Universal Registration Document 2019

140 LISI 2019 UNIVERSAL REGISTRATION DOCUMENT Risk factors 5 Action is takenwithin the Group on a continual basis to ensure that these mechanisms are effective. This action is regularly assessed using performance tables. 3.2  /  Supervisory bodies The Group’s Board of Directors is the most senior decision- making entity. The Group’s Executive Committee channels the information to the divisions, which are themselves organized in such a way that enables their management to carry out the Group’s decisions at individual department level. The Audit Committee, which includes two independent directors, is acquainted, in concert with the external auditors and the Internal Audit Manager, with the senior management and risk management environment at the time of publication of each financial statement. The internal audit unit comprises the Group internal audit manager assisted by an auditor. Depending on the scale and nature of the task to be performed, internal and external partners may be co-opted to round off the team. Coordination with the external auditors is particularly close in order to direct controls specifically towards areas that have been identified as being high-risk and to allocate sufficient time to the task. Certain functions considered to be critical are monitored in the Group inacross-departmentalmanner: financialmanagement, cash management, consolidation, legal services, hedging, insurance cover, security policy, environmental policy, purchasing policy and human resource management. 3.3  /  Group baseline Each division has set up a value charter based on a common set of values. ■ An internal control procedures manual is in circulation and is supplemented by an accounting and consolidation procedures manual. These procedures aremade available to all the individuals involved and are regularly updated in electronic form via a dedicated Internet portal. ■ Since the end of 2017, a continuous improvement approach has been in place. The internal audit cell holds quarterly internal control committee meetings: the internal controllers of each division are invited, to build synergies as regards operational and financial internal control compliance. These results in Group procedures being updated: they are adapted according to the changes in processes to reduce the risks detected during audits. ■ Each division and each operational unit is responsible for ensuring that these procedures are followed and adapted to their country’s specific context. ■ Each manager receives notification of new levels of responsibility in the form of delegation letters. 3.4  /  Main internal Control Procedures regarding the preparation and processing of the accounting and financial information ■ The Group carries out an annual review of the four-year strategic plan and defines a priority action plan accordingly. The budget for the coming financial year falls within the scope of this plan for a 12‑month period. The planning process is approved first by the Executive Committee and then by the Board of Directors. Progress on preparation of the budget is assessed monthly at all levels: business units (B.U.), Divisions and Group-level teams. ■ The monthly consolidation of management indicators, the income statement, the balance sheet and the funding table allow a precise measure to be obtained within a short time of year-end. This facilitates the decision-making process. ■ The purchasing and investment process falls within the scope of the strategic and budgetary mechanism. Any purchasing or investment commitment that deviates from the budget authorizations must have prior approval at the appropriate level. ■ The sales and contract process is carefully reviewed by the local teams, BUs, divisions or Group-level teams, depending on the materiality level, before the actual commitment is made. ■ The Cash Flow-Finance process also involves specific commitments. So, for instance, financial investments are mostly managed at Group level. ■ The pay process is managed at operational unit level and is regularly reviewed both by the internal audit team and by external auditors. ■ The Health, Safety, and Environment (HSE) process involves a monthly review of management indicators (industrial accident rates, non-compliances, etc.) and of the resulting main corrective action plans. ■ All of the processes described in paragraph 3.1 are audited by the Finance/Operational internal audit cell or HSE. The financial and operational audits are conducted based on a questionnairewhich is the same for all Group entities audited: it has 156 questions. The audits are assessed by giving a score based on the total non-compliance examples detected: the contractual minimum required is 83%. The audit work results in an action plan that the operational teams are recommended to follow tomitigate the risks identified during the internal audits. This action plan is monitored one year after the audit for entities audited with a level of internal control below the Group’s requirements.