4.4.6 Control activities

To improve control of identified risks, the Group has set up control procedures that comply with its standards and cover both operating and financial information processes. Preparing and controlling the consolidated financial statements

The consolidated financial statements are prepared by the Group Accounting Department based on information reported by the entities’ Chief Executive Officers and Finance Directors. The format of the consolidation packages is determined by the Group.

The entities are responsible for the information contained in their consolidation packages and are required to make formal representations to Group Finance about the fairness of reporting data and its conformity with Group accounting standards and policies.

The Consolidation unit carries out systematic controls of the consolidation packages submitted by the entities. A detailed schedule for reviewing the packages is prepared and sent to the employees concerned.

In connection with their audit of the consolidated financial statements, the Statutory Auditors review the consolidation packages transmitted by the entities included in the scope of their audit. Group Internal Audit also reviews from time to time the proper application of Group accounting standards and policies by the entities, and reports to Group Finance any issues identified during the review.

The consolidated financial statements are lastly examined by the Executive Vice-President, Finance prior to their review by the Audit and Risks Committee in preparation for approval by the Board of Directors. Role of Group Internal Audit

Group Internal Audit carries out its audit assignments based on an audit program validated by the Executive Committee and the Audit and Risks Committee. The main types of assignments, as described in the Internal Audit Charter, are as follows:

  • operations and/or financial audits, which are aimed at evaluating the reliability and effectiveness of the operating entities’ internal control systems, as well as ensuring that they comply with Group standards. These audits include tracking the action plan (if any) issued following the last audit. Comparing the results of the audit with the results reported by the subsidiary during the year on the deployment of action plans serves to close the internal control loop;
  • organizational, procedural and/or specific audits, which are aimed at helping the divisions to optimize and adapt their procedures and operating processes, notably when rolling out cross-functional projects that lead to a change in organization structures. They can also concern issues applicable to cross-cutting audits, one or more operating entities or to a particular country, function or process;
  • IT function audits, which are performed by specialized IT auditors to ensure that best practices are applied in relation to the organization and management of the audited entities’ information systems. These reviews are also aimed at ensuring that the manual and automated checks in place provide an appropriate level of internal control in view of the operations covered by the applications or IT Departments concerned. Lastly, they make it possible to validate the implementation of best IT project management practices.

Internal Audit plans are determined based on the internal control risk map. To ensure effective risk management, each operating entity is audited approximately every three years. The entity’s contribution to the Group’s operating revenue and requests from specific business line directors are also taken into account when deciding which entities should be audited. As regards the IT audit plan, the selection of auditees must take into account changes in the Group’s businesses such as digitalized solutions and pooled services as well as the contribution to business volume processed by the information systems. Internal Audit successfully adapted its audit plan and procedures in 2021 to continue control operations remotely when necessary.

Measures are taken by the management of the audited entities to eliminate the identified internal control weaknesses and make any necessary improvements. The Group Internal Audit team performs a follow-up visit to check that the action plans have been duly implemented.

The head of Group Internal Audit prepares half-yearly and yearly summaries of the Internal Audits carried out by his or her teams during the year for presentation to the Executive Committee and to the Audit and Risks Committee, which checks that the department has the necessary resources and makes any observations or recommendations that it considers necessary.