A maturity grid was developed based on a review of
documentation (internal and external audit reports,
assessments, etc.), interviews and a self-assessment
exercise conducted across all the departments.
It highlights the processes and sub-processes for
which the level of risk was not acceptable and
the level of control over these risks was insufficient.
This analysis identified those areas of activity
that needed to be secured as a matter of priority.
A roadmap specifying the actions to be implemented
was developed to meet this objective. This was
supplemented by operational monitoring of the
action plans resulting from the internal audit reports,
which provide a pool of control actions that
need to be implemented.
At the same time, Société du Grand Paris
has embarked on a process of structuring
its internal control/compliance policy
regarding the Grand Paris Express ecosystem.
This is supported by a specific organisational
structure and dedicated tools: tools for verifying
and monitoring subcontractors compliance with
social and tax obligations, tools for monitoring and
assessing third parties with regard to the risk
of corruption, protection of personal data passing
through service providers, etc.
An internal control roadmap and a control plan are presented to the Management Board at the beginning of each year.
Resources dedicated to internal control
The deployment of internal control is managed by
the Compliance Unit of the Risk, Audit and
Compliance Division and by a network of internal
control/quality advisers within the project and
business departments. The unit s role is to assist
departments in formalising their internal controls and
to perform checks on the robustness of the systems.
The advisers are responsible for implementing the
approach to their respective divisions, thereby
familiarising employees with the process.
An internal control handbook has been
produced, specifying the objectives,
the applicable regulatory framework
and the governance and coordination
procedures for the approach. An internal
control roadmap, specifying the internal control
systems to be formalised, and a plan of second-level
controls to be performed are presented to the
Management Board at the beginning of each year.
Lastly, progress on the approach is presented to
the Audit Committee each year, to ensure that the
governance bodies are kept informed.
IDENTITY
RISKS AND CHALLENGES
Risks
CSR APPROACH
2020 ACTIVITY