Tarkett’s organization is decentralized, relying on local executives, and set in a framework that reflects the Group’s philosophy with respect to ethics, organization and control.
This organizational framework relies on the following:
- a set of values and principles disseminated throughout the Group whenever new employees arrive and relayed by recurring training and reminders. These principles are embedded in the Company’s Code of Ethics and policies on anti-trust compliance and corruption prevention;
- the founding principles at the heart of the Group’s values, such as responsibility and exemplary behavior, which are relayed throughout the organization and the various areas of responsibility and support;
- the harmonization of financial processes through implementation of an integrated information system used by the majority of the Group’s entities; and
- an internal control manual, Tarkett Risks And Controls Evaluation (“TRACE”), internal function-specific procedures used by all of the Group’s subsidiaries, as well as rules for delegation of authority and division of duties.
The primary participants in this system are as follows:
- Senior Management, which is ultimately responsible for risk management and internal control and which relies on the following:
o the Group and divisional finance departments, on the one hand; and
o the operational departments (divisional presidents) and functional departments on the other.
- The Audit and Internal Control Department is part of the Finance Department and reports functionally to the Audit Committee. It is charged with the following:
o guiding the risk management and internal control system; and
o ensuring compliance with Group rules at the entity level, evaluating risks in areas covered by its audits and recommending improvements relating to internal control.
The Audit and Internal Control Department also relies on a network of internal divisional auditors who manage these procedures within their areas.
- the Audit Committee is responsible for monitoring the preparation and audit of accounting and financial information, as well as for ensuring the efficiency of risk-monitoring and internal control procedures to facilitate the Supervisory Board’s review and approval thereof.
16.7.2.2 Identification and Evaluation of Risks Risk Mapping:
In 2010, Tarkett created a risk map that is updated every two years, or more frequently in the event of significant changes in the environment. The process for identifying risks uses a three-step method:
- First, the Audit and Internal Control Department, supported by outside experts, interviews members of the Executive Committee and key employees holding strategic positions at the Group level and in the divisions in order to identify risks within their areas.
- The Audit and Internal Control Department then creates a synthesis of the main risks, specifying their definition, frequency, impacts (such as financial, human, legal or reputational) and the degree to which they are controlled.
- The risk map and actions plans are then reviewed and approved by the Executive Committee and presented to the Supervisory Board’s Audit Committee.
In 2013, the Group’s risk map was sent to the operational divisions (geographic zones) in order to take regional or sectoral specificities into account and to disseminate the Group’s view of its risks more broadly throughout the Group.
The relevant departments (whether operational divisions or cross-divisional functions) prepare actions plans based on the primary risks identified.
Ongoing Monitoring:
Risk-awareness is updated on an ongoing basis through monitoring procedures relating to both competition and technology, as well as actions by specialized departments (such as Insurance and World Class Manufacturing) that participate in oversight of fire, security, and environmental risks, in particular.
Monthly activity reviews enable the Group’s operational entities to rapidly report information to Group management, and facilitate the identification of risks, updating of the risk map and implementation of action plans to manage the risks.
16.7.2.3 Control Activities
Control activities are defined in the TRACE manual. For each principal process this manual presents the major risks and objectives, as well as a description of the related controls, applicable to the Group as a whole. This mechanism constitutes a common reference for management of the local entities, which is responsible for supplementing it locally with additional control activities for dealing with specific risks.
Self-Evaluations
The Group’s subsidiaries are subject to an annual internal control self-evaluation intended to assess their compliance with the internal control manual. The self-evaluation is approved by the management of the relevant entities pursuant to their responsibility for implementing internal control and the quality of their self-evaluation. This self-evaluation is carried out using dedicated software such as e-TRACE or Enablon.
All of the Group’s subsidiaries are required to participate. In 2013, the Group’s Tandus subsidiaries in the U.S. and Canada were integrated into the Tarkett internal control system.
The Audit and Internal Control Department analyses and distributes a synthesis of the results to the interested parties. The results of the self-evaluation are reviewed at the divisional level with the Group’s chief financial officer, the internal chief financial officer and internal controller for the relevant divisions, and the Audit and Internal Control Department.
A review is also conducted for each process by the relevant Group-level department.
Action plans resulting from these reviews are implemented by local management under the responsibility of divisional or functional management.
Internal Control Testing and Internal Audits
Self-evaluation is supplemented by testing of key controls under the TRACE manual, carried out by internal divisional controllers, as well as by internal audits carried out by the Audit and Internal Control Department.
16.7.2.4 Steering
On the basis of an audit plan approved in advance by the Audit Committee, the four-member internal audit team carried out 24 audits in 2013. The audit plan is composed of repeated audits of subsidiaries, primarily of a financial nature, as well as of “transverse” audits with respect to an operational process or particular risk.
Each audit is the subject of a report that includes an action plan prepared by the relevant entities in order to correct any weaknesses that are discovered. An action plan monitoring process ensures that the identified weaknesses are corrected, and relies on:
- quarterly reporting on the entities’ progress in implementing the action plan;
- since the beginning of 2013, follow-up monitoring by the division’s internal controllers within six months following the internal audit; and
- monitoring by internal audit, if necessary, with respect to critical matters.
Internal Control Performance Indicators
The Audit and Internal Control Department has put in place and follows a series of quarterly internal control performance indicators, including the rate of compliance with 50 key controls identified by the manual, Separation of Duties (“SOD”) risks, progress on action plans and coverage of tests carried out by the internal controllers.
16.7.3 Preparation and Processing of Accounting and Financial Information