3.1
Global system of internal control and risk management
40
3.2
Accounting and financial reporting
51
Chairman of the Board of Directors describing the internal control and risk management procedures which the company has implemented.
In order to meet the requirements of the provisions of Article L. 823-19 of the French Commercial Code, the Chairman of the Board of Directors with the support of the Law Division and Corporate Audit Services prepares the Report, which is centered around the following topics: corporate governance, global system of internal control and risk management and accounting and financial reporting.
After having proposed a general framework and having indicated all current applicable regulations, the Law Division consolidated the inputs received from the various departments involved.
This report was presented to the Audit and Finance Committee at his meeting held on April 25, 2016, and approved by the Board of Directors at the meeting held on April 26, 2016. Regarding internal control and risk management, the procedures implemented by the company at the Group level, the responsibilities within the Group and the standards that have been set, are the subject of an explanatory report by the Chairman of the Board of Directors, in accordance with
The internal control system for the processing of accounting and financial information has been specially developed, to take into account the regulation in this area, both in the United States with the Sarbanes-Oxley Act which applies to Alcatel Lucent due to the fact it was listed on the New York Stock Exchange, and in France, pursuant to the Financial Security Law (loi de sécurité financière), which requires the Statutory Auditors to issue an opinion on the report by the Chairman of the Board of Directors.
Since end of 2014, the Alcatel Lucent group has entered a pluriannual partnership with Accenture. Under Alcatel-Lucent responsibility, Accenture delivers now part of the functions of Human Resources, Finance and IT Programs. Engagement and commitment of both parties were defined as per contract signed. Service Level Agreements and Key Performance Indicators have been defined and are regularly followed in the context of the agreed governance.
It should be noted that the term Group used in the present section refers to Alcatel Lucent and all its consolidated subsidiaries.
The elements presented below describe a situation aligned in the fiscal year ended as at December 31st, 2015.
3.1
Global system of internal control and risk management
A. Objectives and control framework used
The internal control system used by the Group follows a framework established by a recognized body, the Committee of Sponsoring Organizations of the Treadway Commission updated on 2013 (COSO 2013), applicable in 2014. The new framework identifies 17 principles beneath the existing components of former COSO 1992 which has been incorporated by the Autorité des Marchés Financiers (AMF) in its cadre de référence (reference framework).One of the aims of our internal control and risk management system is to prevent and manage business risks and the risks of errors and frauds, in particular regarding accounting and finance matters. This system is reviewed yearly, based on lessons learned process or new controls requirement. Like any other control system, it cannot provide absolute assurance that these risks will be entirely excluded. However, it provides the Board of Directors and management the means to make sure that the following objectives are met:
Š optimization of operations;
Š reliability of the financial information;
Š compliance with existing laws and regulations.
The system is based on 3 main principles:
Š shared responsibility: internal control relies on the resources of the different Group organizations and/or the responsibility of each employee, which is based on a system of delegation of authority, enabling to implement the Group’s policies consistently. Each manager has the duty to control in an efficient manner the activities (s)he is responsible for; Š identification and compliance with common standards and
procedures: formalizing standards and procedures and communication of the framework to all members of the Group is vital in the internal control process;
Š segregation of duties: the general set-up of the system must reflect the distinction that exists between the people who execute the transactions and those who validate and control them.
Providing discipline and structure, the control system is the foundation of all components of internal control and risk management of the Group.
The below chart represents the concept of the “3 lines of defense” as laid out by the IFACI (French Chapter of the IIA -Institute of Internal Auditors), and applied to Alcatel Lucent. The related components of the chart are further detailed in the subsequent sections.
BOARD OF DIRECTORS / AUDIT & FINANCE COMMITTEE
EXTERNAL AUDIT
REGULATORS
MANAGEMENT COMMITTEE AND LEADERSHIP TEAM
1ST LINE OF DEFENCE 2ND LINE OF DEFENCE 3RD LINE OF DEFENCE
Business Operations
Sales & Marketing Operations
IP Routing & Transport IP Platforms
Wireless Access Fixed Access Strategy & Innovation Submarine
Oversight Functions
Finance Department
Corporate Controlling Investment Office Corporate Accounting & Consolidation
Financial Analysis and Risk Assessment
Human Resources Department Law Division
Procurement Department Business & Information Technology Transformation Compliance
Global Security
Corporate Audit Services Corporate Investigation Services