APC 2009 Annual Report Download - page 101

Download and view the complete annual report

Please find page 101 of the 2009 APC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 244

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244

2009 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC 99
CORPORATE GOVERNANCE
3
INTERNAL CONTROL AND RISK MANAGEMENT
3.7. Key Internal Controls
A list of Key Internal Controls was defi ned in 2008 and expanded to
98 items in 2009. These cover:
the control environment (Principles of Responsibility, Delegation of
Powers, Segregation of Functions, Business Continuity Plans and
Retention of Records);
operating processes (purchases, sales, inventories, etc.);
accounting and fi nancial cycles;
H uman Resources, IT, Legal and Tax cycles.
The Key Internal Controls are available to all units on the Group
intranet, along with appendices with more detailed information, links
to full policy descriptions on the Functions’intranets, an explanation of
the risks covered by each Key Internal Control and a self-assessment
guide.
For each cycle, the Key Internal Controls cover compliance, reliability,
risk prevention and management and process performance. The
operating units fi ll out self-assessment questionnaires concerning
the Key Internal Controls.
4. Risk identification and management
4.1. General risks at the Group level
The Internal Audit Department interviews the Group’s 50 top
managers to update the list of general risks at the Group level each
year. The risks identifi ed through these interviews are ranked by
impact and probability of occurrence. The threat/opportunity aspect
of each risk is also taken into account.
Risk factors related to the Company’s business, as well as procedures
for managing and reducing those risks, are described in “Risk
Factors”. These procedures are an integral part of the internal control
system.
When drawing up the Internal Audit plan for the coming year, team
members look closely at the risk matrix and the analysis of changes
from one year to the next.
70% of the general risks identifi ed at end-2008 were addressed in
audits conducted between 2007 and 2009 to assess action plans
for managing and reducing risks.
4.2. Operating risks at the unit level
Operating risks are managed fi rst and foremost by the units in liaison
with the Operating Divisions and businesses, based on Group
guidelines (notably the Key Internal Controls). Each subsidiary is
responsible for implementing procedures providing an adequate level
of internal control.
The Operating Divisions and businesses implement cross-functional
action plans for operating risks identifi ed as being recurrent in the
units or as having a material impact at the Group level. The internal
control system is adjusted to account for these risks as needed.
The Group’s insurance programmes cover the remaining portion of
transferable risks.
4.3. Risk management by the Risk –
InsuranceDepartment
The Risk – Insurance Department contributes to internal control by
defi ning and deploying a Groupwide insurance strategy, as defi ned
in “Risk Factors”. The insurance strategy identifi es and quantifi es
the main insurable risks and defi nes and recommends measures to
prevent risks and protect assets.
4.4. Risk management
by the Safety Department
The Safety Department contributes to internal control by defi ning and
deploying safety strategies. Like the Risk – Insurance Department,
with which it works in close cooperation on recovery issues, the
Safety Department helps identify and quantify the main risks within
its scope and defi nes and recommends measures to prevent risks
and protect people and assets. It is also involved in defi ning and
deploying business continuity plans and crisis management plans.
4.5. Management of information system risks
An IT Security unit within the Information, Process and organisation
Department defi nes and implements specifi c security measures for
information systems.
5. Control procedures
This section describes specifi c measures taken in 2009 to improve
the Group’s control system.
5.1. Operating units
For internal control to be effective, everyone involved must understand
and continuously implement the Group’s general guidelines and the
Key Internal Controls.
Training programmes on the Key Internal Controls continued in all
of the Operating Divisions in 2009. The operating units, trained by
the Division to which they belong, carried out self-assessments in
compliance with the Key Internal Controls governing their scope of
operations.
The self-assessments conducted during the 2009 campaign
covered 65% of consolidated revenue and made it possible to defi ne
improvement plans in the operating units, when necessary. Ultimately,
these evaluations will cover 80% of consolidated revenue each year.
The self-assessments are conducted in the units by each process
manager. Practices corresponding to the Key Internal Controls are
described and performance is rated on a scale of 1 (non compliance)
to 4 (very good). For all responses below 3 (compliance) on the scale,
an action plan is defi ned and implemented to achieve compliance.
These action plans are listed in the self-assessment report. The unit’s
nancial manager conducts a critical review of the self-assessments
by process and certifi es the quality of the overall results.
5.2. Operating Divisions and businesses
To control the reliability of the fi nancial statements and the alignment
of performance with set targets, the Group relies on Senior
Management’s quarterly review process and procedures carried out
by the Management Control and Accounting Unit to control the quality