149 LISI 2018 FINANCIAL REPORT INFORMATION REGARDING THE COMPANY AND CORPORATE GOVERNANCE 7

■■

Certain functions considered to be critical are monitored in the Group

in a cross-departmental manner: financial management, cash

management, consolidation, legal services, hedging, insurance cover,

security policy, environmental policy, purchasing policy and human

resourcemanagement.

3.3 

I

 Group baseline

■■

Each division has set up a value charter based on a common set of

values.

■■

An internal control procedures manual is in circulation and is

supplementedbyanaccountingandconsolidationproceduresmanual.

These procedures aremade available to all the individuals involved and

are regularly updated in electronic formvia a dedicated Internet portal.

■■

Since the end of 2017, a continuous improvement approach has been in

place.The internalauditcellholdsquarterly internalcontrolcommittee

meetings: the internal controllers of each division are invited, to build

synergies as regards operational and financial internal control

compliance.Theseresults inGroupproceduresbeingupdated:theyare

adapted according to the changes in processes to reduce the risks

detected during audits.

■■

Each division and each operational unit is responsible for ensuring that

these procedures are followed and adapted to their country’s specific

context.

■■

Eachmanagerreceivesnotificationofnew levelsofresponsibility inthe

formof delegation letters.

3.4 

I

 Risk-mapping and monitoring processes

■■

The Group is engaged in a convergent risk-mapping process. This

methodology is currently employed throughout the Group and down to

the level of the basicManagement Units. It is subject to a complete and

systematicreviewonceayear.Actionplansforthemainrisks identified

in each division are approved as part of the medium-term budget and

strategy planning.

■■

Note that the risks are updated according to the risk areas identified:

for example, in 2018, the cyber crime risk was included.

■■

The Health, Safety and Environmental Steering Committee, set up in

2001, identifies and indexes the inherent risks, then initiates the

necessary corrective actions.

3.5 

I

 Main internal Control Procedures regarding

the preparation and processing of the

accounting and financial information

■■

The Group carries out an annual review of the five-year strategic plan

anddefinesapriorityactionplanaccordingly.Thebudgetforthecoming

financial year falls within the scope of this plan for a 12-month period.

Theplanningprocess isapprovedfirstbytheExecutiveCommitteeand

then by the Board of Directors. Progress on preparation of the budget

is assessed monthly at all levels: business units (B.U.), Divisions and

Group-level teams.

■■

The monthly consolidation of management indicators, the income

statement, the balance sheet and the funding table allow a precise

measure to be obtainedwithin a short time of year-end. This facilitates

the decision-making process.

■■

The purchasing and investment process falls within the scope of the

strategic and budgetary mechanism. Any purchasing or investment

commitment that deviates from the budget authorizations must have

prior approval at the appropriate level.

■■

Thesalesandcontractprocess iscarefullyreviewedbythe localteams,

BUs,divisionsorGroup-levelteams,dependingonthemateriality level,

before the actual commitment is made.

■■

The Cash Flow-Finance process also involves specific commitments.

So, for instance, financial investments are mostly managed at Group

level.

■■

The pay process is managed at operational unit level and is regularly

reviewed both by the internal audit team and by external auditors.

■■

The Health, Safety, and Environment (HSE) process involves a monthly

review of management indicators (industrial accident rates, non-

compliances, etc.) and of the resultingmain corrective action plans.

■■

All of the processes described in paragraph 3.1 are audited by the

Finance/Operational internal audit cell or HSE. The financial and

operationalauditsareconductedbasedonaquestionnairewhich isthe

same for all Group entities audited: it has 156 questions. The audits are

assessedbygivingascorebasedonthetotalnon-complianceexamples

detected: the contractual minimum required is 80%. The audit work

results in an action plan that the operational teams are recommended

to follow to mitigate the risks identified during the internal audits. This

actionplanismonitoredoneyearaftertheauditforentitiesauditedwith

a level of internal control below the Group’s requirements.