Compliance is key and affects most processes accross an organisation. We’ve seen several waves of compliance requirements:
The market is offering a variety of tools to implement internal control frameworks ; we are specialized in these tools and associated processes and advise our clients in a pragmatic and flexible way.
Our offer goes from a maturity assessment to the definition of a detailed roadmap but can also include standard operating procedures writing, training of end users and of course implementation of processes capitalizing on market best practices.
Sarbanes-Oxley & The LSF
The 404 & 409 clauses of SOX are particularly focusing on internal control, finance and IT related administration and management. 409 is focusing on quick closing process when 404 is really information systems focused (password management, authentication management, access management, infrastructure, segregation of duties etc).
Loi de sécurité financière (LSF):
The LSF has been voted in France in 2003 following the SOX implementation. It is also known as the Mer law and applies to all SA companies in France. It includes different chapters that are mainly focused around the responsibility of the board, internal control governance and the reduction of conflicts of interest.
ArtimIS supports you with your compliance topics
The Sapin II law (December 2016) is a law framing transparency, anticorruption and modernization of the business practices. It is applied since June 2017 and covers 8 pillars that apply to companies with more than 500 FTE and €100M revenue. It’s authority is managed by the AFA (French Anticorruption Agency).
Becoming Sapin II compliant is a real challenge for medium sized companies. The variety of topics (governance, HR/training, internal communication, internal control etc) and the changes it requires in the organization have a strong impact on the operating departments.
Benchmark marché, Structure, Rédaction, Traductions
Définition, canaux d’alerte, redaction de procédures, communication interne, formation/sensibilisation (externalisation possible)
Définition du régime disciplinaire avec les RH et la direction
Définition des axes, entretiens métier, revues CI/AI/Comp.
Rédaction de procédures : Rôles & Responsabilité, processus de revue
Etat des lieux, feuille de route (fonction du volet 4), outillage, documentation, formation des achats (commerciaux et autres)
Etat des lieux, feuille de route, identification de contrôles cohérents par rapport à la matrice (pays, notes de frais, douanes, logistique…)
Documentation (procédures et présentations), eLearning, workflow, présentiel – Définition du rythme de formation et des processus de mise à jour.
Dashboard de maturité lié à un SharePoint contenant toute la documentation en cas d’audit de l’AFA
The Artimis experts support you in your Sapin compliance projects in order to comply with AFA expectations
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is the new European law which reinforce personal data protection. For France, the CNIL is the French authority that ensures compliance with the regulation. The GDPR has put into perspective the issues related to data protection and the systems that support it.
More than the appointment of a Data Protection Officer, the CNIL propose to prepare to GDPR in several steps, which are :
ArtimIS supports you on the main GDPR stakes in your IS and especially SAP environments with :
The seniority of our consultants and our broad experience enable us to bring a pragmatic and agile approach in our project management when it comes to compliance projects.