1. Objective and Scope

The objective of this procedure is to describe purpose and process related to the BFC internal controls (users accesses management, customizing activities, sensitive actions from BFC Administration team…).

Both maintenance and customizing activities must be performed in compliance with internal controls designed with Data Compliance and Audit team and audited twice a year by Syensqo external auditors (mid-year and year-end cycles).

2. BFC Internal Controls

Main risks to be covered are the following: 

• Uncontrolled activities from BFC Admin (having by definition 100% rights in the tool): non justified deletion of objects, piloting to production of non approved changes in customizing
• Modification of Financial data by unauthorized users
• Missing segregation of duties (i.e users able to unlock and resubmit data)
• Uncontrolled extended display rights (giving access to full set of Syensqo Group results). This is also linked with quarterly review & update of Insider dealing’s list from Syensqo Group General Secretary

BFC Administration team is the control owner of the following internal controls - UAM (User Access Management) and CM (Change Management): Audit

• UAM01 Password Management (previous SEC-01)
• UAM04 Functional Profiles (previous SEC-03)
• UAM07 Matrix of incompatible functional profiles (previous SEC-04)
• UAM05 Access Requests (previous SEC07)
• UAM14 Review of sensitive accesses (previous SEC09)
• UAM14 Audit Trails on critical activities (previous SEC10)
• UAM06 Change of access rights (previous SEC11 / movers)
• UAM11 Deletion of access rights (previous SEC11 / leavers)
• UAM12 Periodic review of inactive users (previous SEC12)
• CM03 CM06 CM02 CM06 Change management (previous PPC MNT 01 05 06a 06b)

2.1 UAM01 Password Management (previous SEC-01)

Purpose: Check the compliance of BFC users passwords with Syensqo Security policy 

This Control is restricted to “Internal Users” (authentication type "internal") as “External Users” (authentication type "external") are using the Single Sign On.

Description: The BFC Administration team reconciles an extract of password settings from the BFC_Production system and the password guidelines included in the security policy: all the directives must be respected.

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Completeness, Accuracy and Restricted Access

Frequency: "on flow" when Syensqo’s password policy changes (before frequency was a yearly one)

Note: use of special characters (such as @ #) can not be forced as it prevents users to use retrieves of BFC figures in Excel

Control evidence: 

In “Action” menu / “Password Manager” option, the BFC Administration team defines length of Internal password as well as their validity duration. 

From June 1st 2023 parameters adapted on password length (request from EY auditors after 2022 audit) :

• As before: After 90 days (before duration was 60 days) using the same password, BFC will automatically oblige the Internal user to change his / her password. Without this renewal, the Internal user cannot connect anymore to BFC
• Length of password set to 14 characters (before 12 characters)

• The Single Sign On enables users to use their Syensqo personal login and password (the one used to connect to their computer) to connect also to BFC. 
• When they will change their Windows password, it will be automatically taken into account by BFC too.

Evidence stored in GDrive: https://drive.google.com/drive/folders/1GI_ZB6EsHhhHrVKSolXdjofT3ip0LFNI

2.2 UAM04 Functional Profiles(previous SEC-03)

Purpose: All the Functional Profiles creation/modification requests are formally validated by the Syensqo GAR Consolidation Manager (appointed as KUF = Key User Function).

Description: The BFC Administration team, before updating the role into the system, checks manually the presence of incompatibilities in the role design, according to the matrix of incompatible actions. In case of some incompatibilities are found he/she informs the Consolidation Manager (KUF) who validates them.

A functional profile defines the types of rights to perform specific tasks in the application. For example, whether or not a user is authorized to create, change or delete data in schedules. 

The major risk to be managed is to avoid to introduce in Functional profiles (through creation / modification) incompatible rights without any authorization from KUF.

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Validation, Accuracy

Frequency: On Flow, meaning each time there’s a need to change or create a functional profile

A) Functional Profiles created in BFC since its implementation in 2005

B) Functional Profiles currently used (31/12/2023)

C) Description of Functional Profiles currently used (31/12/2023)

Evidence stored in GDrive: https://drive.google.com/drive/folders/19Dc-vvsciksgLYn2UK4uYbuZbLyxGdw2

2.3 UAM07 Matrix of incompatible functional profiles (previous SEC-04)

Purpose: Matrix of incompatible transactions by critical level is maintained and updated in order to include each new critical transaction.

Description: The file “UAM07 Matrix of incompatible functional profiles 2022” is a validation of the updated matrix of incompatibilities by the Key User Function (Consolidation manager):

• The "Responsibilities Matrix" tab is a Description of the Functional Profiles that are used in BFC highlighting the incompatibilities existing in some of them. Main incompatibilities existing:

 - Functional profile ADMINISTRATION: "full power" users authorized to modify (creation and deletion) all of the objects and data in SAP Financial Consolidation.

 - Functional profile RTR BO-COR:  the combination of rights to 1) unlock packages + 2) modify data inside + 3) publish packages modified should be considered conflicting duties. 

• From May 2022, the incompatibilities will be controlled each time there is a change in an existing / creation of a new Functional Profile content (link with UAM04) to ensure that those actions do not generate any incompatibility
• This matrix is signed by the Consolidation Manager (KUF), scanned and published in Google Drive each time there's an update (change or creation of a functional profile) generating a new version.

The "Functional Profiles Definitions" tab is a detailed description of the Functional Profiles.

Control type (Completeness, Accuracy, Validation, and Restricted Access): Validation

Evidence stored in GDrive: https://drive.google.com/drive/folders/1cZ5Dm7QTzifrxoy6yjRXabrdURMwPlo2

Frequency: "On Flow", each time we change or create a functional profile (consistent with UAM04)

2.4 UAM05 Access Requests (previous SEC07)

Purpose: Access rights given to users are formally validated by the BFC Administration team. 

Description: Access requests are sent by e-mail or via Service One ticket (transferred by IS BFC Admin) to the BFC-Admin mailbox, normally the request is performed by the user with his/her manager in copy (manager as defined in Syensqo One Organizational chart).

Important Notes:

• If the manager is not in copy (it happens often with the transferred tickets), the BFC Administration team must request his/her approval before communicating the access given. 
• To check the user's manager or missing details like User ID, email, BFC Admin can use SuccessFactors (Syensqo HR) application / "Org Chart" section through this link https://performancemanager.successfactors.eu/:

• Any request requiring access to critical data (Administrators and users requiring access to owner groups CONSO or CONSO+) or critical actions (Administrators and users requiring access to functional profile CONSOLIDEUR) must be approved by the Consolidation Manager (KUF) => UAM04 & UAM07.
• Since the implementation of the Single Sign On, before creating a new user, the BFC Administration team must request IT team through ticket in Service One to add this new user to the Active directory (AD)  - “BFC User Group”  - refer to the following procedure Users access Management in BFC-6.REQUEST TO ADD THE USER IN THE ACTIVE DIRECTORY GROUP. 
• Active directory (AD) is a list of all Syensqo users’ accounts (but also computers, servers, printers, shared directories…). It authenticates and authorizes all users and computers by assigning and enforcing security polices, installing and updating software... For example:  when user logs into a computer, AD checks the submitted password and determinates whether the users is a system administrator or a regular user.

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Validation and Restricted Access

Frequency: On demand @ each user access request

Evidence stored in GDrive: https://drive.google.com/drive/folders/1eGfCz_979YQ-M4EW3KDpFNCXKugxZuls

2.5 UAM14 Review of sensitive accesses (previous SEC09)

2.5.1 Review from Consolidation manager

Purpose:  Users list with sensitive accesses is reviewed by Consolidation manager (KUF) before each quarterly closing

Description:

• Although accesses are granted upon managers approval (in case of sensitive accesses upon Consolidation manager approval as well) and users deactivation occurs on a regular basis the list of users with sensitive accesses (rights to change data at conso level) is reviewed by Consolidation manager before each quarterly closing. The risk to be covered is to avoid keeping sensitive accesses no longer needed (users who have changed job positions)
• Note that the exhaustive access review not covered here (only sensitive accesses) is compensated by UAM06 and UAM11 Users deactivation related to Leavers & Movers 

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Validation and Restricted Access

Frequency: Quarterly in March - June - September - December, before quarterly closing process

Validation process:

1. BFC Administration team sends a screen copy of users granted with functional profiles "CONSOLIDEUR"" or ""CONSO-SAISIE" or "ADMIN" by e-mail to GAR Consolidation manager requesting his review and approval 
2. GAR Consolidation manager's answer with validation and/or request for necessary authorization updates, is sent back to BFC Administration
3. BFC Administration team proceeds with updates, when needed, in the system and resent the print screen with new updated list of users to Consolidation manager

Evidence stored in GDrive: https://drive.google.com/drive/folders/14oLPoNU-cUuCIE6a0fxK5XPsgr1JHQPD

2.5.2 Additional quarterly process - Insider's dealing review (FSMA purpose) as support to Group General Secretary

The Insider dealing list (requested by FSMA authorities in Belgium) is requested by GROUP GENERAL SECRETARY to the BFC Administration team. Here is the file  waiting file for Syensqo that BFC Administration will review and update.

Based on the updated Insider's dealing list, Group General Secretary sends a reminder on Closed periods to each insider - example below: 

BFC Admin team is not the owner of this control but has to provide, each quarter, the information regarding BFC users having privileged access to Financial data.

Step 1 : Export of insider's users from BFC Users table

• In the BFC Users table - filtering on active users - export in an Excel format users having access to full Syensqo Group data : selection on access groups = CONSO / CONSO+ / ADMINISTRATORS 

• In the "Owner group" column, external people have to be excluded from the review:
  • auditors (EY, Deloitte, KPMG...)
  • external providers (external assistance to BFC Admin team)
  • as those people have NDA (Non Disclosure Agreement) included in their contract with Syensqo Group => thus they can be excluded

• In the waiting for new Syensqo file, duplicate the previous tab to create the update review for the on going quarter - here below new tab 31.03.2023 create by duplication of 21.12.2022 tab

Step 2 : 1st analysis starting from BFC Users list  / filtering by creation date

• • Filter by creation date and select the users created since the previous review
  • Those users have to be added in the Insider list informing the date on which BFC access was granted and to which organizational department the user belongs to
  • Example below  
    • new team member from SBS TSU (Treasury Service Unit) with access in BFC with sensitive rights provided in January 2023 => this user has to be added in the "Q1 2023" review tab in the SBS section with mention of creation date

Step 3 : 2nd analysis starting from BFC Users list  / filtering by last change date

• • Filter by last change date and select the users changed since the previous review
  • The users found were already BFC users before but they have become Insiders as either ADMIN or CONSO or CONSO+ owner group has been granted to them since the previous review
  • Those users have to be added in the Insider list informing the date on which they have become insider (= last change date) and to which organizational department the user belongs to

Step 4 : 3rd analysis starting from Insider list

• • Check one by one Insiders listed are present in one of the 3 owner Group ADMIN or CONSO or CONSO+ in BFC

  • Purpose of this analysis: detect users who either
    • left Syensqo (tracked through UAM11 "Leavers" Internal Control)

    • or have been temporary deactivated (no connection since last 6 months / tracked through UAM12 "Periodic review of inactive users" Internal Control)

    • or moved to another job not requiring anymore to have access to Full Group  (tracked through UAM06 "Movers" Internal Control)

•  

  • Important note: users with deactivated rights in BFC are never deleted (i.e. line kept) from the Insider list !

•  

  • In such cases, update the Insider list as follows - examples below:

• • • Leaver Jan 31st 2023 - Celia Guerra : strikethrough user name / indicate in column A reason for deactivation / indicate in column F the end date

• • • Temporary deactivation - Sara Goncalves : indicate in column A reason for deactivation. Note: Temporary deactivated users are kept as active in the Insider list (as they can request at any time reactivation of their BFC Access rights, thus they remain considered as Insiders)

• • • Mover in March 2022 - Anne Laure ALLARD   : strikethrough user name / indicate in column A reason for deactivation / indicate in column F the end date

Step 5 : Review and update confirmation to Group General Secretary

• Once Insider list is updated, e-mail has to be sent to Group General Secretary to confirm that review and update linked to BFC users has been completed

• Example below of mailing

2.6 UAM06 Change of user access rights (previous SEC11/movers)

Purpose 1: Deactivation or rights adaptations done on a regular basis for movers.

Description: The Syensqo Group members who have access to BFC should be compliant with their status and their position on HR tools. The objective of this Internal Control is to reconcile the users status on BFC according to their HR status and identify the users that should be deactivated from BFC or whose rights have to be adapted to new job position. 

Frequency:   Monthly

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Validation and Restricted Access

Process:

• List is sent by IT Internal Controls team to BFC Admin on a monthly basis.
• BFC Admin analyses the list to identify which users should be subject to access updates. Some may have already requested the update.
• Real movers versus false movers :
  • access update is triggered either by a change in Business unit or Job function or Job classification => such cases are real movers and need for access updates has to be investigated
  • changes in company code or cost center or position (SF) or supervisor has no impact on BFC access rights => such cases have to be qualified as false movers from a BFC standpoint
• Following the analysis detecting Real movers BFC Admin sends an email to the user with his/her manager in cc asking if the BFC access could be deactivated or not. 

Email sent from IT Internal Controls team:

BFC Admin should make a copy of the file sent in this GDrive folder   or download it to excel and upload it in the GDrive afterwards).

• Unlike in leavers file, in the movers file we receive all leavers since Jan.1st until Dec.31st.
• Therefore, as some users have been already treated by BFC Admin in previous months, we need to start by filtering the file by the new movers.
• Filtering by Calendar Day and selecting the new dates not present in previous month file will give the new movers:

Each case must be analyzed in a different tab as different comments need to be provided.

1st step is to detect Real movers versus False movers using the following criterias :  Business Unit, or Job Function or Job Classification.

• • any change on one those 3 criteria triggers a Real mover and requires a check with manager 
  • no change change on those 3 criteria, but only on administrative criteria (company code /cost center / supervisor)  triggers a False mover => no further investigation

2nd step check Real movers : below are the examples of the emails sent to users (and their managers in cc) who have changed 

1) Business Unit 

2) Job Function

3) Job classification

Not all the cases may require an email sending from BFC Admin because the access rights may have already been updated.

And not all the cases may require an access update despite the change in job function or job classification.

Examples of the situations that may occur: 

1) The access rights are already according to new position - Sometimes the user or his/her manager have already requested the access rights update 

2) Access rights should be kept - It has to be the user (with manager in CC) or the manager to inform it

3) Access rights need to be adapted - It has to be the user (with manager in CC) or the manager to inform it

4) Access rights should be cancelled - It has to be the user (with manager in CC) or the manager to inform it

In BFC “Security/Users” module, deactivation will be proceeded the following in the user profile:

• Owner Group: PARTI or INTER-MOVERS
• Functional Profile: DESACTIVE 
• Data Access Group: RIEN

and the user must be blocked in order to be prevented from accessing BFC.

2.7 UAM11 Deletion of user access rights (previous SEC11/leavers)

Purpose 1: Deactivation done on a regular basis for leavers

Description: The Syensqo Group members who have access to BFC should be compliant with their status and their position on HR tools. The objective of this Internal Control is to reconcile the users status on BFC according to their HR status and identify the users that should be deactivated from BFC. 

Deactivation is done based on the lists provided by IT Internal Control team (Risk and Compliance):

Frequency:   Weekly

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Validation and Restricted Access

Process: 

• BFC leavers lists are produced every week by robot, reviewed and sent by the IT Internal Controls team  to BFC Administration team by email. 
• In addition to the identification of users to be deactivated the list includes verification of last logon date versus separation date. 
• BFC Admin proceeds with the user's deactivation as soon as possible within a week.

Email sent from IT Internal Controls team:

BFC Admin should make a copy of the file sent in this GDrive folder   (or download it to excel and upload it in the GDrive afterwards).

In the new file (just copied from the file received), the following changes have to be made: 

• rename the file adding the date when it was received - Leavers Report dd.mm.yyyy

• remove the tabs concerning other applications: Quantum, Google, SAP IDM8

• add tab BFC Deactivation where the evidence will be saved

In tab BFC deactivation copy/paste the print screen from BFC showing that users have been blocked.

2.8 UAM12 Periodic review of inactive users (previous SEC12)

Purpose: Temporarily deactivation on BFC when the user has not connected during the last 6 months

• When the user has not connected during the last 6 months his/her access has to be temporarily deactivated on BFC.
  • Note that on Org. Chart/SuccessFactors  the status may be still ACTIVE, but the user can have a new position that doesn´t request the access to BFC so frequently; temporary leave (maternity, sickness) can also justify those cases.
  • Before deactivating a user without any connection during the last 6 months, BFC Administration team sends an email to those users asking them to logon to BFC within the next 7 days in order to retain their accounts.
• Frequency : mid June / mid December

How to build the file of inactive users: 

1st - calculate the date corresponding to 6 months ago. For example, 26/12/2022 - 180 days = 29/06/2022;

2nd - In BFC, sort ascending the users by last connection date and download the list (creation date must be included); 

3rd - In excel, add 2 columns to determine if last logon date or creation date (for users who never connected) > 180 days. 

Formula for number of days since last logon/creation date  → =IF(ISBLANK(H2); TODAY()-G2; TODAY()-H2)

Formula for > 180 days?  → =+I2>180

• Exceptions - users to be excluded from control
  •  “TINSTALL user”: 
    • The user TINSTALL must remain always active: 
    • This user ID is the one used by SBS IS Infra teams to test that the technical installation of BFC application on users’ PC is correct.
    • Note that this user only contains rights to connect to BFC application, without any other rights to modify any objects or to display any data. 

• • “ADMIN user”: 
    • The user ADMIN must remain always active: 
    • Admin is a special, technical user, it is created automatically when BFC application is installed and database created. Some administrative tasks can be performed only by Admin User, mostly related to application installation and upgrade
  • “GESTION user”:
    • The user GESTION must remain always active: 
    • This user is used by Corporate Controlling to fill in PREV (controlling categories for Forecasts) packages (made of fictive cnies per GBU). This is made once a year (Q4 or Q1 following year), this is why this user systematically appears in this control

• • “ROBOTS fleet”:
    • The users with functional profile ROBOTS must remain always active: 
    • A fleet of robots has been created in BFC and developed by RPA team to perform the following actions for FSL team: packages loading and reopenings. 
    • As it is a fleet, RPA and FSL is directly mobilizing only some or all robots depending on volumes to be processed. 

• Message sent to users prior to deactivation:

Dear Colleague,

Please note that your account for accessing the BFC application has been inactive for more than 6 months. If you have lost the access link, you may connect to BFC by copying and opening this URL https://financialconsolidation.Syensqo.com/FCPROD/

To avoid disruption of your account, kindly login to BFC within the next 7 days to retain your account. Account will be suspended without further notice thereafter. If your account is being suspended, you may re-submit your access request to $SBS FinanceSL Fin Acc SU BFC Admin  

  *Please ignore this message if you have connected to BFC before receiving it  

• In BFC “User” module, if the user has still not connected 7 days after the reception of the above message, his/her profile will be updated as follows:
  • Owner Group: NET
  • Functional Profile: No change
  • Data Access Group: No change
  • and the user must be blocked in order to be prevented from accessing BFC.
  • Warning: for Auditors (AUDIT functional profile / EY KPMG DELOITTE as owner groups), it is recommended to check with Syensqo referent manager (Solvay SBS Audit or GAR Consolidation manager) if the deactivation is justified and will not create any business disruption (meaning it will not block auditors to perform their work during the coming quarterly closing)

Evidence stored in GDrive: https://drive.google.com/drive/folders/1DEdG-9J_pkeEQPJtxv4jFv_lklcX49Kk

2.10 UAM14 Audit trails on critical activities (previous SEC10)

Purpose: Audit trails on critical activities (deletion of objects) on a regular basis to ensure that all the actions made are justified.

Description: This control traces the sensitives actions in the PRODUCTION environment performed by:

• Users with ADMINISTRATION functional profiles (full rights & restricted rights): ADMIN / ADM-xxx / ADM-LEGER
• Users with IT functional profiles
• Users having double accesses to BFC (2 logins)
• Users ID starting with TESTxx and user TINSTALL

From May 2022: As  several controls are already in place to control users accesses (UAM05 Access requests /  UAM14 Review of sensitive accesses / UAM06 UAM11 UAM12 Users deactivation) and already covering the control of sensitive actions (unlocking, publication by special permission...), critical actions to be monitored through UAM14 Audit trails are restricted to the deletion of objects.

Note that IT/TEST/TINSTALL profiles don’t have a significant impact in terms of modifications in BFC:

• The IT profile has access to all the data, however only in consulting mode;
• TINSTALL user has no access to change any objects or to access to any data;
• TESTxx users are only activated on demand by BFC Administration to solve issues raised by BFC end users (eg “I can not see packages”, “I can not see this x company in my list”…). TESTxx user is temporarily activated with the same rights than the requestor to experience/see the same. Once issue solved, the TEST user is deactivated.

Control Report Process

1) On WD1 of each month, BFC Admin asks DT BFC Admin to extract the audit trail file from Log module;

Below is the email template to be send to DT colleagues:

2) This list contains all deletion actions performed (who and when);

Evidence stored in GDrive: https://drive.google.com/drive/folders/18WARFfNuvQhiqYi3RE8qAxi903Ey8QY4

3) BFC Admin creates tab BFC Admin review (copy from Actions by User profile tab)

Arrange the layout as below in order to be more legible:

4) Finally it should be analyzed for possible anomalies – BFC Administration team Comments - and the file should be sent/shared for BFC Admin manager review;

Control type: (Completeness, Accuracy, Validation, and Restricted Access): Completeness, Accuracy and Validation

Frequency: monthly and focused on deletion of objects (before quarterly frequency was not appropriate as too late to react in case of risky actions taken)

2.10  CM03 CM06 CM02 CM06 Change Management (previous PPC MNT 01 05 06a 06b)

Purpose:

The BFC Administration team is responsible to manage the maintenance of BFC. 

1. The customizing and the main changes in BFC should be duly documented and justified; 
2. The control shall be carried out in relation with the requestor;
3. The control is sized according to the risks.

The following risks will be covered by the Internal Control framework:

• CM01 : Approved management methodology is used
• CM03 : (previous PPC MNT 01) : Any request for customizing change is validated (or directly submitted) by an authorized KU (Key User)
• CM05 : Validation of functional design is given by an authorized KU (Key User)
• CM06 (previous PPC MNT 05) :  Acceptance is given by an authorized KU (key User) prior to piloting changes into Production
• CM02 (previous PPC MNT 06a) : Backward traceability is ensured - consistency between changes piloted to Production and initial request
• CM06 (previous PPC MNT 06b) : Authorization for Production upgrade is given by an authorized KU (Key User) before piloting changes into Production

Types of modifications:

The maintenance categories can be grouped in 4 types :

• [A] Recurring reporting set-up (Basic Customizing) M (monthly)/ Q (quarterly) / Y (yearly)
• [B] Correction of errors
• [C] Improvements 
• [D] Medium to complex Customizing (changes in Chart of Headings, New Business Structures, changes in Reporting content....) represent critical / sensitive maintenances on BFC. 

"Recurring maintenances" – Customizing (creation of new objects) with no impact in the data already in the Production environment:

• Monthly recurring activities: creation of scopes, exchange rates tables, new companies
• Creation and/or Modification of schedules;
• Creation in the Structure: New dimension member; new characteristic member; Filters creation;
• Creation in the Set of Rules: Creation of new consolidation rules
• Creations in the Category Scenario: New controls/new headings/new formulas...

“Critical / sensitive maintenances ” – Customizing (modification of existing objects) with impact in the data already in the Production environment: 

• Changes in the Structure: Creation of new objects (Dimensions; Characteristics, Reference table...); Changes in existing filters;
• Changes in the Set of Rules: Changes in the existing consolidation rules;
• Changes in the Category Scenario: controls / headings & analysis schemes / formulas/ account Families …
• Complex Projects: new IFRS norms as example;

A BFC project can be defined as: 

• A formal request from a BFC Key User (belonging to the “Authorized requestors” list defined below) expressed through a functional specification; 
• A complex request requiring the modification of the Dimension Builder and Category Scenario objects, with the corresponding technical specifications; 
• A request whose implementation in Production passes through tests in the Test environment and formalized validations. The concept of BFC projects obviously does not cover version migrations ( supported under IT project);

• It´s the combination of those 3 criteria that determines whether we are in a recurring maintenance or in a project.

List of Authorized requestors (BFC Key Users):

• SYENSQO GAR CONSOLIDATION team Brussels: Sandra Anane (manager) / Chammen Ben Ammar / Caio Morgon / temporary mission in GAR team Serge Kasbi & Remi Belot
• SYENSQO GAR TAX & CONTROLLING : Anne Calicis
• SYENSQO CORPORATE CONTROLLING Business: Nicolas Bourgois

Operating mode for each maintenance category of the BFC Administration team

[A] Reporting set-up Monthly / Quarterly / Yearly

•  [A1] ACTUAL’s (IFRS purposes) M/ Q / Y – Monthly Process
  • The BFC Admin team is responsible for preparing the Reporting set-up required for each reporting cycle:
    •  Opening of reporting periods on WD-4 – Done directly in Production
    •  Reporting packages creation and generation on WD-2 – Done directly in Production
    •  Creation of exchange rates table on WD-1
    •  Creation of consolidation scopes on WD1
    •  Creation of Consolidation/ Intercos Reconciliation definitions on WD1 – Done directly in Production
    •  Creation/update of objects in the Dimension builder: Companies, Sites, Business activities
    • Note that the Risks related to the management of a monthly / quarterly and yearly reporting sessions are low impact. Any errors detected can be easily corrected.

• [A2] RSB (Controlling purposes) – Quarterly Process / [A3] PREV(Controlling purposes) – Yearly Process
  • The formalization of the modifications done to these two types of reporting sessions are managed by the Corporate Controlling (KUF: Nicolas Bourgois);
  • The BFC Administration team is responsible to perform the necessary changes;
  • Once the changes are made, Corporate Controlling validates that the changes are in line with expectations and gives the GO for piloting to Production;
  • Evidence: Controlling agreement (KUF: Nicolas Bourgois) to pilot to Production;

[B] Correction of errors / [C] Improvements (with no impact in the Reporting Content)

• Error corrections and improvements are usually based on the feedback from the Reporting cycles. For example, a control to be modified, a data collection to be improved in the reporting packages, a new report to be created, corrections of existing descriptions. 
• These corrections / improvements are safe from both BFC settings and data integrity point of view. Otherwise, it is no longer a question of corrections / improvements but of a BFC project.
• The associated controls must be minimal and not heavy to ensure fast services to requestors.
• As a general principle, the piloting actions for [B] Corrections and [C] Improvement  are carried out in the same way as the type [A] Reporting Set-up.

[D] Structure Update and Customizing

• The changes linked to the Structure Update and Customizing are expressed by an authorized Key User from Consolidation / Tax / Financial Controlling / Corporate Controlling
• The implementations are more complex but generally not risky as: 
  • The updates are made outside of the closing periods with a compulsory testing part
  • Consequent updates are never implemented over a quarterly reporting period
  • A reversal / step back is always possible
• The changes are managed by the BFC Administration, documenting the changes with:

1. 1. Definition of the need, expressed and completed with the requestor
   2. Functional analysis (impacts of changes in reporting framework)
   3. Functional specifications (changes needed in BFC modules and objects)
   4. Testing plan (to be performed by both Administrator and Requestor)
   5. Evidences obtained from tests
   6. List of objects to be piloted to Production (once final validation and authorization to pilot are obtained)

Internal Controls :

In order to simplify the process, several types of tasks have been created in BFC according to the related process and to the requester: 

• SCO-ADMIN: for the reporting set-up or other recurring tasks / corrections and improvements (type A1 / B / C) -  no approval required from KUF as linked to recurring activities)
• SCO-CONSO: for requests (type D) expressed by the Consolidation team ;
• SCO-CTRLFIN: for requests (type D) linked to the Financial controlling ; 
• SCO-GESTION: for requests (type A2 / A3 / D) linked to the Corporate controlling ;
• SCO-TAXES: for requests (type D) linked to the Taxes ;
• For ALL types, periodic and retroactive review of all pilotings is done to validate appropriateness using four eyes principles (validator not being the one having piloted the changes into Production)

The BFC Administration team uses always these tasks and their content is transferred to Production. Any piloting from BFC Customizing database (BFC_TOPSCO) to BFC production database (BFC_PRODSCO) is logged/archived and can be extracted.

Specific Internal controls for tasks type SCO-CONSO / SCO-CTRLFIN / SCO-GESTION / SCO-TAXES (note: does not apply to SCO-ADMIN tasks):

• BFC Admin team will archive as Internal Control evidences:
  • initial request submitted by an authorized Key User (CM03) - channel can be e-mail / meeting minutes
  • formal acceptance of customizing done from the authorized Key User (CM06)
  • formal authorization to pilot customizing changes (objects) to production from the authorized Key User (CM06)
  • print screen of objects piloted to Production in link with the requested changes (CM02)
• Note that the 4 evidences can be sometimes collected in the single printing of a chain of mails

• Evidence stored in GDrive: https://drive.google.com/drive/folders/1G67YgvhE3tVvBJkyYUp6tLwHsLnOTf2c

Internal Control applicable to ALL tasks type (SCO-ADMIN /  SCO-CONSO / SCO-CTRLFIN / SCO-GESTION / SCO-TAXES):

Every month , BFC Admin team will:

• extract from the BFC Production database the full list of piloted tasks (since last day of review to date) - extraction will be stored in this folder Piloted tasks review and validation

• 1st check is to control that number of lines in the file equal to nb of piloted tasks (BFC module Tasks) during the reviewed period
• For each piloted tasks, BFC Admin team will complete the Extraction's file adding the Category type (A / B / C / D)  as well as the Transferred content (objects piloted)
• E-mail will be exchanged between BFC Admin team members requesting review and validation of each piloting applying the four eyes principle (validator not being the BFC Admin team member having done the piloting)
• Detailed review and validation will be formalized in a dedicated column in the Extraction's file: name of validator / note: for tasks SCO-CONSO / SCO-CTRLFIN / SCO-GESTION / SCO-TAXES, subject to a dedicated set of Internal Controls, a reference to the approval obtained from authorized Key User will be given by the validator
• Overall validation confirmed by e-mail will be stored in this folder Piloted tasks review and validation

Assessment of completeness and accuracy of customizing changes:

Every change (creation / update) in BFC customizing is driven by Corporate Consolidation and Controlling needs to perform monthly / quarterly / year end Consolidation and Reporting cycles. 

As explained above, piloting of changes to BFC Production can be done using different types of tasks:

• recurring needs (scopes, exchange rates, consolidation status of companies...) : managed autonomously (as part of his/her direct responsibilities) by BFC Admin using information collected on flow from various channels of communication (GAR closing calendar, GAR Structure file, GAR closing instructions, General Group Secretary, Quantum interfaces for Exc rates...) and from direct interactions with Corporate Consolidation and Controlling (phone call, mails, chat) - all recurring tasks being documented in BFC Admin Operating Procedures
• complex changes : managed by BFC Admin team following for Internal Control evidences (initial request / testing validation / authorization to pilot to production)

At each Consolidation & Reporting cycle, completeness and accuracy of customizing changes can be considered as achieved once the Consolidation and Reporting process of the period is finalized: meaning that consolidation work is finalized as well as analytical reviews and checks from the different stakeholders (Corporate, Accounting, Businesses) before disclosure.

It means as well as that every change on BFC customizing piloted before the beginning of the process has contributed to reach the Consolidation and Reporting needs without any deficiency.

This final - either monthly or quarterly or year end -"Consolidation End state" milestone is formalized by e-mail sent from BFC Admin team to Corporate GAR team requesting the green light to make a back up with locking of the last run IFRS Consolidation (special variant BKUP used) in BFC.  Evidences of Corporate GAR's green light to proceed back up and locking posted in this folder  GAR Green light for conso back ups

END OF THIS PROCEDURE