78 LISI 2018 FINANCIAL REPORT COMPANY FINANCIAL STATEMENTS 4

Internal audit repository

The Internal Control Department developed a new Internal Audit

Repository in 2011 based on a Questionnaire of 134 questions that cover

all of the Internal Control Manual processes: Purchasing, Capital

Expenditures, Sales, Inventories, Cash, and Human Resources.

In 2015, this questionnaire was reviewed in order to improve internal

control standards. Accordingly, an additional process comprising 24

questionswas introducedforthecontrolofourITsystems.Itwasrevised

in October 2017 in coordination with the IT Departments of the three

divisions. The number of questions was reduced to 22.

Audits have been used since 2012 to validate (or invalidate) the level of

internalauditachieved ineachofthebusinessunits;theyhavecontinued

throughout the whole of 2018 with 15 audit tasks completed.

The Group’s overall score level was 81%, above our contractual minimum

of 80%.

We feel that the stiffening of the internal control requirements caused a

loss of about 5 points on the scores achieved in 2018, while the impact of

the Chapter “Information Systems” would be approximately 1 point.

Amore detailed analysis by division shows that:

■■

The LISI AEROSPACE score fell 3 points to 79%;

■■

TheLISI AUTOMOTIVE score fell 4points, but at 81%, remains above the

required level;

■■

TheLISIMEDICALscorealsofell2pointsbut,at84%,remainsabovethe

required level.

Furthermore, a process-level analysis shows that, with the exception of

the “InformationSystems” cycle, all the other processes are close to or

above our contractual standard of 80%.

Special work took place in 2018 following the acquisition of TERMAX: its

aim was to determine the level of internal control. This support work

enabled operational teams to prepare their roadmaps to attain the level

of internal control required by 2021.

Lastly,in2018,theInternalAuditDepartmentcontinueditsgoodpractices

efforts through the promotion of ICCs (Internal Control Committees).

These committees bring together the internal control referents in the

divisions. This work pools operational and financial internal control

compliance ideas, resulting inGroupprocedures being updated: they are

adapted in response to changes inprocesses and are designed to reduce

the risks detected during the audits. This dynamic of continued

improvement will continue in 2019.

Risk mapping

■■

Themain risks identified under themedium-termbudget and strategic

plan fall under several areas of action:

1. Market risks to be anticipated as accurately as possible within all

divisions

a. Possible effects of over-stocking based on the current contracts,

b. Flexibility to be ensured to cope withmajor temporary crises,

c. Absorption of fixed costs to offset the effects of the fall in

industrial markets,

d. Industrial activities for which the panel of players remains

restricted and highly competitive.

2. Industrial challenges

a. Essential productivity programs to be carried out to sustain

certain industrialprocessesandmaintaincompetitiveness inhigh

cost areas, sometimes accompanied by reconversion in themore

attractive segments of the business,

b. Technology challenges key to remaining competitive,

c. Customer requirements that are increasingly difficult tomeet.

3. Risks of securing assets detected on some sites: flooding, fire

detection and fire prevention, for which site relocation projects are

under study and or underway.

Fraud

The LISI Group is a regular target of fraud attempts. Most of these are by

identity theft, but new attempts were identified in 2018, such as fraud

attempts by false invoices, falsifications of electronic or paper checks

fraud via changes to bank details. Thewhistleblowing procedure in place

since2013isstillactiveandadviceisprovidedaboutthecorrectbehaviors

to adopt. It is also circulated if necessary more widely depending on the

declared attempts. A communication plan has been prepared in

partnership with the Group Head of Information Systems Departments:

this plan, to be rolled out in 2019, aims to raise awareness and warn all

users of the dangers of cybercrime and fraud.

CONCLUSION

The Group finds the standard of internal audit appropriate to the size and

typology of the risks identified.

In 2019, LISI will focus on continuing its internal control strategy to:

■■

Respond to theGroup’s growth and bring all Group entities into linewith

the COS (Controlling Operating System) and audit standards as quickly

as possible;

■■

Raise the internal audit ratings of sites whose scores are below the

Group standard of 80%;

■■

Manage the risks approach using a standard methodology, and

harmonize its process with all of the strategic and operational action

plans,

■■

Continue its compliance drive in areas linked to CSR issues (see Chap.6

of the Annual Report).

Supplier and customer terms of payment

In the tables below, you will find details of the terms of payment for

suppliers and customers concerning LISI S.A. operating invoices: