APC 2012 Annual Report Download - page 148

Download and view the complete annual report

Please find page 148 of the 2012 APC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 320

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320

2012 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC146
CORPORATE GOVERNANCE
3INTERNAL CONTROL AND RISK MANAGEMENT
In2012, Internal Auditing performed 27 audits, including:
audits of units;
audits of a number of risks or operating processes;
post-acquisition audits for newly acquired companies;
analyses of control self-assessments by the audited units;
follow-up audits to ensure recommendations are applied;
assistance assignments.
Committee on Ethics and Responsibility
The Committee on Ethics and Responsibility steers action in relation
to the Principles of Responsibility, updates them and validates
changes. It also answers employee questions that are not addressed
in the companion guide to the Principles of Responsibility, or that
managers are unable to answer. (see “Sustainable development
framework”, Chapter2 Section2).
Fraud Committee
The Fraud Committee defi nes the policy against fraud and the
process of reporting and treating fraud and suspected fraud,
including changes in procedures or practices to avoid recurrence.
The limited Fraud Committee is composed of the Legal Director,
the Security Director and the Internal Audit Director; it meets on a
monthly basis.
It deals with cases of fraud, corruption, confl ict of interest, breach of
procedure, theft and related matters.
All reported cases of fraud are reported to the Fraud Committee.
The Fraud Committee decides on investigations that are managed
either locally by the Compliance Offi cer, or centrally by a member
of the Fraud Committee depending on the seriousness of the
incident and the level of management potentially involved. The
Fraud Committee ensures the implementation of the action plan,
the appropriate sanction as well as feedback for each proven case
of fraud. A report is written and updated regularly for this purpose.
The Fraud Committee presents an annual summary report to the
Audit Committee.
For example, an error identifi ed in the fi nancial statements of a
French entity resulting from irregularities carried out by one former
employee with the purpose of presenting overestinded revenues by
deferring the booking of customers’ rebates , several actions have
been undertaken:
At the level of the unit concerned:
audit of the main accounting and operational fl ows,
strengthening of internal control over all fl ows involved,
including the implementation of new controls, review of the
segregation of duties followed by changes in reporting lines
in order to ensure the proper segregation and elimination of
confl icts identifi ed and the implementation of new indicators
to monitor the performance of the processes concerned and
their control,
a new follow-up audit will be carried out in2013 to ensure the
performance of this strengthened mechanism.
Group level feedback:
implementation of anl access rights management software in
the main information system of the Group, called bridge,
analysis of potential confl icts of the segregation of duties
across more than 70entities representing nearly 80% of the
Group’s consolidated revenues,
follow-up of the recommendations resulting from this analysis;
strengthened control of computer access rights,
based on the control weaknesses identifi ed in the unit in which
the fraud occurred, audit of these key controls in fi ve major
countries to ensure the performance of these controls in these
countries.
2012: the Internal Control System is now
incontinuous improvement mode
In2012, further efforts were made to improve the identifi cation and
control of global risks, to step up periodic reviews of results and
performance, and to enhance auditing practices. The year was
marked, for the internal control system, by the items set out above,
in particular:
website security audits and the creation of a platform to better
address cyber threats;
the establishment of a “professional warning system” to allow all
employees to launch an alert when in their judgment, they have
been a witness to or victim of a breach of the rules of ethics and
responsibility expressed in Our Principles of Liability;
approval by the European personal data protection authorities
of the governance of personal data protection and the
establishment of a network of “Personal Data Protection”
correspondent countries for the implementation and operation
of this governance;
internal control self-assessment questionnaires were sent out
to cover 90% of the Group’s consolidated revenues (training
managers in internal control practices, defi ning and implementing
remedial action plans if needed).