reference document 2003 - Euler Hermes Kreditversicherungs-AG
reference document 2003 - Euler Hermes Kreditversicherungs-AG
reference document 2003 - Euler Hermes Kreditversicherungs-AG
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Reinsurance, Information Technology,<br />
Audit, Communication and Human<br />
Resources. In the area of Risks, these rules<br />
were updated in <strong>2003</strong>. They have been<br />
implemented in the main entities as procedures<br />
that include in particular the thresholds<br />
of individual responsibility and the<br />
organisation of specific risk and commercial<br />
committees for example.<br />
It should be noted that the following models<br />
are being introduced throughout the<br />
Group:<br />
• a risk business model and quality standards<br />
in terms of the management of<br />
debtor risk,<br />
• a collection business model in terms of<br />
collection of receivables.<br />
First level of control<br />
At Group level, there are cross-company<br />
functions for the Risk/Litigation, Sales and<br />
Marketing, and Strategy operational areas<br />
and for the Information Technology,<br />
Finance and Accounting, Reinsurance,<br />
Internal Audit, Human Resources and<br />
Communication support areas. A member<br />
of the Group Management Board is responsible<br />
for each function and these members<br />
check the implementation of Group directives<br />
in the subsidiaries.<br />
For example, the risk (credit) cross-company<br />
function monitors all the credit risk<br />
business. To do this, it uses the monthly<br />
group reports drawn up by Group<br />
Management Control and monthly reports<br />
on sensitive risks. Corrective action is coordinated<br />
with a Group Risk Committee<br />
whose members include subsidiaries’ risk<br />
managers. This committee, chaired by the<br />
manager of the risk cross-company function,<br />
meets every two months. Each sub-<br />
sidiary’s risk manager reports to this committee.<br />
Local risk business is supervised by<br />
a local risk committee, of which the CEO is<br />
generally a member, and by a system of<br />
delegation of powers.<br />
Within company departments, procedures<br />
govern the measures to be taken and the<br />
main related controls. The extension of the<br />
<strong>document</strong>ation of the control system to<br />
departments that are not yet covered is<br />
under way in the context of complying with<br />
the Sarbanes-Oxley Act and should be completed<br />
for the largest subsidiaries at the<br />
end of 2004.<br />
Controls are carried out by the operational<br />
units themselves. These controls may be<br />
integrated into the processing of transactions<br />
(first level) and some may be integrated<br />
into automated systems. In<br />
addition, they may be carried out by units<br />
or individuals who are independent of the<br />
above-mentioned operational units or distinct<br />
from those who have carried out controls<br />
at the first level (second level).<br />
Second level of internal control<br />
The Group has a central audit function and<br />
audit structures within the largest units.<br />
There are 25 auditors within the Group. The<br />
audit structure is decentralised and the<br />
main subsidiaries have their own structure.<br />
The group audit manager reports to the<br />
<strong>Euler</strong> <strong>Hermes</strong> Audit Committee and to the<br />
Chairman of the Group and is a permanent<br />
member of subsidiaries’ audit committees<br />
along with the local audit manager.<br />
An annual programme of audit assignments<br />
is drawn up. This programme,<br />
based on a map of risks and a pragmatic<br />
approach to requirements, has a local part<br />
(2/3 of the activity) and a Group part that<br />
includes the global audits of subsidiaries,<br />
and audits of cross-functional processes<br />
carried out simultaneously in the main<br />
subsidiaries. It is drawn up in accordance<br />
with a structured procedure in the second<br />
half of the year. It is the subject of a procedure<br />
of discussion, communication and<br />
validation with operational staff, General<br />
Management and audit committees. The<br />
last stage of the validation process is the<br />
presentation of the programme to the<br />
<strong>Euler</strong> <strong>Hermes</strong> Audit Committee for<br />
approval in November. The audit programme<br />
is adapted appropriately, in order<br />
to obtain coverage of risk over five years<br />
in accordance with Allianz’s directives,<br />
while ensuring more frequent coverage of<br />
the most sensitive risks. The Group 2004<br />
programme includes four independent<br />
audits (audit of subsidiaries) and three<br />
cross-functional audits including the introduction<br />
of continuity plans.<br />
The audit activity is based on an audit charter<br />
that was validated by the audit committee<br />
and the Supervisory Board in April<br />
2001. It precisely defines the assignment,<br />
the organisation of the various levels of<br />
control within the <strong>Euler</strong> <strong>Hermes</strong> Group and<br />
its subsidiaries and the terms and conditions<br />
of intervention by Group and local<br />
audit departments. It is completed by the<br />
development of audit standards and procedures<br />
at local and Group level.<br />
Risk mapping<br />
Risks were first mapped in 2002, by listing<br />
the operational risks with the managers of<br />
the subsidiaries. Business activity is<br />
divided into nine main functions<br />
49