financial and operating results, to support resource allocation decisions and measure the efficiency of the various organizations. Reported data are compared to the budget and to prior-year actuals to detect any emerging trends or unexplained variances.
22.214.171.124 Internal Audit reports
A draft report is prepared after each Internal Audit, setting out the auditors’ findings, identified risks and related recommendations. This report is sent to the management of the audited entity, which prepares an action plan.
The final report, which includes the action plan prepared by the audited entity, is then sent to the members of the Group Executive Committee in charge of overseeing operational and financial matters for the entity concerned, as well as the corporate support functions and Executive Management.
The Audit and Risks Committee receives a half-yearly summary from the Group Internal Audit Department of the Internal Audits carried out during the period, including a status report on the annual audit plan, an assessment of the quality of internal control in the audited entities, and the internal auditors’ main observations.
4.4.5 Identifying and analyzing risks
The Group identifies and analyzes the key risks that, if they occurred, would affect its ability to fulfill its objectives. It takes the appropriate measures to limit the probability of these risks occurring and the consequences if they do.
126.96.36.199 Identifying and assessing major risks for the Group
The Group is exposed to a number of risks in the normal course of business.
These risks, together with the related control procedures, are described in Chapter 4 “Risk factors and management”. Internal control procedures are implemented under the direct responsibility of the heads of the operating divisions and corporate functions and Group Internal Audit, and form part of an on-going process of identifying, assessing and managing risks.
The results of the analysis of non-financial risks are detailed in section 5.1.4.
188.8.131.52 Internal control self-assessments
The Group has developed internal control self-assessments, based on analyzing the internal control risks inherent in each business and identifying key control issues.
The Group places considerable emphasis on preparing, issuing and monitoring internal control self-assessment procedures. The self-assessment procedures are implemented by all Edenred entities that sell prepaid solutions in paper voucher, card and other formats. These systems are compatible with existing internal control standards and processes.
Data obtained from the internal control self-assessment procedures are centralized annually at the country level, with the assistance of the Group Internal Audit team.
Internal control risk maps are also used to plan the work performed by Group Internal Audit. These maps, which highlight issues that require priority action, are included in the relevant Internal Audit reports and are periodically presented in summary form to the Executive Committee and the Audit and Risks Committee.
184.108.40.206 Analyzing IT security risks
To round out the risk identification and assessment work conducted as part of the Group risk mapping process and the internal control self-assessment, the Group Information Systems Security & Compliance Department advises and assists Executive Management in defining its IT security policy. It is responsible for ensuring that the policy is properly implemented, applied and monitored. It also identifies, organizes, coordinates and leads all preventive and corrective security measures introduced in all of the Group’s host countries.