As part of the regulatory process introduced by the Autorité de Contrôle Prudentiel et de Résolution (CRBF Regulation) concerning the internal control systems of credit institutions, Natixis’ Internal Audit Department uses the results of the periodic audits it performs to assess internal control procedures. There
CORPORATE GOVERNANCE
3
3
Chairman’s report on internal control proceduresof all consolidated entities, whether or not they have credit institution status.
The fact that most subsidiaries have their own management and control functions means that internal control procedures are decentralized and are tailored to the organization of each of the consolidated entities, relying on a multi-tier accounting control process:
V a first-level control where permanent and local controls in operational business lines are integrated into the operating process and formalized in clearly-defined control programs; V an intermediate level overseen by each entity’s financial or
accounting departments where independent controls of operating processes are performed to ensure the reliability and exhaustive nature of the financial statements;
V a final level of control carried out by the Internal Audit Department as part of its regular audits.
Permanent and periodic controls particularly involve conducting and monitoring:
V accuracy and veracity checks, such as the management/ financial accounts reconciliation procedures (balance sheet and income statement), clearing of suspense items, and more generally the justification of all accounts;
V consistency checks through analytical review;
V checks for compliance with accounting rules regarding the correct allocation of income and expenses;
V correct processing of specific transactions in line with the relevant principles;
V adjustment of anomalies identified at the time of these controls as well as the corresponding analyses and documentation. These controls are conducted using the various accounting systems in place throughout Natixis.
For all these systems, Natixis and its subsidiaries continue to upgrade their accounting and fi nancial control procedures and equip themselves with suitable audit trail tools. In this respect, Natixis’ Finance Department supervises, assists and monitors the various controls performed by the subsidiaries.
Firstly, as regards the scope of the Natixis entity, Accounting Controls are based on the following fundamental principles: V separation of the accounting entry and control functions; V standardization of control processes within the various
business lines: methods, tools, reporting and schedules; V management centralized by the Finance Department and taken
up by an independent Accounting Review team;
V ensuring the size of the team is suited to the objectives defined.
The organization of the Accounting and Regulatory Controls function is based on:
V accounting or regulatory production teams, within the business lines or centralized within the Accounting and Ratios Department, that handle all work related to the correct entry of transactions and the implementation of day-to-day controls; V first-level controls under the hierarchical and/or functional
authority of the Accounting and Ratios Department including all monthly and quarterly controls that make the accounts more reliable;
V independent second-level controls under the hierarchical authority of the Accounting and Ratios Department and the functional authority of the Compliance Department. The Regulatory and Accounting Review Department, aside from managing the system, also performs its own controls, including reviewing first-level controls.
The system is based on:
V applying the principles established by the BPCE charter, which specifies the scopes governed by the two-level control processes and stipulates an approach covering supervision of the control teams;
V two kinds of assignments (operational or organizational) to be carried out either as part of closing the accounts or in the form of periodic assignments;
V dedicated tools that allow for the automated reconciliation of account entries and centralization of control results in an internal application;
V formalized documentation, governed by a charter established by Groupe BPCE and specifically containing detailed procedures describing the mechanism’s structure as well as a map of controls spelling out the nature, execution frequency and responsibility of the two levels of control.
The 2013 fi scal year was dedicated to:
V keeping a tighter timetable for publishing the financial statements;
V maintaining the previously defined control system based on: Rreal-time control processes that are decentralized within the
business lines and centralized period-end controls, Rcontinuing to streamline IT systems used by the control
system,
V enhancing controls, particularly via a one-off control plan during interim periods;
V continuing to roll out control programs for regulatory and prudential reports;
CORPORATE GOVERNANCE
3
Chairman’s report on internal control procedures V furthering actions to coordinate the Review Department’ssupervision of the Natixis subsidiaries by setting up periodic reviews aimed at supporting the subsidiaries and helping them define control principles and methods that are consistent across their scope;
V continuing to roll out the new financial management application. Outside France, Natixis continued to overhaul the accounting information system in the US, used by the parent company and rolled out at the US subsidiaries.
The 2014 fi scal year will be mainly dedicated to:
V installing and rolling out the loan management tool in and the accounting system used in Paris throughout Europe (Milan, Madrid and London);
V launching a major project aimed at streamlining the information systems used in the scope of market transactions (FO and BO systems) and rolling out new data input for the accounting tool in this scope;
V continuing initiatives committed to strengthening second-level controls in the accounting, tax and regulatory areas;
V implementing the governance bodies setup in 2013 both in France and abroad on a permanent basis, in line with the Review representatives at the subsidiaries and as part of the coordination of the Review function.
3.6.5.3 External controls
In addition to the control procedures followed by the fi nancial departments responsible for preparing individual or consolidated accounts, the quality of accounting controls is verifi ed by: V ad hoc audit assignments conducted by BPCE’s General
Inspection and Natixis’ Internal Audit Department;
V audits required by the Autorité de Contrôle Prudentiel et de Résolution (ACPR) in its role as banking regulator; audits conducted by Statutory Auditors;
V this work is carried out by three firms working in a uniform manner each quarter on most of the entities falling within Natixis’ scope of consolidation and whose opinions rely, in particular, on compliance with Natixis policies and the effectiveness of local internal control procedures.
CORPORATE GOVERNANCE