Group Presentation
You are here:HomeAbout TotalGroup PresentationOur Ethical Principles and PracticesMethods, resources and tools Internal control and risk management
Group Presentation
Internal control and risk management
The internal control framework adopted by Total is that of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In this framework, internal control is a process intended to provide reasonable assurance that the following will be achieved: effective and efficient operational control, accurate reporting of financial information, and compliance with applicable laws and regulations. As for any system for internal control, there can be no guarantee that all risks are completely eliminated.
As a result, the Group’s internal control procedures are based on the COSO framework: design and implementation of internal controls, risk evaluation process, internal control operations, documentation and communication of internal control rules, and supervision of the internal control system.
At each level, specific internal control procedures cover organization, delegations of authority and employee education and training that conform to the Group’s overall framework.
The principal themes of human resources policy are coordinated at the Group’s Human Resources Department. Human resources are generally managed on a decentralized basis at profit centers.
Internal control procedures are based on the Group’s core values, including the integrity, ethical conduct and professional competence of its employees.
The Group’s values and business principles are set out in the Code of Conduct and Ethics Charter and circulated to employees. The Group’s Financial Code of Ethics is distributed to financial officers at the corporate and business levels. These principles and rules are also cascaded in codes, procedures and guidelines governing certain significant processes in the business segments. These codes explain the Group’s values and describe its business and behavior principles with regard to employees, shareholders, customers, suppliers and competitors. They also set out the rules of individual behavior that is applicable to all employees and expected in host countries.
The Group’s senior management receives regular training on the content and the importance of the rules of behavior set out in the Code of Conduct and available on the Group’s Web site. Each year, the general managers and financial officers of profit centers or subsidiaries provide internal written representations to the Chief Financial Officer that they have complied with internal control procedures and that the financial reporting under their responsibility is reliable.
The Group’s Ethics Committee implements a program to prevent insider trading. Employees are alerted to their status as permanent or temporary insiders and warned that they are prohibited from trading Total securities during certain periods.
Under these internal control principles, which are part of the corporate governance organization described above, the Audit Committee is responsible for monitoring the efficiency of internal control and risk management procedures, assisted by the Internal Audit Department and the internal control teams from the business segments. These rules are designed to allow the Board of Directors to ensure internal control is effective and that published information available to shareholders and financial markets is reliable.
The Group has continued in 2010 a coordinated integration process of its risk management activities, complementing the processes currently in place in the different businesses. As part of this process, the mapping of business risks completed by business units was presented to the Audit Committee in 2009 and 2010.
The principal risks monitored at Group level are: sensitivity to the oil market environment (oil prices and refining, marketing and petrochemical margins); exposure to oil and gas trading risks; financial markets risks (foreign exchange risk, particularly related to the dollar, and interest rate); political and legal risks related to the operating and contractual environment of the exploration and production activities; and industrial and environmental risks related to the sectors in which the Group is active.
With regard to risks connected to the trading of oil and gas and related financial instruments, the departments concerned, whose activity is governed by limits set by the Executive Committee, measure their positions and exposure daily and analyze their market risk, in particular using value-at-risk assessment methods.
With regard to counterparty risks, credit limits and risk analysis processes are set and updated regularly, for each activity.
The broad range of activities and countries in which the Group operate requires local analysis, by business segment, of the related legal, contractual and political risks. Compliance programs with regard to competition and bribery law matters are implemented by the Group to ensure compliance with applicable antitrust legislation.
Business units are responsible for assessing their industrial and environmental risks and for implementing the regulatory requirements of the countries where they operate, as well as any relevant guidelines and recommendations defined at the Group or business segment level. They are also responsible for actively monitoring changes in legislation, to comply with local and international standards concerning industrial and environmental risk assessment and management. Risk assessments lead to the establishment of management measures to prevent and reduce environmental impact, minimize the risks of accidents, and contain their consequences.
Senior management exercises operational control over Total’s activities through the Executive Committee’s approval of investments and commitments for projects, based on defined thresholds. These projects are subject to prior vetting by the Risk Committee, whose assessments are presented to the Executive Committee.
Control activities are primarily based on a strategic plan that is reviewed annually, an annual budget, monthly management financial reports with detailed analysis of differences between actual and budgeted expenditures, and a quarterly reconciliation between published consolidated financial statements and management reports. These processes are supervised by the Budget/Financial Control and Accounting Departments, which are part of the Finance Department, and are performed in compliance with financial reporting standards, consistent and compliant with the accounting standards used for the published financial statements. Financial indicators and the accounting methods used allow appropriate assessment of risks and return on average capital employed (ROACE).
The Group’s Accounting Department centralizes the interpretation of accounting standards applicable to our consolidated financial statements and distributes these standards through formal procedures and a financial reporting manual. It monitors the effective implementation of standards across Total through periodic, formal communication with functional managers in the business segments. The Department also periodically reports any exceptions to the Chief Financial Officer.
The Treasury Department monitors and manages risks related to cash management activities and interest rate-related and foreign exchange-related financial instruments in accordance with strict rules defined by senior management. Cash and cash equivalents, financial positions and financial instruments are centralized by the Treasury Department.
Oil and gas reserves are reviewed by a committee of experts (the Reserves Committee), approved by Exploration & Production’s senior management and then confirmed by the Group’s senior management.
The Disclosure Committee, whose members are the managers of the principal corporate departments, establishes and maintains procedures designed to ensure the quality and accuracy of external communications intended for stock exchanges and financial markets.
At the profit center and subsidiary level, control activities are organized around the principal operational processes: exploration and reserves, purchasing, capital expenditures, production, sales, oil, gas and petroleum product trading, inventories, human resources, financing and cash management.
The Group has implemented a wide range of procedures and programs that help to prevent, detect and limit different types of fraud. This effort is supported by the business principles and rules of individual behavior described in the Code of Conduct and in procedures and codes issued at the operating level. The Group has also implemented a whistleblowing system that employees and third parties can use to report circumstances that might amount to fraud or other violations related to accounting and internal control.
The Information Technology Department has developed and distributed governance and security rules that describe the recommended infrastructure, organization and procedures to maintain information systems that are appropriate to our needs and to limit information security risks. These rules are implemented across Total under the responsibility of the various business segments.
Control activities to prevent industrial and environmental risks are implemented in the business units. External certification or third-party audits are conducted for some of the management systems related to this type of risk. More detailed information on the Group’s safety and environmental initiatives is provided in the Group’s Society and Environment report.
The principal procedures regarding financial controls established at the corporate level cover acquisitions and disposals, capital expenditures, financing and cash management, budget control and financial reporting. Disclosure controls and procedures have been implemented. At the operating level, they mainly consist of procedures, guidelines and recommendations covering safety and security (both industrial and information technology), health, environment and sustainable development.
The procedures for the business lines primarily concern financial control specific to each sector. At the profit center and subsidiary level, the principles of the Group’s overall framework are implemented through specific procedures tailored to the size and environment of operations.
Internal control audits are primarily conducted by the Corporate Audit Department, which reports to the Executive Committee through the Chief Administrative Officer. An audit work schedule is set annually. The audit reports are periodically summarized and presented to the Audit Committee and, thereby, to the Board of Directors.
In 2010, the Corporate Audit Department’s 70 auditors conducted around 150 audits. The Vice President of Corporate Audit attended all Audit Committee meetings and reported quarterly on internal audit activity to the committee.
The Group’s senior management is responsible for implementing and assessing internal control over financial reporting. In this context, in 2010 Total evaluated awareness and implementation of its internal control system, based on the COSO framework, in its main units. With the assistance of its main units and the Corporate Audit Department, as coordinated by the Internal Control Compliance Officer, the Group also examined and assessed the design and effectiveness of the key operational, information systems and financial controls related to internal control over financial reporting pursuant to section 404 of the Sarbanes-Oxley Act. On the basis of these internal reviews, the Group’s Senior Management concluded that internal control over financial reporting was effective.
The statutory auditors perform those internal control audits that they deem necessary as part of the mission to certify the financial statements and present their observations to the Audit Committee.
For 2010, the statutory auditors reviewed the implementation of the Group internal control framework and the design and effectiveness in its main units of key internal controls concerning financial reporting. Based on the work performed, the statutory auditors declared that they had no comments on the information and conclusions related to this subject presented in the Registration Document .
As a result, the Group’s internal control procedures are based on the COSO framework: design and implementation of internal controls, risk evaluation process, internal control operations, documentation and communication of internal control rules, and supervision of the internal control system.
Organization and principles of internal control
The Group’s internal control procedures are organized around three operational levels: Group, Business Segments and profit centers. Each level is directly involved in and responsible for designing and implementing internal control, in line with the degree of centralization targeted by senior management.At each level, specific internal control procedures cover organization, delegations of authority and employee education and training that conform to the Group’s overall framework.
The principal themes of human resources policy are coordinated at the Group’s Human Resources Department. Human resources are generally managed on a decentralized basis at profit centers.
Internal control procedures are based on the Group’s core values, including the integrity, ethical conduct and professional competence of its employees.
The Group’s values and business principles are set out in the Code of Conduct and Ethics Charter and circulated to employees. The Group’s Financial Code of Ethics is distributed to financial officers at the corporate and business levels. These principles and rules are also cascaded in codes, procedures and guidelines governing certain significant processes in the business segments. These codes explain the Group’s values and describe its business and behavior principles with regard to employees, shareholders, customers, suppliers and competitors. They also set out the rules of individual behavior that is applicable to all employees and expected in host countries.
The Group’s senior management receives regular training on the content and the importance of the rules of behavior set out in the Code of Conduct and available on the Group’s Web site. Each year, the general managers and financial officers of profit centers or subsidiaries provide internal written representations to the Chief Financial Officer that they have complied with internal control procedures and that the financial reporting under their responsibility is reliable.
The Group’s Ethics Committee implements a program to prevent insider trading. Employees are alerted to their status as permanent or temporary insiders and warned that they are prohibited from trading Total securities during certain periods.
Under these internal control principles, which are part of the corporate governance organization described above, the Audit Committee is responsible for monitoring the efficiency of internal control and risk management procedures, assisted by the Internal Audit Department and the internal control teams from the business segments. These rules are designed to allow the Board of Directors to ensure internal control is effective and that published information available to shareholders and financial markets is reliable.
Risk assessment
The Executive Committee is responsible for identifying and assessing the internal and external risks that could impact Total’s performance, with the assistance of the Risk Committee, the Budget Management Department and the Internal Audit Department.The Group has continued in 2010 a coordinated integration process of its risk management activities, complementing the processes currently in place in the different businesses. As part of this process, the mapping of business risks completed by business units was presented to the Audit Committee in 2009 and 2010.
The principal risks monitored at Group level are: sensitivity to the oil market environment (oil prices and refining, marketing and petrochemical margins); exposure to oil and gas trading risks; financial markets risks (foreign exchange risk, particularly related to the dollar, and interest rate); political and legal risks related to the operating and contractual environment of the exploration and production activities; and industrial and environmental risks related to the sectors in which the Group is active.
With regard to risks connected to the trading of oil and gas and related financial instruments, the departments concerned, whose activity is governed by limits set by the Executive Committee, measure their positions and exposure daily and analyze their market risk, in particular using value-at-risk assessment methods.
With regard to counterparty risks, credit limits and risk analysis processes are set and updated regularly, for each activity.
The broad range of activities and countries in which the Group operate requires local analysis, by business segment, of the related legal, contractual and political risks. Compliance programs with regard to competition and bribery law matters are implemented by the Group to ensure compliance with applicable antitrust legislation.
Business units are responsible for assessing their industrial and environmental risks and for implementing the regulatory requirements of the countries where they operate, as well as any relevant guidelines and recommendations defined at the Group or business segment level. They are also responsible for actively monitoring changes in legislation, to comply with local and international standards concerning industrial and environmental risk assessment and management. Risk assessments lead to the establishment of management measures to prevent and reduce environmental impact, minimize the risks of accidents, and contain their consequences.
Control activities
Control activities and financial reporting systems, are designed to take into account the specific nature of these risks and the degree to which operational control is delegated to the business segments and profit centers.Senior management exercises operational control over Total’s activities through the Executive Committee’s approval of investments and commitments for projects, based on defined thresholds. These projects are subject to prior vetting by the Risk Committee, whose assessments are presented to the Executive Committee.
Control activities are primarily based on a strategic plan that is reviewed annually, an annual budget, monthly management financial reports with detailed analysis of differences between actual and budgeted expenditures, and a quarterly reconciliation between published consolidated financial statements and management reports. These processes are supervised by the Budget/Financial Control and Accounting Departments, which are part of the Finance Department, and are performed in compliance with financial reporting standards, consistent and compliant with the accounting standards used for the published financial statements. Financial indicators and the accounting methods used allow appropriate assessment of risks and return on average capital employed (ROACE).
The Group’s Accounting Department centralizes the interpretation of accounting standards applicable to our consolidated financial statements and distributes these standards through formal procedures and a financial reporting manual. It monitors the effective implementation of standards across Total through periodic, formal communication with functional managers in the business segments. The Department also periodically reports any exceptions to the Chief Financial Officer.
The Treasury Department monitors and manages risks related to cash management activities and interest rate-related and foreign exchange-related financial instruments in accordance with strict rules defined by senior management. Cash and cash equivalents, financial positions and financial instruments are centralized by the Treasury Department.
Oil and gas reserves are reviewed by a committee of experts (the Reserves Committee), approved by Exploration & Production’s senior management and then confirmed by the Group’s senior management.
The Disclosure Committee, whose members are the managers of the principal corporate departments, establishes and maintains procedures designed to ensure the quality and accuracy of external communications intended for stock exchanges and financial markets.
At the profit center and subsidiary level, control activities are organized around the principal operational processes: exploration and reserves, purchasing, capital expenditures, production, sales, oil, gas and petroleum product trading, inventories, human resources, financing and cash management.
The Group has implemented a wide range of procedures and programs that help to prevent, detect and limit different types of fraud. This effort is supported by the business principles and rules of individual behavior described in the Code of Conduct and in procedures and codes issued at the operating level. The Group has also implemented a whistleblowing system that employees and third parties can use to report circumstances that might amount to fraud or other violations related to accounting and internal control.
The Information Technology Department has developed and distributed governance and security rules that describe the recommended infrastructure, organization and procedures to maintain information systems that are appropriate to our needs and to limit information security risks. These rules are implemented across Total under the responsibility of the various business segments.
Control activities to prevent industrial and environmental risks are implemented in the business units. External certification or third-party audits are conducted for some of the management systems related to this type of risk. More detailed information on the Group’s safety and environmental initiatives is provided in the Group’s Society and Environment report.
Information and communication
Internal control procedures are defined at each of the three operational levels: general rules at the corporate level; sector-specific procedures at the business line level; and others at the profit center and subsidiary level. These procedures are circulated in memorandums and are also available on the Group’s intranet sites and, where applicable, those of the business lines.The principal procedures regarding financial controls established at the corporate level cover acquisitions and disposals, capital expenditures, financing and cash management, budget control and financial reporting. Disclosure controls and procedures have been implemented. At the operating level, they mainly consist of procedures, guidelines and recommendations covering safety and security (both industrial and information technology), health, environment and sustainable development.
The procedures for the business lines primarily concern financial control specific to each sector. At the profit center and subsidiary level, the principles of the Group’s overall framework are implemented through specific procedures tailored to the size and environment of operations.
Monitoring
Together, the holding company, the business lines and the profit centers and subsidiaries are responsible for monitoring internal control in their respective operations.Internal control audits are primarily conducted by the Corporate Audit Department, which reports to the Executive Committee through the Chief Administrative Officer. An audit work schedule is set annually. The audit reports are periodically summarized and presented to the Audit Committee and, thereby, to the Board of Directors.
In 2010, the Corporate Audit Department’s 70 auditors conducted around 150 audits. The Vice President of Corporate Audit attended all Audit Committee meetings and reported quarterly on internal audit activity to the committee.
The Group’s senior management is responsible for implementing and assessing internal control over financial reporting. In this context, in 2010 Total evaluated awareness and implementation of its internal control system, based on the COSO framework, in its main units. With the assistance of its main units and the Corporate Audit Department, as coordinated by the Internal Control Compliance Officer, the Group also examined and assessed the design and effectiveness of the key operational, information systems and financial controls related to internal control over financial reporting pursuant to section 404 of the Sarbanes-Oxley Act. On the basis of these internal reviews, the Group’s Senior Management concluded that internal control over financial reporting was effective.
The statutory auditors perform those internal control audits that they deem necessary as part of the mission to certify the financial statements and present their observations to the Audit Committee.
For 2010, the statutory auditors reviewed the implementation of the Group internal control framework and the design and effectiveness in its main units of key internal controls concerning financial reporting. Based on the work performed, the statutory auditors declared that they had no comments on the information and conclusions related to this subject presented in the Registration Document .
Boîte à outils
