GROUP OVERVIEW Internal control and risk management 1 1.9.4.9 Information system The deployment of an ERP system (SAP) across the Group makes Klépierre oversees its entire information system for all European it possible to record day-to-day transactions and enter accounting subsidiaries of the Group centrally from the Group’s headquarters in data in an integrated and automated manner. To provide reliable and Paris. consistent information both internally and externally, all processes are designed and established according to a single standard and This information system is mainly based on an SAP Core Model common rules, which ensures the reliability of all data and the uniform supplemented by satellite tools that meet specific operational needs. quality of accounting information and its traceability. Automation and restrictions on manual entries help to enhance the quality of the data Klépierre’s IT strategy is based on three pillars: in the system. > oversight of new projects to improve functional coverage of the All the processes used to prepare accounting data are subject to information system; accounting control programs at various levels, including validation > facilitate Klépierre’s expansion by means of the IT integration of rules, authorizations and instructions concerning supporting evidence new subsidiaries (shared network, shared desktop environment, for and documentation of accounting tasks. The “Accounting Internal standardized processes and systems); Control” unit, which reports directly to the Deputy CFO, is in charge of defining and circulating the accounting control rules and ensuring > making operations in countries currently in production more the smooth operation of the internal control environment. reliable. The Klépierre Group’s internal financial data is certified using the Consolidated reporting at Group scale on the basis of a common Finance Accounting Control Tool (FACT). Through this process, language allows for reliable, coherent and efficient financial those involved in the evaluation of accounting controls formally communications. certify the reliability of the data provided and the proper functioning The data managed in Klépierre’s information systems may also be the of the fundamental controls necessary to ensure the accuracy of the subject of internal or external attacks. These are monitored both by financial data for which they are responsible. means of strict authorization procedures as well as auditing, screening This process contributes to the overall monitoring of the functioning of and security systems. internal accounting controls within the Group and keeps the Finance All information system data is hosted in a Tier 3 data center. The Department, which is responsible for the preparation and quality of the daily data backup is sent to a second Tier 3 data center and then Klépierre Group’s consolidated financial statements, informed about externalized. Disaster scenarios are played out twice a year and the preparation of financial statements in each subsidiary. thereby ensure the recovery of data in the event of a failure. The content of the certificates is determined by the Group’s To ensure the optimal management of this risk, the Information accounting internal control function, after approval by the Deputy Systems Department elected to relocate the Group’s server room and CFO. to set up a backup server room that could be activated in the event of Accounting internal control also has a role to play in the Group-level a disaster. All data is backed up daily. payment process, in particular as regards the definition of segregation of duties, authorizations in tools, the establishment of signatories, and 1.9.5 Preparation and processing the validation of sensitive data of third-party payment beneficiaries. of financial and accounting data In addition, to limit the risk of fraud, the Group has put in place secure payment methods. To this end, a Group banking platform was set The reliability of financial and accounting data, as well as compliance up in 2016 (Kyriba) and rolled out to almost the entire Group. Most with the regulations in force and internal instructions form the payments are made automatically from SAP to Kyriba. A double principal internal control objectives of the accounting production signature principle is always complied with for all payments to third process. parties. To ensure adequate coverage of the major accounting risks, Finally, through the implementation of prevention and detection Accounting Internal Control is predicated on knowledge of the controls and constantly making employees aware of the risks of fraud operational processes and their translation in the financial statements, (periodic reports that identify various cases of fraud and procedures on the definition of the responsibilities of the various participants in to follow if necessary), the accounting internal control function is the the process and on information system security. foundation of anti-fraud processes. The quarterly reporting system for Management Control (in place 1.9.5.1 Accounting organization at head office and the subsidiaries) uses a standard model to track and management control trends in the principal key performance indicators by country and by asset and to ensure that these are properly geared to the objectives Accounting tasks are carried out by the Finance Department in each laid down in the annual budget approved by Management. Reports country in which The Klépierre Group operates. The preparation of the prepared at regional level are reviewed for a second time by the Group corporate and consolidated financial statements is the responsibility Management Control Department. In addition, a full reconciliation is of the Finance Department. carried out by Group Management Control to ensure the consistency of the accounting results with the consolidated management results. KLÉPIERRE 2017 REGISTRATION DOCUMENT 37