161
VIVENDI
l
2012
l Annual Report
3
3
INFORMATION ABOUT THE COMPANY – CORPORATE GOVERNANCE
SECTION 4 - REPORT BY THE CHAIRMAN OF VIVENDI’S SUPERVISORY BOARD ON CORPORATE GOVERNANCE, INTERNAL AUDITS
AND RISK MANAGEMENT – FISCAL YEAR ENDED DECEMBER 31, 2012
RISK MONITORING AND MANAGEMENT
A report is regularly presented by its Chairman to the Vivendi Supervisory
Board and sent to every member of the committee and the Supervisory
Board.
Vivendi chairs the Audit Committees of the following subsidiaries: SFR,
Maroc Telecom, GVT, Canal+ France and Universal Music Group, and
participates, subject to the agenda, in meetings of Activision Blizzard’s
Audit Committee.
In 2012, Vivendi’s Audit Committee met three times with a 100%
attendance rate. A description of it work is presented in Section 3.1.1.14
of Chapter 3 of this Annual Report.
THE INTERNAL AUDIT AND SPECIAL PROJECTS
DEPARTMENT
The Internal Audit and Special Projects department (made up of 14 internal
auditors for financial audit and external auditors for IT audits) reports to
the Chairman of the Management Board and is responsible for assessing,
in an independent manner, the quality of internal controls at every level
of the organization. Its operations are governed by a Charter approved by
the Audit Committee.
The Internal Audit departments of SFR (8 Auditors), Canal+ France (8
auditors), Activision Blizzard (10 auditors), GVT (7 auditors) and Maroc
Telecom’s Financial Audit department (11 Auditors) currently reinforce
the resources dedicated to internal control assessment at the business
unit level. The annual audit plan approved by the Management Board
provides that on average 35% of its projects will be conducted jointly by
the respective auditing teams of the business units and the headquarters.
The Internal Audit department is responsible for performing an
independent assessment of the effectiveness of the internal control
processes, based on an annual audit plan which is approved by the
Management Board, the Finance department and the office of the General
Counsel of the Group and presented to the Audit Committee. This plan
is developed from both an independent analysis of the operational,
IT and financial risks of each business unit and the consultation with
the General Management of each entity. Reports on the audit work
carried out are communicated to Vivendi’s General Management, as
well as to operational and functional management and their superiors.
A summary of these reports is presented at each Audit Committee meeting
along with any observations made by the Group’s external auditors.
Follow-up audits are generally performed within 12 months to ensure
that recommended action plans and agreed corrective measures (if any)
have been implemented. A status report on the implementation of the
recommendations following an audit is presented to the Audit Committee
once a year. A half-yearly internal audit report is presented to the
Management Board and the Supervisory Board.
The Group may encounter cases of fraud in connection with its operations,
which – as soon as they are noticed – are systematically reported to the
Audit Committee and which may be the subject of special investigations
which may result in of the imposition of penalties, where applicable.
SELF-ASSESSMENT QUESTIONNAIRES
A self-assessment questionnaire on internal control, dealing with the five
main components of internal control as defined by the COSO report, is
sent out jointly to business units by the General Counsel’s office and the
Financial department every year. This questionnaire covers the following
topics:
ethics and human resources: the existence and dissemination of a
specific Code of Ethics, reference checking procedures upon hiring,
procedures for granting exceptions to the Compliance Program,
measures for protecting personal data (companies and customers)
and compliance with anti-corruption laws and regulations, such as
the UK Bribery Act 2010;
financial reporting: the distribution of Group procedures, particularly
accounting procedures and the systematic referral to the Vivendi
financial consolidation and reporting team of specific accounting
adjustments;
organizational: the regular update of powers of attorney and the
review of the principles of separation of tasks, procedures for
the assessment and monitoring of risks of the business lines and
the existence and update of a backup and continuity plan and the
protection of sensitive data (cybercrime);
information technologies: computer security procedures and regular
data backup, the protection of customer data during marketing
campaigns and social networking; and
control and monitoring activities: description of the resources
allocated to internal control, closing accounts and budget monitoring.
No major action plan was postponed by the business units. A certain
number of initiatives have been put forward, such as the continued
adaptation of the control environment of businesses recently
incorporated into the Group and automation of key controls, strengthened
documentation of processes and periodic updates of delegations of
powers within subsidiaries, the updating of data protection charters and
guides and the strengthening of procedures regarding the use of social
networks and increasing the awareness of employees about the matters
of conflict of interest and fraud.
A summary of the responses to these questionnaires were presented
and reviewed by the Group’s Financial Information and Communication
Procedures Committee. The documentation containing the answers to the
questionnaires and the conclusions relating thereto are also reviewed by
the business units’ external auditors.
4.4.2.
Internal Control Monitoring
The work performed by the Statutory Auditors in relation to the review and
assessment of internal control is summarized in a detailed presentation
to the General Management and the Internal Audit of the business units
concerned. A summary of their conclusions is presented to Vivendi’s Audit
Committee.
I...,151,152,153,154,155,156,157,158,159,160 162,163,164,165,166,167,168,169,170,171,...374