16

Practices of administrative and management bodies

Internal Control

153

Worldline

2016 Registration Document

financial reporting sessions.

instructions, issued regularly, and especially for budgeting and

This bottom-up communication is accompanied by top-down

Systemfor riskmanagement

identify, analyze and manage risks. Although risk management

Risk management refers to means deployed in Worldline to

this document.

management, as described in Section

4.5, “Risk management” of

specific formal initiatives have been undertaken concerning risk

is part of a manager’s day to day decision making process,

legal and compliance risks.

to perform the Legal Risk Mapping, targeting more specifically

may impact the Company. The ERM methodology is also used

management assessment, identifying the key challenges that

Risk management activities include a yearly Enterprise risk

Security Function.

management function (including a Group Risk Management

Operational risks on projects are managed by the risk

Risks related to logical or physical security are managed by the

reproduced for R&D projects with a dedicated organization.

and challenging contracts). Similarly, the same process has been

Committee who meets monthly to review the most significant

risks, and a regular follow up of mitigation actions.

All risk management activities include an assessment of the key

described in the next section “control activities”.

Book of Internal Control), on the basis of main risks identified, as

Control activities have also been implemented (through the

Control activities

process to achieve a convenient level of internal control.

procedures by addressing the key control objectives of each

the general management, complements the different

Internal Control (BIC). This document, sent out to all entities by

Worldline key control activities are aligned with the Atos Book of

activities (Security, Legal, Sustainability).

Product lifecycle, HR Management) and Risk & Compliance

operational processes (Opportunity to Order, Order to Cash,

It covers not only the financial processes, but also the various

released and distributed throughout the Group in January

2016,

An updated version of the Book of Internal Control has been

and emerging risks.

continue to evolve, according to growing maturity of processes

improvements in various processes. This framework will

in order to take into account additional controls and some

several of Worldline’s clients.

framework has been used to issue “ISAE3402” reports

1

for

detailing control activities related to client service. This

An IT control framework (part of the BIC) has been defined,

Monitoring

Group and local management, and is also supported by Internal

Monitoring of the internal control system is the responsibility of

Audit missions.

deviations are reported.

and reviewed at Group level. Action plans are initiated when

through questionnaires completed by Regional Business Units,

Control self-assessments are performed by the main Functions

processes.

action plans for continuously improving internal control

defined, in partnership with Group and local management,

development of internal control procedures. Internal Audit also

control procedures are properly applied and supports the

Internal Audit is ensuring, through its reviews, that the internal

division or country.

report including action plans to be implemented by the related

assignments have been finalized by the issuance of an audit

Purchasing, Sales) and 7 related to Operations/core business. All

domain of support functions (Finance, Human Resources,

assessing the functioning of internal control system: 12 in the

(including investigations at the request of general management)

In 2016, Internal Audit carried out a total of 19 audit assignments

recommendations have been implemented in due time.

Committee and to the Audit Committee. In 2016, 87% of audit

concerned owners, and reported up to the Group Executive

recommendations is performed by Internal Audit with

Twice a year, a full review of high & medium open

assessment has therefore been included in the audit plan.

“payments institution” status for Worldline Belgium. An annual

meeting the compliance requirements to maintain the

Internal audit has also actively contributed to help the business

performed by independent auditors for the main service

Audits on Service Organization Controls (SOC) have been

or general ledger accounting processing.

the areas of payroll processing, accounts payable management

providers who run processes on behalf of Worldline, notably in

organization used for auditor’s report on internal control of a service to a third party. Activities of the Group typically have an impact on the control

environment of its clients (through information systems), which may require the issuance of “ISAE3402 reports” for the controls ensured by the Group.

ISAE3402 (International Standards for Assurance Engagements (ISAE) No.

3402). A global assurance standard for reporting on controls at a service

1