Connect - Schneider Electric
Connect - Schneider Electric Connect - Schneider Electric
3 CORPORATE GOVERNANCE INTERNAL CONTROL AND RISK MANAGEMENT 10.5 Control procedures This section describes specifi c measures taken in 2011 to improve the Group’s control system. Operating units For internal control to be effective, everyone involved must understand and continuously implement the Group’s general guidelines and the Key Internal Controls. Training in Key Internal Controls continued in 2011 for those involved for the fi rst time in the annual self-evaluation process: newly promoted managers and entities recently integrated. Operational units, trained by their line management undertook self-evaluation of compliance with the Key Internal Controls governing their scope of operations. The self-assessments conducted during the 2011 campaign covered 90% of consolidated revenue and made it possible to defi ne improvement plans in the operating units, when necessary. The ultimate goal is that these evaluations should cover at least 90% of consolidated revenue each year. The self-assessments are conducted in the units by each process manager. Practices corresponding to the Key Internal Controls are described and performance is rated on a scale of 1 (non- compliance) to 4 (very good). For all responses below 3 (compliance) on the scale, an action plan is defi ned and implemented to achieve compliance. These action plans are listed in the self-assessment report. The unit’s fi nancial manager conducts a critical review of the self- assessments by process, and certifi es the quality of the overall results. The self-evaluation is then also certifi ed by the person in charge of the unit. Operating Divisions and business To control the reliability of the fi nancial statements and the alignment of performance with set targets, the Group relies on Senior Management’s quarterly review process and procedures carried out by the Management Control and Accounting Unit to control the quality of accounting data provided by consolidated units (see “Internal Control organisation and Management – Senior Management” and “Internal control procedures governing the production and processing of accounting and fi nancial information”). In 2011, the Operating Divisions continued to provide training for the operating units on internal control issues and examined and challenged the self-assessments of internal audits of these units. After analysing the results, improvement plans were developed either for certain units or for certain Key Internal Controls at the Division level. The regional internal controllers carried out audits on site as to the reliability of self-assessments of Internal Control and the effi ciency of the remediation plans put in place as a result of the previous year’s self-assessments. 138 2011 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC Global Functions In 2011, the Global Functions continued to set guidelines, issue instructions and provide support. During the year: • the Company’s processes were mapped and each one assigned a “process guarantor” sponsored by a member of the Executive Committee. The key processes for carrying out strategy of Schneider Electric are the subject of particular attention so as to ensure coherence with operational results, IT and organisational resources employed including coherence with internal control demands; • for the two-year period 2010 and 2011, the IT Security Department carried out 13 audits in units, which gave rise to reports giving conclusions and recommendations for the managers of the units audited. The implementation of recommendations by the units is subject to monitoring. In 2011 particular attention was paid to R&D centres; • in addition to on-site audits, the security function in 2011 acquired a new skill known as “penetration testing”. This skill set allows the vulnerability of websites to be identifi ed and for remedial measures taken to limit the effects on any future attacks. Five sites were audited; • the Management of Solution Risks Department assists project leaders in risk assessment, the conclusion of contracts for major projects and organisation of validation meetings before submitting proposals; • in 2011, the Security Department headed up the organisation of a new Group-level crisis room. In addition, by identifying at a global level certain internal competences specifi c to the area of investigation, it initiated the creation of a new organisation directly reporting to the Fraud Committee that will signifi cantly increase investigation capabilities as regards combatting internal fraud; • the Corporate Treasury Department continued to roll out its central payment system developed in 2009 and which today covers 60 subsidiaries. Roll out will continue in the years to come. A system of monitoring bank guarantees so as to track commitments is also under development. Internal Control Department Internal Control continued to deploy the Key Internal Controls – training and requests for self-assessments – throughout the Operating Divisions, with the scope extended to cover new units: 50% of the defi ciencies identifi ed during the 2010 campaign were deemed settled in 2011. New defi ciencies were identifi ed owing to additional Key Internal Controls, which gave rise to further action plans. Internal Control self-assessments were received and analysed, which identifi ed areas needing work in 2012 as part of the process of continuous improvement. In addition to the analysis and action plans initiated by the Entities and Operating Divisions, similar work is being carried out in the Global Functions. On the basis of the results obtained in their fi eld, the various functions defi ne and implement improvement actions as needed.
The list of Key Internal Controls continues to grow. In 2011, the Global Functional Department defi ned Key Internal Controls covering the Bid Creation and Administration process; these controls were self-evaluated by the major Research and Development units. A software package for the management of Internal Audit and Internal Control self-assessment questionnaires and follow-up action plans will be introduced to replace the “in-house” application used to date. A regional internal control organisation was introduced in 2011 that consists of 28 regional in-house controllers in three regions, who: • perform the duties defi ned under Section 2.3 for the units in their regional scope, covering all Operational Departments; • establish standardised procedures (e.g. for internal control assignments such as control cycles, documentation, scope defi nition, work programs etc.), in line with Internal Audit≈procedures. Internal Audit Department In addition to fi ne-tuning the general risk matrix and performing audits to ensure these risks are managed properly, the Internal Audit Department: • monitors and reviews the way that Key Internal Controls are applied; • critically reviews the audited unit’s internal control self-assessment and related action plans. The Department’s audit assignments go beyond the Key Internal Controls, and include an in-depth review of processes and their effectiveness, focusing on compliance and/or performance, depending on the size of the audited unit and the identifi ed risks and challenges. The internal auditors also review newly acquired units to assess their level of integration and ensure that Group rules and guidelines are properly applied. A summary overview of the department’s audits makes it possible to identify any emerging or recurring risks that require new risk management tools and methodologies or adjustments to existing resources. In 2011, Senior Management ordered unscheduled audits on emerging risks that led to the revision of certain internal procedures. In 2011, the internal auditors performed 22 audits, including: • full audits of medium-sized units; • audits of a number of risks or operating processes; • post-acquisition audits for newly acquired companies; • analyses of control self-assessments by the units; • follow-up audits to ensure recommendations are applied; • assistance assignments . CORPORATE GOVERNANCE INTERNAL CONTROL AND RISK MANAGEMENT Committee on Ethics and Responsibility The Committee on Ethics and Responsibility steers action in relation to the Principles of Responsibility, updates them and validates changes. It also answers employee questions that are not addressed in the companion guide to the Principles of Responsibility, or that employees’ own managers are unable to answer. (see “Sustainable development framework”, Chapter 2 Section 2.) Fraud Committee In 2010, the Fraud Committee formalised the policy against fraud and the process of reporting and treating fraud and suspected fraud, including changes in procedures or practices to avoid recurrence. Declared incidents are monitored by the Fraud Committee, which meets on a monthly basis. The Fraud Committee decide on investigations that are managed either by the local units or centrally by the Fraud Committee depending on the nature and the seriousness of the incident. A report is written and updated monthly for this purpose. The Fraud Committee presents an annual summary report to the Audit Committee. 2011: stronger internal control system In 2011, further efforts were made to improve the identifi cation and control of general risks, to step up periodic reviews of results and performance, and to enhance auditing practices. The year was marked, for the internal control system, by the items set out above, in particular: • the Fraud Committee’s procedures were defi ned and implemented for investigation and analysis of the identifi ed incidents of fraud; • regional internal control units were set up in an internal control system covering three levels: management, regional internal control and internal audit; • a dedicated software package for the management of self- assessment questionnaires and follow-up action plans will be ushered in to replace the “in-house” application used to date; • internal control self-assessment questionnaires were sent out to cover 90% of the Group’s consolidated revenue (training managers in internal control practices, defi ning and implementing remedial action plans if needed) including units from the acquisition of Areva Distribution; • administrative measures were pursued regarding segregation of duties in the information systems. 10.6 Internal control procedures governing the production and processing of consolidated and individual company accounting and financial information In addition to: • its regulatory tasks; • its responsibility for overseeing the close of accounts across the Group; • its audits of the Group’s results with respect to set targets (see “Internal Control Organisation and Management: Finance and Control – Legal Affairs”). 2011 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC 139 3
- Page 90 and 91: 2 SUSTAINABLE DEVELOPMENT SCHNEIDER
- Page 92 and 93: 2 SUSTAINABLE DEVELOPMENT METHODOLO
- Page 94 and 95: 2 SUSTAINABLE DEVELOPMENT METHODOLO
- Page 96 and 97: 2 SUSTAINABLE DEVELOPMENT METHODOLO
- Page 98 and 99: 2 SUSTAINABLE DEVELOPMENT METHODOLO
- Page 100 and 101: SUSTAINABLE DEVELOPMENT 2 INDICATOR
- Page 102 and 103: SUSTAINABLE DEVELOPMENT 2 INDICATOR
- Page 104 and 105: SUSTAINABLE DEVELOPMENT 2 INDICATOR
- Page 106 and 107: SUSTAINABLE DEVELOPMENT 2 INDICATOR
- Page 108 and 109: 2 SUSTAINABLE DEVELOPMENT 106 REGIS
- Page 110 and 111: 3 SUPERVISORY CORPORATE GOVERNANCE
- Page 112 and 113: 3 CORPORATE GOVERNANCE SUPERVISORY
- Page 114 and 115: 3 CORPORATE GOVERNANCE SUPERVISORY
- Page 116 and 117: 3 CORPORATE GOVERNANCE SUPERVISORY
- Page 118 and 119: 3 CORPORATE GOVERNANCE ORGANISATION
- Page 120 and 121: 3 CORPORATE GOVERNANCE SUPERVISORY
- Page 122 and 123: 3 CORPORATE GOVERNANCE SUPERVISORY
- Page 124 and 125: 3 CORPORATE GOVERNANCE MANAGEMENT B
- Page 126 and 127: 3 CORPORATE GOVERNANCE MANAGEMENT I
- Page 128 and 129: 3 CORPORATE GOVERNANCE MANAGEMENT I
- Page 130 and 131: 3 CORPORATE GOVERNANCE MANAGEMENT I
- Page 132 and 133: 3 CORPORATE GOVERNANCE MANAGEMENT I
- Page 134 and 135: 3 CORPORATE GOVERNANCE REGULATED AG
- Page 136 and 137: 3 CORPORATE GOVERNANCE INTERNAL CON
- Page 138 and 139: 3 CORPORATE GOVERNANCE INTERNAL CON
- Page 142 and 143: 3 CORPORATE GOVERNANCE INTERNAL CON
- Page 144 and 145: 142 2011 REGISTRATION DOCUMENT SCHN
- Page 146 and 147: 4 TRENDS BUSINESS REVIEW IN SCHNEID
- Page 148 and 149: 4 BUSINESS REVIEW REVIEW OF THE CON
- Page 150 and 151: 4 BUSINESS REVIEW REVIEW OF THE CON
- Page 152 and 153: 4 BUSINESS REVIEW REVIEW OF THE PAR
- Page 154 and 155: 5 CONSOLIDATED CONSOLIDATED FINANCI
- Page 156 and 157: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 158 and 159: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 160 and 161: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 162 and 163: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 164 and 165: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 166 and 167: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 168 and 169: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 170 and 171: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 172 and 173: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 174 and 175: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 176 and 177: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 178 and 179: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 180 and 181: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 182 and 183: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 184 and 185: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 186 and 187: 5 CONSOLIDATED FINANCIAL STATEMENTS
- Page 188 and 189: 5 CONSOLIDATED FINANCIAL STATEMENTS
The list of Key Internal Controls continues to grow. In 2011, the<br />
Global Functional Department defi ned Key Internal Controls covering<br />
the Bid Creation and Administration process; these controls were<br />
self-evaluated by the major Research and Development units.<br />
A software package for the management of Internal Audit and<br />
Internal Control self-assessment questionnaires and follow-up<br />
action plans will be introduced to replace the “in-house” application<br />
used to date.<br />
A regional internal control organisation was introduced in 2011 that<br />
consists of 28 regional in-house controllers in three regions, who:<br />
• perform the duties defi ned under Section 2.3 for the units in their<br />
regional scope, covering all Operational Departments;<br />
• establish standardised procedures (e.g. for internal control<br />
assignments such as control cycles, documentation,<br />
scope defi nition, work programs etc.), in line with Internal<br />
Audit≈procedures.<br />
Internal Audit Department<br />
In addition to fi ne-tuning the general risk matrix and performing<br />
audits to ensure these risks are managed properly, the Internal<br />
Audit Department:<br />
• monitors and reviews the way that Key Internal Controls<br />
are applied;<br />
• critically reviews the audited unit’s internal control self-assessment<br />
and related action plans.<br />
The Department’s audit assignments go beyond the Key Internal<br />
Controls, and include an in-depth review of processes and their<br />
effectiveness, focusing on compliance and/or performance,<br />
depending on the size of the audited unit and the identifi ed risks<br />
and challenges.<br />
The internal auditors also review newly acquired units to assess<br />
their level of integration and ensure that Group rules and guidelines<br />
are properly applied.<br />
A summary overview of the department’s audits makes it possible<br />
to identify any emerging or recurring risks that require new<br />
risk management tools and methodologies or adjustments to<br />
existing resources.<br />
In 2011, Senior Management ordered unscheduled audits on<br />
emerging risks that led to the revision of certain internal procedures.<br />
In 2011, the internal auditors performed 22 audits, including:<br />
• full audits of medium-sized units;<br />
• audits of a number of risks or operating processes;<br />
• post-acquisition audits for newly acquired companies;<br />
• analyses of control self-assessments by the units;<br />
• follow-up audits to ensure recommendations are applied;<br />
• assistance assignments .<br />
CORPORATE GOVERNANCE<br />
INTERNAL CONTROL AND RISK MANAGEMENT<br />
Committee on Ethics and Responsibility<br />
The Committee on Ethics and Responsibility steers action in relation<br />
to the Principles of Responsibility, updates them and validates<br />
changes. It also answers employee questions that are not addressed<br />
in the companion guide to the Principles of Responsibility, or that<br />
employees’ own managers are unable to answer.<br />
(see “Sustainable development framework”, Chapter 2 Section 2.)<br />
Fraud Committee<br />
In 2010, the Fraud Committee formalised the policy against fraud<br />
and the process of reporting and treating fraud and suspected fraud,<br />
including changes in procedures or practices to avoid recurrence.<br />
Declared incidents are monitored by the Fraud Committee,<br />
which meets on a monthly basis. The Fraud Committee decide<br />
on investigations that are managed either by the local units or<br />
centrally by the Fraud Committee depending on the nature and<br />
the seriousness of the incident. A report is written and updated<br />
monthly for this purpose. The Fraud Committee presents an annual<br />
summary report to the Audit Committee.<br />
2011: stronger internal control system<br />
In 2011, further efforts were made to improve the identifi cation and<br />
control of general risks, to step up periodic reviews of results and<br />
performance, and to enhance auditing practices. The year was<br />
marked, for the internal control system, by the items set out above,<br />
in particular:<br />
• the Fraud Committee’s procedures were defi ned and implemented<br />
for investigation and analysis of the identifi ed incidents of fraud;<br />
• regional internal control units were set up in an internal control<br />
system covering three levels: management, regional internal<br />
control and internal audit;<br />
• a dedicated software package for the management of<br />
self- assessment questionnaires and follow-up action plans will<br />
be ushered in to replace the “in-house” application used to date;<br />
• internal control self-assessment questionnaires were sent out<br />
to cover 90% of the Group’s consolidated revenue (training<br />
managers in internal control practices, defi ning and implementing<br />
remedial action plans if needed) including units from the<br />
acquisition of Areva Distribution;<br />
• administrative measures were pursued regarding segregation of<br />
duties in the information systems.<br />
10.6 Internal control procedures governing the production and processing<br />
of consolidated and individual company accounting and financial<br />
information<br />
In addition to:<br />
• its regulatory tasks;<br />
• its responsibility for overseeing the close of accounts across the<br />
Group;<br />
• its audits of the Group’s results with respect to set targets (see<br />
“Internal Control Organisation and Management: Finance and<br />
Control – Legal Affairs”).<br />
2011 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC<br />
139<br />
3