Scope and responsibilities
The Internal Audit and Risks Department:
- conducts audits to ensure that the Group procedures are properly followed by the subsidiaries and Group-level departments,
- is in charge of the coordination of the Group's risk analysis system.
Thereby contributing to:
- continuously improve operating processes through risk analyses, internal audits and advisory services,
- provide stakeholder confidence in our business outcomes and sustainability.
This department is governed by an Internal Audit Charter for audit activities that sets out its role and duties, the scope of its authority and powers and the methodology used. The methodology complies with professional standards.
The Internal Audit and Risks Department draws up an annual audit plan, which is updated on a quarterly basis for audit activities.
To fulfil its responsibilities, Internal Audit and Risks shall:
- Draw up and pilot the Group's mapping of high-level risks based on the risk analyses and assessment regularly carried out by various corporate functions such as Purchasing and through audit observations.
- Identify and assess risks within bioMérieux’s organization,
- Assess the adequacy and efficiency of the internal control systems in place, and propose potential improvements,
- Ensure the compliance with Group procedures, Code of Conduct, and applicable laws and regulations,
- Assess the reliability and security of financial and management information,
- Assess the means of safeguarding assets,
- Make recommendations and follow up to ensure that effective remedial actions are taken,
- Carry out ad hoc audits when requested by the Executive Committee.
Independence and objectivity
For independency reasons, the Internal Audit and Risks Department reports to the General Management and the Audit Committee. It is made up of a core team of lead auditors who rely on internal resources (about thirty employees).
The Internal Audit and Risks Department prepares a summary of the audits conducted, which is then presented to the Audit Committee every year and to the Management Committee on a regular basis.
To maintain objectivity, the Internal Audit and Risks Department is not involved in day-to-day control activities. Each business unit is responsible for its own internal control systems and efficiency.