APC 2014 Annual Report Download - page 167
Download and view the complete annual report
Please find page 167 of the 2014 APC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157 -
158 -
159 -
160 -
161 -
162 -
163 -
164 -
165 -
166 -
167 -
168 -
169 -
170 -
171 -
172 -
173 -
174 -
175 -
176 -
177 -
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
 |
 |
CORPORATE GOVERNANCE
INTERNAL CONTROL AND RISK MANAGEMENT
Control procedures
9.5
In addition to the general missions already described, this section
detected and prevented hundreds of real time attacks,
–
describes specific measures taken in2014 to improve the Group’s
eradicated and Quarantined thousand of viruses detected;
–
control system. in 2014, the Global IT Security (GIS) Department has significantly
l
improved the end point Ex-Com members with the rollout of a
Operating units
HIDS (Host based Intrusion Detection System). Host based
Intrusion Detection System, is a system to detect intruders that
are, unexpected, unwanted or unauthorized people or programs
For internal control to be effective, everyone involved must on a computer;
understand and continuously implement the Group’s general
guidelines and the Key Internal Controls. during 2014, a new IT Security Strategy has been defined to
l
address the new high priority risks and cyber threats identified.
Training in Key Internal Controls continued in2014 for those This strategy has been presented to Ex-Com members during a
involved for the first time in the annual self-assessment process: Cyber War Game (simulation of multi-stage cyber-attack). This
newly promoted managers and units recently integrated. strategy contains important programs like Data Security, Identity
Operational units, undertook self-assessment of compliance with & Access Management, Security Incident Response and
the Key Internal Controls governing their scope of operations. Simulations, End-Point Security, Awareness and Training;
The self-assessments conducted during the 2014 campaign for solutions risk management, a simplified template for the
l
covered more than 90% of consolidated sales and made it
3
assessment of smaller projects was created and included in the
possible to define improvement plans in the operating units, when approval workflow tool;
necessary. The ultimate goal is that these evaluations should cover the Security Department issued a new directive regarding the
l
at least 90% of consolidated sales each year. «multiple travelers on the same flight» risk and deployed
All covered entities assessed in great detail the Key Internal Schneider Electric travel security procedures within Invensys
Controls on process within their scope of operations. (new acquisition).
The self-assessments are conducted in the units by each process
Internal Control Department
owner. Practices corresponding to the Key Internal Controls are
described and performance is rated on a scale of 1
(non-compliance) to 4 (very good). Internal Control continued to deploy the Key Internal Controls
–training and requests for self-assessments– throughout the
For each Internal Control Key assessed at below level 3 Operating Divisions, with the scope extended to cover new units.
(compliance) on the scale, an action plan is defined and
implemented to achieve compliance. These action plans are listed New deficiencies were identified owing to additional Key Internal
in the self-assessment report. Controls, which gave rise to further action plans.
The unit’s financial manager conducts a critical review of the Internal Control self-assessments were received and analyzed,
self-assessments by process, and certifies the quality of the overall which identified areas needing work in2015 as part of the process
results. The self-evaluation is then also certified by the person in of continuous improvement.
charge of the unit. In addition to the analysis and action plans initiated by the Units
The regional internal controllers carried out controls on site to and Operating Divisions, similar work is being carried out in the
assess the reliability of self-assessments and the efficiency of the Global Functions. On the basis of the results obtained in their field,
remediation plans put in place as a result of the previous the various functions define and implement improvement actions
self-assessment. asneeded.
Global Functions
The list of Key Internal Controls continues to evolve.
The software package for the management of self-assessment
questionnaires and follow-up action plans of Internal Audit and
In2014, the Global Functions continued to set guidelines, issue Internal Control introduced in2011 continues to be improved.
instructions and provide support.
The regional internal control organization introduced in2011
For example: consists of 25 regional internal controllers in five regions, who:
in 2014, with regard to Our Principles of Responsibility, a
l
perform the duties defined under the section «Organization and
l
specific support has been brought to the entities which had a management: key participants of internal control – Internal
low score in the 2013 Key Internal Controls dealing with Our Control Department» for the units in their regional scope,
Principles of Responsibility. These actions have consisted in covering all Operational Departments;
meeting with the entities top managers, providing in-site establish standardized procedures (e.g., for internal control
l
trainings to managers and employees and insisting again on the assignments, such as control cycles, documentation, scope
values and principles of the company; definition, work programs etc.);
in 2014, The Global IT Security (GIS) Department has
l
completed more than 80 on-site inspection missions in2014 to
l
successfully: assess the level of internal control and the adequacy of action
managed the major global vulnerabilities such us heartbleed
–
plans, issuing the necessary recommendations when needed.
and shellshock,
165
2014 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC