2019 Annual financial report

Chapter 2. Risks and risk management

2.2.3 Monitoring the effectiveness of the internal control system

The Group’s senior management is responsible for the Group’s internal control system. The Secretary General and the Internal Audit & Risk Management VP regularly report to the Audit Committee and to the Management Board on the quality of the Group’s internal control system. This system draws on the following:

2.2.3.1 Internal audit assignments

The Internal Audit Department helps the Group achieve its objectives by assessing, with a methodical and systematic approach, the correct implementation and effectiveness of all internal control, risk management and corporate governance procedures and processes.

The auditors’ missions, powers and responsibilities as well as the rights and duties of the audited entity are described in the “Internal Audit Charter” which is included in Janus. They recall the independence of the internal audit function and stipulate the missions and commitments of internal audit, and the duties and prerogatives of the auditors and audited entities.

The audit teams are comprised of approximately fifteen qualified auditors and carry out internal control assessments that encompass the various financial and operational processes within the Group’s entities, based on an annual audit plan. This audit plan is developed based on risk analysis (including corruption risk), past events and specific requests from senior management. Once agreement has been reached with country/regional management, it is approved each year by the Management Board and validated by the Audit Committee.

The Internal Audit Department conducted approximately one hundred audits in 2019, mainly audits on the entities, but also special audits focusing on specific, Group-wide issues at various levels within the Group, as well as investigations on cases of suspected fraud.

To carry out their missions, the internal audit teams use a dedicated IT tool (“TeamMate”). The work programs used are, of course, based on the ERP systems used by the Group, with the use of extracts and dedicated exception reports.

Internal audit findings are systematically communicated in a report from the VP Internal Audit & Risk Management communicated to the Chairman of the Group’s Management Board. A summary of all audit assignments completed, including special assignments, is presented during each Audit Committee meeting.

The action plans stemming from the audit recommendations are monitored centrally with the help of a dedicated computer application (“TeamCentral”). Additionally, specific “in the field” follow-up assignments are launched for the most critical reports or when action plan indicators are not in line with the commitments made by the audited entities. A report on the status of the implementation of audit recommendations is regularly presented to country/regional management as well as to the Audit Committee.

Internal (particularly in terms of HR investigations) or external assistance is called in when needed to support internal audits when special skills or techniques are necessary to conduct investigations.

The Internal Audit of Publicis Groupe works in accordance with the international professional standards issued by the IIA (“The lnstitute of Internal Auditors”) and in March 2017, obtained the certification of its quality assurance and certification approach by IFACI (Institut français de l’audit et du contrôle interne). This certification confirms the ability of the Group Publicis Internal Audit Department to carry out its duties. This certification was confirmed in January 2018 and again in January 2019 in the course of the annual follow-up audits. It was renewed in March 2020.

2.2.3.2 Financial monitoring controls program

Publicis Groupe also established a program entitled “Financial Monitoring Controls” (FMC) consisting of a series of key controls set out by process (including in relation to CSR) and implemented across all Group entities.

Follow-up of the roll-out and implementation of key controls is performed at two levels using a specific IT tool (“PICT/RVR”):

  • a monthly self-assessment submitted by all Group entities helps to make them accountable for the effectiveness of their controls;
  • special teams, called FMC teams, are deployed across the various countries/regions to evaluate the effectiveness of the controls within the entities. These teams are linked to the Finance Department of each country/region as well as the Group’s Internal Control and Risk Management Department, which oversees them, coordinates their work, and compiles the results. These teams follow a control plan covering over 75% of the Group’s consolidated revenue each year.

Furthermore, a review of the key checks and controls of the corporate processes relating to financial reporting (Consolidation, Tax, M&A, etc.) is conducted on an annual basis by the Internal Audit Department.

2.2.3.3 Monitoring by the Legal Department

The Group’s Legal Department regularly monitors litigationrelated risks within the Group. A summary of any significant legal disputes, as well as an estimate of their potential impacts, is presented to the Group’s senior management every quarter. The main legal disputes and current investigations, where relevant, are also discussed in each Audit Committee meeting.