2010Annual Report - Schneider Electric CZ, s.r.o.
2010Annual Report - Schneider Electric CZ, s.r.o.
2010Annual Report - Schneider Electric CZ, s.r.o.
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
3 CORPORATE GOVERNANCE<br />
INTERNAL CONTROL AND RISK MANAGEMENT<br />
134<br />
The Key Internal Controls are available to all units on the Group<br />
intranet, along with appendices with more detailed information,<br />
links to full policy descriptions on the Functions’ intranets, an<br />
explanation of the risks covered by each Key Internal Control and a<br />
self-assessment guide.<br />
4. Risk identification and management<br />
4.1. General risks at the Group level<br />
The Internal Audit Department interviews the Group’s 40 top<br />
managers to update the list of general risks at the Group level each<br />
year. The risks identifi ed through these interviews are ranked by<br />
impact and probability of occurrence. The threat/opportunity aspect<br />
of each risk is also taken into account.<br />
Risk factors related to the Company’s business, as well as<br />
procedures for managing and reducing those risks, are described<br />
in “Risk Factors.” These procedures are an integral part of the internal<br />
control system.<br />
When drawing up the Internal Audit plan for the coming year, team<br />
members look closely at the risk matrix and the analysis of changes<br />
from one year to the next.<br />
More than half of the major and general risks identifi ed at end-2009<br />
were addressed in audits carried out between 2008 and 2010 to<br />
assess action plans for managing and reducing risks.<br />
4.2. Operating risks at the unit level<br />
Operating risks are managed fi rst and foremost by the units in<br />
liaison with the Operating Divisions, based on Group guidelines<br />
(notably the Key Internal Controls). Each subsidiary is responsible<br />
for implementing procedures providing an adequate level of internal<br />
control.<br />
The Operating Divisions implement cross-functional action plans for<br />
operating risks identifi ed as being recurrent in the units or as having<br />
a material impact at the Group level. The internal control system is<br />
adjusted to account for these risks as needed.<br />
The Group’s insurance programs cover the remaining portion of<br />
transferable risks.<br />
2010 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC<br />
For each cycle, the Key Internal Controls cover compliance, reliability,<br />
risk prevention and management and process performance. The<br />
operating units fi ll out self-assessment questionnaires concerning<br />
the Key Internal Controls.<br />
4.3. Risk management by the Risk – Insurance<br />
Department<br />
The Risk – Insurance Department contributes to internal control by<br />
defi ning and deploying a Group-wide insurance strategy, as defi ned<br />
in “Risk Factors.” The insurance strategy identifi es and quantifi es<br />
the main insurable risks and defi nes and recommends measures to<br />
prevent risks and protect assets.<br />
4.4. Risk management by the Safety<br />
Department<br />
The Safety Department contributes to internal control by defi ning and<br />
deploying safety strategies. Like the Risk – Insurance Department,<br />
with which it works in close cooperation on recovery issues, the<br />
Safety Department helps identify and quantify the main risks within<br />
its scope and defi nes and recommends measures to prevent risks<br />
and protect people and assets. It is also involved in defi ning and<br />
deploying business continuity and crisis management plans.<br />
4.5. Management of information system risks<br />
An IT Security unit within the Information, Process and Organisation<br />
Department defi nes and implements specifi c security measures for<br />
information systems.<br />
This Department was given responsibility for auditing the security of<br />
IT systems in 2010. Its fi rst assignments were carried out in 2010;<br />
its recommendations resulted in remedial action plans.