Introduction

Compliance is key and affects most processes accross an organisation. We’ve seen several waves of compliance requirements:

2001: Financial services

SEC & BCBS (Basel Committee on Banking Supervision) requirements

2002: Listed US companies

SOX (Sarbanes-Oxley), FCPA (Foreign Corrupt Practices Act), HLOGA (Honest Leadership & Open Gov. Act)

2017: French companies

(500 FTE & more than 100 Million revenue)
Sapin II

Other regulations

RGPD, J-SOX, UKBA, LSF etc

The market is offering a variety of tools to implement internal control frameworks ; we are specialized in these tools and associated processes and advise our clients in a pragmatic and flexible way.

Our offer goes from a maturity assessment to the definition of a detailed roadmap but can also include standard operating procedures writing, training of end users and of course implementation of processes capitalizing on market best practices.

Sarbanes-Oxley & The LSF

Sarbanes-Oxley (SOX):

The 404 & 409 clauses of SOX are particularly focusing on internal control, finance and IT related administration and management. 409 is focusing on quick closing process when 404 is really information systems focused (password management, authentication management, access management, infrastructure, segregation of duties etc).

Loi de sécurité financière (LSF):

The LSF has been voted in France in 2003 following the SOX implementation. It is also known as the Mer law and applies to all SA companies in France. It includes different chapters that are mainly focused around the responsibility of the board, internal control governance and the reduction of conflicts of interest.

ArtimIS supports you with your compliance topics

  • Compliance advisory around SOX/LSF

  • Governance definition

  • Process and control documentation

  • Setup of dedicated tools

  • Training and change management support

Sapin II

The Sapin II law (December 2016) is a law framing transparency, anticorruption and modernization of the business practices. It is applied since June 2017 and covers 8 pillars that apply to companies with more than 500 FTE and €100M revenue. It’s authority is managed by the AFA (French Anticorruption Agency).

Becoming Sapin II compliant is a real challenge for medium sized companies. The variety of topics (governance, HR/training, internal communication, internal control etc) and the changes it requires in the organization have a strong impact on the operating departments.

Benchmark marché, Structure, Rédaction, Traductions

Définition, canaux d’alerte, redaction de procédures, communication interne, formation/sensibilisation (externalisation possible)

Définition du régime disciplinaire avec les RH et la direction

Définition des axes, entretiens métier, revues CI/AI/Comp.
Rédaction de procédures : Rôles & Responsabilité, processus de revue

Etat des lieux, feuille de route (fonction du volet 4), outillage, documentation, formation des achats (commerciaux et autres)

Etat des lieux, feuille de route, identification de contrôles cohérents par rapport à la matrice (pays, notes de frais, douanes, logistique…)

Documentation (procédures et présentations), eLearning, workflow, présentiel – Définition du rythme de formation et des processus de mise à jour.

Dashboard de maturité lié à un SharePoint contenant toute la documentation en cas d’audit de l’AFA

The Artimis experts support you in your Sapin compliance projects in order to comply with AFA expectations

  • Sapin II expectations : obligations, stakes and risks

  • As is analysis : Evaluation of your maturity level

  • Your roadmap to compliance : Roadmap definition and PMO on up to 8 pillars

  • Governance and framework: Dashboards and documentation

  • Change management

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is the new European law which reinforce personal data protection. For France, the CNIL is the French authority that ensures compliance with the regulation. The GDPR has put into perspective the issues related to data protection and the systems that support it.

More than the appointment of a  Data Protection Officer, the CNIL propose to prepare to GDPR in several steps, which are : 

ArtimIS supports you on the main GDPR stakes in your IS and especially SAP environments with :

  • The realization of the personal data processing activities cartography in all of your SAP systems,

  • The prioritization of actions and risks appreciations on IS processes,  especially in terms of user access rights

  • The access to Tools to support your GDPR compliance device

WHY ARTIMIS?

The seniority of our consultants and our broad experience enable us to bring a pragmatic and agile approach in our project management when it comes to compliance projects.

Benoit Pachot, Partner at ArtimIS