APC 2011 Annual Report Download - page 139

Download and view the complete annual report

Please find page 139 of the 2011 APC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 280

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280

1372011 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC
CORPORATE GOVERNANCE
3
INTERNAL CONTROL AND RISK MANAGEMENT
10.4 Risk identification and management
operating processes (purchases, sales, inventories,etc.);
accounting and fi nancial cycles;
Human Resources, IT, Legal and Tax cycles.
The Key Internal Controls are available to all units on the Group
intranet, along with appendices with more detailed information,
links to full policy descriptions on the Functions’ intranets, an
explanation of the risks covered by each Key Internal Control and a
self-assessment guide.
For each cycle, the Key Internal Controls cover compliance, reliability,
risk prevention and management and process performance. The
operating units fi ll out self-assessment questionnaires concerning
the Key Internal Controls.
General risks at the Group level
The Internal Audit Department interviews the Group’s 55 top
managers to update the list of general risks at the Group level
each year. The risks identifi ed through these interviews are ranked
by impact and probability of occurrence. The threat/opportunity
aspect of each risk is also taken into account.
Risk factors related to the Company’s business, as well as
procedures for managing and reducing those risks, are described in
“Risk Factors.” These procedures are an integral part of the internal
control system.
The risk matrix and the analysis of changes from one year to the
next contribute to the development of an internal audit plan for the
following year.
Half of the major and general risks identifi ed at end-2010 were
addressed in audits carried in 2011 to assess action plans for
managing and reducing risks.
Operating risks at the unit level
Operating risks are managed fi rst and foremost by the units in
liaison with the Operating Divisions, based on Group guidelines
(notably the Key Internal Controls). Each subsidiary is responsible
for implementing procedures providing an adequate level of internal
control.
The Operating Divisions implement cross-functional action plans for
operating risks identifi ed as being recurrent in the units or as having
a material impact at the Group level. The internal control system is
adjusted to account for these risks as needed.
The Group’s insurance programs cover the remaining portion of
transferable risks.
Risk Solutions
The Risk Solutions Management Department , defi nes and
implements principles and tools designed to manage these risks;
In 2011, a network of Solution Risk managers was set up to assess
the risks inherent in all major projects. The rules for entering into
agreements and adopting solutions in projects were updated.
Risk management by the Risk and Insurance
Department
The Risk and Insurance Department contributes to internal audits
by defi ning and deploying a Group-wide insurance strategy, as
defi ned in “Risk Factors and Insurance Strategy.” The insurance
strategy includes the identifi cation and assessment of the main
insurable risks and defi nes and recommends measures to prevent
these risks and protect assets.
Risk management by the Safety Department
The Group’s Security Department defi nes corporate governance
with regard to loss prevention in the area wilful acts against property
and people.
In this respect and in close cooperation with the Risk and Insurance
Department, it is directly involved in assessing the nature of such risk
as well as defi ning adequate prevention and protection measures.
The Security Department publishes internally a table of “Country
Risks” for use in security procedures that are mandatory for people
travelling, expatriates and local employees. On request it provides
support to local teams for any security issues (site audit, expatriates
or local employee security, security whilst on assignments,etc.).
It brings its methodology to develop emergency plans (Evacuation
plans, Crisis management plans, Business continuity plans, etc.)
and ensures coordination of the Corporate Crisis Team (SEECC -
Schneider Electric Emergency Coordination Center) each time that
it is activated.
The Security Department is integrated in the “Fraud Committee”
alongside the Internal Audit Department and the Legal Department
and gets involved in combatting internal fraud (managing and
carrying out internal investigations).
Management of information system risks
An IT Security unit within the Information, Process and Organisation
Department defi nes and implements specifi c security policies for
information systems.
This department has specifi c skills in auditing the security of
IT systems. After each site audit, a report is issued setting out
ndings and recommendations for the attention of the persons in
charge of the entity audited.