Sanofi senior management has a clear ongoing commitment to maintaining and enhancing its systems of internal control and risk management. In furtherance of this objective, in 2014 senior management launched the Group Processes and Standards (GPS) program, which combines the existing elements of internal control into a unified approach. GPS was approved by the Executive Committee and presented to the Audit Committee.
- a harmonized framework of operational and support processes, broken down into sub-processes;
- an internal control manual, updated and published at the start of every year, which includes mandatory controls applicable to all activities and to all fully consolidated entities, and references to the company policies underpinning those controls;
- a financial controls framework designed to assess the effectiveness of the system of internal control relating to the production of financial information, as required for compliance with Section 404 of the Sarbanes-Oxley Act (SOA 404);
- a selective annual self-assessment and three-year evaluation process covering the mandatory controls in the internal control manual, with the extent of implementation at activity and country level dependent on how critical each activity and country is to our operations, and how material they are to our consolidated financial statements.
The system of internal control covers all fully consolidated companies and activities, and is systematically deployed in all new entities when they are acquired.
In this report, the description of the system of internal control is aligned on the five COSO components. COSO defines internal control as a process effected by a company’s Board of Directors, management and staff, designed to provide reasonable assurance regarding the achievement of objectives relating to:
- the effectiveness and efficiency of operations;
- reliability of reporting, especially of accounting and financial information;
- adherence to the applicable laws and regulations.