APC 2010 Annual Report Download - page 136

Download and view the complete annual report

Please find page 136 of the 2010 APC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 292

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292

CORPORATE GOVERNANCE
3INTERNAL CONTROL ANDRISKMANAGEMENT
The Key Internal Controls are available to all units on the Group
intranet, along with appendices with more detailed information,
links to full policy descriptions on the Functions’ intranets, an
explanation of the risks covered by each Key Internal Control and a
self-assessment guide.
For each cycle, the Key Internal Controls cover compliance, reliability,
risk prevention and management and process performance. The
operating units fi ll out self-assessment questionnaires concerning
the Key Internal Controls.
4. Risk identification and management
4.1. General risks at the Group level
The Internal Audit Department interviews the Group’s 40 top
managers to update the list of general risks at the Group level each
year. The risks identifi ed through these interviews are ranked by
impact and probability of occurrence. The threat/opportunity aspect
of each risk is also taken into account.
Risk factors related to the Company’s business, as well as
procedures for managing and reducing those risks, are described
in “Risk Factors.” These procedures are an integral part of the internal
control system.
When drawing up the Internal Audit plan for the coming year, team
members look closely at the risk matrix and the analysis of changes
from one year to the next.
More than half of the major and general risks identifi ed at end-2009
were addressed in audits carried out between 2008 and 2010 to
assess action plans for managing and reducing risks.
4.2. Operating risks at the unit level
Operating risks are managed fi rst and foremost by the units in
liaison with the Operating Divisions, based on Group guidelines
(notably the Key Internal Controls). Each subsidiary is responsible
for implementing procedures providing an adequate level of internal
control.
The Operating Divisions implement cross-functional action plans for
operating risks identifi ed as being recurrent in the units or as having
a material impact at the Group level. The internal control system is
adjusted to account for these risks as needed.
The Group’s insurance programs cover the remaining portion of
transferable risks.
4.3. Risk management by the Risk – Insurance
Department
The Risk – Insurance Department contributes to internal control by
defi ning and deploying a Group-wide insurance strategy, as defi ned
in “Risk Factors.” The insurance strategy identifi es and quantifi es
the main insurable risks and defi nes and recommends measures to
prevent risks and protect assets.
4.4. Risk management by the Safety
Department
The Safety Department contributes to internal control by defi ning and
deploying safety strategies. Like the Risk – Insurance Department,
with which it works in close cooperation on recovery issues, the
Safety Department helps identify and quantify the main risks within
its scope and defi nes and recommends measures to prevent risks
and protect people and assets. It is also involved in defi ning and
deploying business continuity and crisis management plans.
4.5. Management of information system risks
An IT Security unit within the Information, Process and Organisation
Department defi nes and implements specifi c security measures for
information systems.
This Department was given responsibility for auditing the security of
IT systems in 2010. Its fi rst assignments were carried out in 2010;
its recommendations resulted in remedial action plans.
2010 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC134