APC 2015 Annual Report Download - page 173

Download and view the complete annual report

Please find page 173 of the 2015 APC annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 332

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332

2015 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC 171
CORPORATE GOVERNANCE
3
INTERNAL CONTROL AND RISK MANAGEMENT
Local risks related to the company’s business
at the unit level
Local risks related to the company’s business are managed fi rst and
foremost by the units in liaison with the Operating Divisions, based
on Group guidelines (in particular via the Key Internal Controls).
Each subsidiary is responsible for implementing procedures that
provide an adequate level of internal control.
The divisions implement cross-functional action plans for risk factors
related to the company’s business identifi ed as being recurrent
in the units or as having a material impact at the Group level, as
appropriate. The internal control system is adjusted to account for
these risks.
The Group’s insurance programs cover the remaining portion of
transferable risks.
Risks related to Solutions
The Solutions Risk Management Department defi nes and
implements principles and tools designed to manage these risks.
The network of Solution Risk Managers assesses the risks of all
major projects in conjunction with the Tender Managers during the
preparation of offers.
Risk management by the Risk and Insurance
Department
The Risk and Insurance Department contributes to the internal
control system by defi ning and deploying a Group-wide insurance
strategy, as defi ned in «Risk Factors and Insurance Strategy ». The
insurance strategy includes the identifi cation and quantifi cation of
the main insurable risks, the determination of levels of retention
and the cost benefi t analysis of the transfer options. The Risk and
Insurance Department also defi nes, proposes and implements
action plans to prevent these risks and protect assets.
Risk management by the Security Department
The Group’s Security Department defi nes corporate governance
with regard to loss prevention in the area of wilful acts against
property and people.
In this respect and in close cooperation with the Risk and Insurance
Department, it is directly involved in assessing the nature of such risk
as well as defi ning adequate prevention and protection measures.
The Security Department publishes internally a table of «Country
Risks» for use in security procedures that are mandatory for people
travelling, expatriates and local employees. On request, it provides
support to local teams for any security issues (site audit, expatriates
or local employee security, security on assignments,etc.).
It provides daily coordination with the Group’s worldwide partner
in the fi eld of medicalandsecurity assistance (International SOS&
Controls Risks– start of contract in January2011) as well as in the
eld of psychological support that is necessary to organize in some
crisis context (Eutelmed– start of contract in April2015).
It brings its methodology to develop emergency plans (evacuation
plans, crisis management plans, business continuity plans,etc.) and
coordinates the corporate crisis team (SEECC– Schneider Electric
Emergency Coordination Center) each time that it is activated.
The Security Department is integrated in the «Fraud Committee»
alongside the Internal Audit Department and the Legal Department
and is directly involved in combating internal fraud (managing
and carrying out internal investigations). The Security Department
created a new entity responsible for investigations (internal and
external fraud) within the Security Department itself and in charge of
supporting internal investigators as well as defi ning methodology&
procedures to conduct investigations properly (in accordance with
the l aw and in order to be ef cient in gather evidence effectively ).
The Security Function also participates in crisis management,
in particular in the management of the corporate crisis cell and
in support of local entities (limiting the consequences of the
occurrence of certain risks such as civil war, weather events,
pandemics, attacks on people, terrorism,etc.). In addition, it has
realized more than 20 Security Audits in 2015 (R&D centers, head-
offi ces, sensitive plants, etc ).
Management of Information Systems risks
A Global IT Security Department inside Information, Process and
Organization Department (IPO) defi nes and implements specifi c
security policies for information systems, ensuring basic computer
hygiene, confi dentiality, integrity, availability and accountability of all
our information and technology assets. This department identifi es
critical processes and information to capture, secure and prioritize
them. Their members have proved and certifi ed security technical
skills and they perform regularly audits. After each audit, a report
is issued setting out fi ndings and recommendations. All corrective
actions are monitored.
9.5 Control procedures
In addition to the general missions already described, this section
describes specifi c measures taken in2014 to improve the Group’s
control system.
Operating units
For internal control to be effective, everyone involved must
understand and continuously implement the Group’s general
guidelines and the Key Internal Controls.
Training in Key Internal Controls continued in2015 for those involved
for the fi rst time in the annual self-assessment process: newly