3.8 Main features of the internal control and risk management systems of UCB
3.8.1 Internal control
As the governing body of UCB, the Board provides entrepreneurial leadership to UCB and is responsible for approving the strategy, goals and objectives of the company. This includes overseeing the establishment, implementation and review of a prudent and effective system of internal controls, as described herein, as well as the risk management processes as further described in 3.8.2 below.
The Audit Committee assists the Board in its responsibility of monitoring the internal control and risk management processes established by the management of UCB and the UCB Group as a whole; the effectiveness of the overall internal control processes of UCB; the overall financial reporting process; the external auditor (including its appointment procedure); and the Global Internal Audit function and its effectiveness.
UCB management is responsible for establishing and maintaining adequate internal controls to provide reasonable assurance regarding the achievement of objectives of the reliable nature of financial information, compliance with relevant laws and regulations, and performance of the internal control processes (control environment, risk/control system and monitoring) within UCB in the most efficient manner. The internal controls process is monitored worldwide by the Internal Control function in an automated manner for system access and segregation of duties, process control-self assessment testing, and continuous controls monitoring. Information systems are developed to support UCB’s long-term objectives and are managed by a professionally staffed Information Management team.
As an important component of managements system of internal controls, UCB updates its business plan on an annual basis and prepares a detailed annual budget for each financial year that is considered and approved by the Board. A management reporting system is in place, providing management with financial and operational performance measurement indicators. Management accounts are prepared monthly to cover each major area of the business. Variances from plan and previous forecasts are analyzed, explained and acted on in a timely manner. In addition to regular Board discussions, meetings are held at least monthly by the Executive Committee to discuss performance, with specific projects being discussed as and when required.
The Global Internal Audit function provides independent, objective assurance services designed to evaluate, add value and improve the internal control environment and operations of UCB by bringing a systematic, disciplined approach to the evaluation of, and recommending enhancements to the governance, compliance, internal control, and risk management processes of UCB.
The Global Internal Audit group undertakes an Audit Plan of financial, compliance and operational audits and reviews, as reviewed and approved by the Audit Committee and covering relevant company activities. The program includes independent reviews of the systems of internal control and risk management. The findings and the status of corrective actions taken to address these are regularly reported in writing to the Executive Committee, and the status of the completion of the Audit Plan as well as a summary of the findings and the status of corrective actions are reported in writing to the Audit Committee at least twice per year.
UCB has adopted formal procedures focused on internal controls over financial reporting, referred to as the Transparency Directive process. This process is intended to help minimize the risk of selective disclosure; to help ensure that all material information disclosures made by UCB to its investors, creditors and regulators are accurate, complete, timely and fairly present the condition of UCB; and to help ensure adequate disclosure of material financial and non-financial information and significant events, transactions and risks.
The process consists of a number of activities. Identified key contributors in the internal control process, which include all Executive Committee members, are required to certify in writing that they understand and have complied with the requirements of UCB related to the financial reporting process, including providing reasonable assurance of effective and efficient operations, reliable financial information and compliance with Laws and regulations. To promote their understanding of the broad range of potential issues, a detailed checklist is provided to them to complete and to assist them in their certification. In addition, a detailed worldwide desk review of Sales, Credits, Accounts Receivables, Trade Inventories, Accruals, Provisions, Reserves and Payments is performed, and the Finance Directors/ representatives of all individual entities are required to acknowledge in writing that their financial reporting in these areas is based on reliable data and that their results are properly stated in accordance with requirements.
These procedures are coordinated by the Global Internal Audit function in advance of the issuance of the half-year and annual accounts. The results of the procedures are reviewed with the Chief Accounting Office, as well as Finance, the Legal Department and the External Auditors. Appropriate follow-up of any potential issues identified is performed and consideration of adjustments to reported financial information or disclosures is evaluated. The results of these procedures are reviewed with the CEO and the CFO, and subsequently with the Audit Committee, prior to the publication of the accounts.
3.8.2 Risk management
The whole UCB group and its affiliates worldwide are committed to providing an effective risk management system to minimize threats that may impact our ability to achieve our strategic plans and corporate objectives.
To this effect, the UCB Group incorporates Risk Management practices as follows:
A global Risk Management policy, applicable for the whole UCB Group and its affiliates worldwide, describes the commitment of UCB to provide an effective risk management system across the UCB Group and articulates the framework and architecture for managing key risks at UCB.
The Board is responsible for approving the strategy, goals and objectives of the UCB Group and overseeing the establishment, implementation and review of the risk management system of the UCB Group. The Board is assisted by the Audit Committee in its responsibility for the appreciation of risk management. The Audit Committee examines on a regular basis the areas where risks could significantly affect the financial situation or reputation of the UCB Group. The Audit Committee monitors the overall risk management process of UCB.
The Executive Committee is responsible for implementing the risk management strategy and objectives, as well as championing the prioritization, control and review of risks critical to UCB’s success. The Global Internal Audit function is responsible for independently and regularly reviewing as well as validating the risk management process in UCB and jointly agreeing with the business functions on actions to mitigate and control assessed risks.
The Head of Enterprise Risk Management provides periodic status updates directly to the Executive Committee and, on a periodic basis, to the Audit Committee as well as to the Board. The Risk2Value Table, consisting of management representatives of all business functions, provides strategic leadership that endorses the enterprise level risk assessment, prioritization and response process, supported by an enterprise risk management system to effectively assess, report and manage actual or potential risks or exposures. The sources of risk information include the assessment from the business areas (bottom-up), input from executive leadership (top-down) and the external context for the organization (outside-in). Every top risk of the organization is owned by a member of the Executive Committee to ensure accountability and priority.