The procedures relating to the preparation of accounting and financial information, to the continued security of IT systems and to the introduction of significant operational procedures are mentioned there in a detailed manner, promoting consistency of treatment at all levels of the Groupe and networks.
These guidelines serve as the foundation of the Groupe’s internal control system.
This system is also strengthened through a network of shared service centers (Re:Sources) systematically implemented by the Groupe since 1996 in order to overcome the challenges faced by a business that relies on a large number of agencies. This network is managed by the Shared Platforms CEO, reporting to the Chairman of the Management Board, with the legal and financial functions of the shared service centers under the functional responsibility of the Groupe’s Legal Department and Finance Department, and Employment Matters and Benefits under the responsibility of the Groupe’s Human Resources Department. The network of shared service centers now covers nearly 99% of Groupe revenue as of December 31, 2021.
The Management Board, the Finance Department, shared service centers, as well as the teams dedicated to IT, real estate, insurance and mergers and acquisitions, the Internal Audit, Internal Control and Risk Management Departments and the operational managers of the networks are all involved in deploying the internal control system. For acquisitions, the internal control system is generally applied within 12 months following the acquisition date. Acquisitions also receive special attention when the annual audit plan is being drawn up.
The Groupe’s senior management is responsible for the Groupe’s internal control framework. The Secretary General and the Internal Audit & Risk Management VP regularly report to the Audit Committee and to the Management Board on the quality of the Groupe’s internal control framework. To guarantee his independence, the VP Internal Audit & Risk Management meets with the Chairman of the Audit Committee bilaterally once a year.
The Internal Audit Department helps the Groupe achieve its objectives by assessing, with a methodical and systematic approach, the correct implementation and effectiveness of all internal control, risk management and corporate governance procedures and processes.
The auditors’ missions, powers and responsibilities as well as the rights and duties of the audited entity are described in the “Internal Audit Charter” which is included in Janus. They recall the independence of the internal audit function and stipulate the missions and commitments of internal audit, and the duties and prerogatives of the auditors and audited entities.
The audit teams are comprised of approximately fifteen qualified auditors, including, since 2021, a team of auditors devoted to IT audit, and carry out internal control assessments that encompass the various financial and operational processes within the Groupe’s entities, based on an annual audit plan. This audit plan is developed based on risk analysis (including corruption risk), past events and specific requests from senior management. Once agreement has been reached with country/regional management, it is approved each year by the Management Board and validated by the Audit Committee.
The Internal Audit Department conducted approximately 70 assignments in 2021, mainly audits on the entities, but also special assignments focusing on specific, Groupe-wide issues at various levels within the Groupe, as well as investigations of cases of suspected fraud or alerts reported through the Groupe’s internal whistleblowing system. It should be noted that, as in 2020, given the health situation (Covid-19), the internal audit missions were carried out almost exclusively remotely. Some on-site trips were nevertheless possible in the last quarter of 2021. This system functions well, even though on-site checks cannot be carried out and the practical difficulties are greater.
To carry out their assignments, the internal audit teams use a dedicated IT tool (TeamMate). The work programs used are, of course, based on the ERP systems used by the Groupe, with the use of extracts and dedicated exception reports.
Internal audit findings are systematically communicated in a report from the Internal Audit & Risk Management VP communicated to the Chairman of the Groupe’s Management Board. A summary of all audit assignments completed, including special assignments, is presented during each Audit Committee meeting.
The action plans stemming from the audit recommendations are monitored centrally with the help of a dedicated computer application (TeamCentral). Additionally, specific “in-the-field” follow-up assignments are launched for the most critical reports or when action plan indicators are not in line with the commitments made by the audited entities. A report on the status of the implementation of audit recommendations is regularly presented to country/regional management as well as to the Audit Committee.
Internal (particularly in terms of HR investigations) or external assistance is called in when needed to support the Internal Audit Department, where special skills or techniques are necessary to conduct investigations.
