98 / 330
CORPORATE GOVERNANCE AND INTERNAL CONTROL
2.5 Internal control and risk management procedures
2
98
Registration Document 2016 — Capgemini
In this respect, the risk management coordinator:
Makes methodology tools and approaches available to the
◗
various management bodies.
Coordinates all risk management activities within the Group.
◗
Centralizes and consolidates all work and particularly work
◗
performed by the various priority risk.
Encourages the sharing of good practice within the Group.
◗
1
st
line of defense: from management to employees
relevant laws, regulations and customary practices in the country
where they operate, in order to exercise control more effectively
adapt the Blue Book drafted by Group Management, by drawing
up detailed internal control procedures which comply with the
over risks specific to their local market and culture.
Operations and Business unit management supplement and
communicated by the Group functional departments.
identification and control of risks relating to their own environment,
in compliance with the rules and procedures implemented and
Operations and Business Unit management duties include the
2
nd
line of defense: function departments with risk expertise
sector and ensures, in particular, the consistency of actions
undertaken in the Business Units with these guidelines. It assists
Committee with the identification and prioritization of risks. Each
department defines and rolls out risk control systems in its activity
all Group entities by facilitating the sharing of risk management
and internal control best practice.
The various Group functional departments assist the Risk
3
rd
line of defense: internal audit
the review of IT projects.
languages spoken locally in the Group. This significant
internationalization of the internal audit team reflects the desire to
Units audited. The internal audit team comprises 32 auditors,
representing 12 different nationalities and covering 90% of the
seventeen auditors including three technical experts specializing in
accompany the expansion of the Group into new regions of the
world; the Internal Audit Department also has a Bombay desk with
Chief Executive Officer, guaranteeing the independence of the
internal audit function with respect to the functions and Business
Audit function. Its Director reports directly to the Chairman and
For over 30 years, the Capgemini Group has had a central Internal
reasonable assurance - and not an absolute guarantee - against
all risks.
given that, irrespective of how well they are drafted and how
stringently they are applied, these procedures can only provide
the internal audit function independently assesses the
effectiveness of internal control and risk management procedures
In accordance with professional standards governing this activity,
Internal Audit is therefore tasked with:
reviewing the internal control procedures implemented in the
are exposed locally;
down by the Group and with certain specific procedures
enabling the elimination or mitigation of the risks to which they
Strategic Business Units and their component legal entities to
ensure that they comply with the general principles and rules laid
their complete independence from the unit being audited).
(Group Delivery Auditors), who are selected from among a list of
Group accredited professionals according to their skills (and also
auditing the Group’s major contracts considered to present
◗
significant risk; Internal Audit uses one or more technical experts
budgetary commitments, etc.). At the request of the Chairman
and Chief Executive Officer, the Internal Audit Department may
Officer has the power to modify this program in the event of an
emergency (delays and irregularities, major divergence from
also perform special assignments to review specific situations.
Each Business Unit is audited in line with a bi-annual program
covering the entire Group: the Chairman and Chief Executive
target company in order to ensure, in particular, their compatibility
with Capgemini Group expectations.
Group is considering acquiring. These reviews involve an
examination, from an ethical stance, of all the activities of the
responsible for the ethics and compliance programs and the
ethics phase of due diligence assignments on companies that the
The Ethics, Compliance and Internal Audit Department is directly
During 2016, the Ethics, Compliance and Internal Audit:
focusing particularly on priority actions;
management of the unit audited undertook to implement as
entire Group and enabling it to monitor real-time the
implementation of recommendations following the audit,
quickly as possible in order to improve or correct the points
identified by the audit. Internal Audit uses a tool covering the
51 audits of units belonging to all Group Strategic Business
◗
Units. Each audit involved an average of 36 man-days in the field
and concluded with the issue of an action plan that
Executive Officer;
1 special assignments at the request of the Chairman and Chief
◗
1 ethical due diligence assignment.
◗
The Ethics, Compliance and Internal Audit Director presents:
twice annually to the Audit & Risk Committee of Cap Gemini
◗
S.A. Board, a comprehensive report on the department’s work
processing of financial and accounting information);
during the half-year (particularly regarding internal control
efficiency and risk management in the preparation and
the Group’s Code of Business Ethics.
Gemini S.A. Board a specific report on measures implemented
under the ethics program and the result of compliance audits of
once annually to the Ethics & Governance Committee of Cap
◗
Chairman and Chief Executive Officer on any matter that it
considers should be brought to his attention and informs the Audit
at any moment draw up a special report for presentation to the
and Risk Committee and/or the Ethics & Governance Committee
where significant deviations have been identified.
Finally, the Ethics, Compliance and Internal Audit Department may
this Registration Document.
The main risk exposures faced by the Group and the related risk
management systems are set out in the Risk Analysis section of