FOUNDATIONS OF INTERNAL CONTROL

Société Générale implements the recommendations given in the AFEP-MEDEF report of September 2002 on the corporate governance of listed companies.

Building blocks of internal control

Given the extent and diversity of the risks inherent in banking, internal control is a vital instrument in risk management policy that plays an important role in ensuring the sustainability of activities. It forms part of a strict regulatory framework defined at a national level, and is also the focus of various projects at an international level (Basel Committee, European Union). Internal control concerns all personnel in all areas of the Group. Indeed, while the primary responsibility lies with the operational staff, a number of corporate divisions are also involved, notably the Risk Division, the Corporate Secretariat (in charge of Compliance), all of the Group’s finance departments and the Internal Audit Division.
Risk management policy and procedures are defined at the highest management level and are governed by the Board of Directors and General Management.
The Board of Directors defines the company’s strategy by assuming and controlling risks, and ensures that it is applied. Within the Board of Directors, the Audit, Internal Control and Risk Committee is responsible for examining the consistency of the internal framework for monitoring risks as well as ensuring compliance with this framework and with existing laws and regulations. It carries out regular, in-depth reviews of the risk assessment, monitoring and management systems.
Presentations on the main aspects of, and notable changes to, the Group’s risk management strategy are made to the Board by the General Management at least once a year or more frequently as circumstances require.
Chaired by the General Management, three specialised committees of the Group Executive Committee are responsible for central oversight of internal control and risk management:
  • The Risk Committee, which meets at least once a month to discuss the Group's risk strategy, particularly the management of different risks, and the structure and implementation of the risk monitoring system. The Group also has a Large Exposure Committee, which focuses on reviewing large individual exposures.
  • The Finance Committee, which, as part of its management of the Group's financial policy, validates the structural risk monitoring and control system and reviews changes in the Group’s structural risks based on the consolidated reporting by the Finance Division.
The Internal Control Coordination Committee (ICCC), which manages the overall consistency and effectiveness of internal control under the responsibility of a Deputy Chief Executive Officer. The Committee is comprised of the Corporate Secretary, the Chief Risk Officer, the Chief Financial Officer, the Group Chief Information Officer, the Head of Group Internal Audit and the Head of Internal Control Coordination.