Webhelp group has adopted the definition set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in Internal Control—Integrated Framework (2013): Internal Control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, and compliance.
The system that has been defined and implemented within Webhelp specifically aims to ensure:
The internal control system relies on the risk management system to identify the main risks that need to be controlled. The risk management system includes controls that are part of the internal control system.
The control environment is a fundamental component of risk management and internal control systems and forms the common basis of the systems.
The Group’s internal control system is based on five core values: Recognition, Integrity, Unity, Commitment and Way of Working (WOW). These values infuse the Group’s leadership strategy and form the key value charter for our employees and our subsidiaries.
The Group’s values are brought to the attention of all Webhelp personnel. It places great emphasis on its managers’ ability to live up to these values daily.
Webhelp’s Code of conduct is a fundamental reference in terms of ethics, social, and environmental responsibility and in terms of financial and legal compliance. The management is responsible for ensuring that the Code is strictly and consistently respected across the Group.
Organization and responsibilities
The Executive Committee’s role mainly consists in validating strategic decisions and policies. Members of the Executive committee are in charge of implementing decisions taken. For instance, the Executive Committee oversees the development and monitoring of policies that enable the Group to attain its various objectives in terms of global growth, technological decisions, the implementation of identical operating procedures for the entire network, as well as development of human resources.
The Global Management Committee holds regular meetings to implement, deploy and monitor Executive Committee’s decisions.
Group management and the Information Systems Department determine the Group’s strategic directions for production tools and information systems for subsidiaries. They ensure that the development of information systems is consistent with Group objectives.
The Information Systems Department also issues directives on security, data protection and business continuity. These directives are based on compliance with international standards, ISO 27001, PCI (Payment Card Industry) and the European Data Protection Regulation (GDPR) in coordination with the Legal and Compliance department in order to satisfy regulatory requirements specific to each business sector or to obtain the certifications requested by clients.
Management and industry procedures
The internal control system also depends on subsidiaries implementing the “WOW” (Way Of Working) operating model. It defines a homogeneous vision of the way Webhelp does business: a consistent global framework tailored locally to country culture and client needs.
The Group has been developing the use of this methodology, providing training for all its managers, to develop a common language grounded in the notions of measurement, analysis and control.
The implementation and application of these procedures and standards enable the Group to make its global network more internally consistent, while providing greater control over our operations
In the operation of its business, the Group is exposed to a variety of risks that could affect the Company’s personnel, assets, environment, objectives or reputation.
Risk management is a lever for anticipating the main potential threats to Webhelp, whether internal or external, in order to preserve its value, assets and reputation, help it achieve its targets, ensure that actions taken are consistent with Group values and rally employees in support of a shared vision of key risks.
Group management is particularly vigilant when implementing the measures and procedures necessary to manage our business and prevent risks, according to Webhelp’s objectives and strategy. The Group is currently strengthening a monitoring process regarding the management controls to be adopted with respect to the analysis of these risks.
Process and control
A first risk mapping exercise was conducted in order to identify and analyse Wehbelp’s major risks & measures that can be used to limit their consequences. A follow-up of this risk assessment exercise will be made in the future and supervised by the Board.
Centralized control procedures
The internal control procedures centralized at headquarters cover areas common to all companies within the Group. These procedures involve in particular finance, legal, IT.
Group’s central finance and accounting department includes Group financial control, Consolidation & Cash, and Global Performance. The Group’s finance department is headed and managed by a central team based in Paris, with decentralized and autonomous financial teams within each cluster.
Group’s financial information is prepared and monitored using key software applications.
A reporting on the Key figures is communicated on a monthly basis through a bottom up approach, followed by a top down review to confirm the reliability on the financial data. The consolidation tool is common to all Group’s subsidiaries.
The profitability per project as well as the costs of the different functions are monitored on a monthly basis, and this management reporting is aligned with the consolidation every month.
The Group consolidated financial statements are prepared in accordance with IFRS. Statutory accounts and consolidated accounts are prepared on a monthly basis (an accounting handbook written by the Group Financial Department and communicated all over Webhelp ensures the compliance with IFRS and the consistency of the consolidated financial data). Year-end consolidated financial statements are consolidated and audited.
The Group prepares quarterly reporting for its financing banks, as required by its financing agreements. Management also issues a more complete and comprehensive report at financial year ends. The reporting pack reports on key financial statement items and aggregates.
The Group has a policy for managing foreign exchange and interest rate risks, which aims to limit these risks, preserve sales margins and control interest charges.
As part of its responsibilities, the Group Legal and Compliance Department oversees the Group’s compliance with applicable laws and regulations in the countries where it operates, through its local network of lawyers. It also plays a central role in monitoring changes in laws and regulations and advising the various Group entities.
The Group Legal Department is centralized and headed in the Paris headquarters. It initiates Group policies in the areas of Group compliance, business ethics, regulatory requirements and data protection. The network of local inhouse lawyers is in charge of deploying the policies in their relevant region as well as monitoring additional local requirements.
The Group Legal and Compliance Department has issued the Code of Conduct and related trainings. The Code of Conduct is regularly updated and is completed by several procedures in the compliance matters.
IT and security procedures
The Group has streamlined its security technology to reflect best market practices and to introduce the technology required contractually by its clients or pursuant to applicable regulations. This technology aims to reduce the introduction of malware, protect personal data and detect and prevent intrusions.
All personal data is collected and processed in accordance with applicable laws and the Group’s Policies applicable at each Webhelp site, both from a Controller and a Processor responsibility point of view, specifically designed to prevent potential acts of fraud or breaches of security standards.
The third-party certifications requested by clients and audits conducted by clients also serve as a guarantee that the application of strict control procedures will be verified in order to ensure compliance with security and/or quality standards and processes.
The Group has a policy of internally releasing all relevant financial or operating information enabling employees to perform their job. The Group relies on several internal communication systems (WISE, Teams) to be sharing all policies and practices within the relevant teams.
Group information and procedures are also regularly communicated to the managers of all subsidiaries at international seminars or presentations. These rules are also reiterated at Company Board meetings. Subsidiary executives are expected to communicate instructions from Group management to their employees.
The heads of corporate support departments (Finance, IT, HR, Legal) also inform their teams of specialized personnel at meetings and training sessions.
Group senior management
The Executive Committee monitors the internal control system to ensure that the system is relevant and suited to the Group’s objectives.
This includes regular reviews on the part of management and supervisory staff. It falls within the scope of their day-to-day activities and ensures that each organizational process is consistent with the Group’s vision and strategy.
As part of the monitoring, internal audits are performed with the assistance of an external audit firm. Those audits aim at ensuring that internal rules are known, and internal control is consistent within the Group. In 2019, audits have been conducted in subsidiaries in South Africa, Turkey, Italy, Czech Republic and Morocco.
Strictly Necessary Cookies
Enhanced Functional Cookies