Internal Control System Set of Procedures - IT
As HeidelbergCement AG is a capital market-oriented company in accordance with § 264d HGB, § 289, section 5 and § 315, section 2 no. 5, HGB require the Management Board to present a report containing newly introduced compulsory disclosures on the internal control and risk management system in relation to the company or Group financial reporting processes.To prepare this report, the Management Board of HeidelbergCement needs descriptions of the main accounting processes and the corresponding internal controls on Country-level. All countries have to prepare descriptions of the main accounting processes and the corresponding internal controls, and have them accessible for all employees. The ICS processes have to cover the following areas
- Order to cash
- Purchase to pay
- Asset management
- Payroll
- Financial Statement Closing Process (FSCP)
- Reporting
- IT General Controls (ITGC)
- Master Data Management
- Guideline on CBCR to governments (Country by Country Reporting)
- IFRS 16 process documentation
- Presentation RCC update 2016_CBCR
- Other[1]
In order to comply with the Group’s instructions we have prepared a set of procedures as the below index
A/A | Description | Objectives |
1. | Active Directory Account Policies | To help define and document the Account Policy settings within the HeidelbergCement Active Directory environment. Within the Account Policies are defined the Password Policy settings, Account Lockout Policy settings and the Kerberos Policy settings. |
2. | Global Remote Access Policy | The purpose of this policy is to define governance for connecting to HeidelbergCement's network from any remote location. These policy statements are designed to minimize the potential exposure to HeidelbergCement from damages which may result from unauthorized use of HeidelbergCement resources. |
3. | Group Information Security Policy | This framework represents the HeidelbergCement Group’s policy regarding information security. Information assets shall be treated as every other asset in the organization. |
4. | User Account Password Policy as for Heidelbergcement Group | This policy applies to the entire workforce, all managers, internal and external employees, student trainees, regular trainees, and organizational units of HC as well as to all persons administering the systems operated by HC whose area of responsibility includes these systems. The area of application and scope covers the entire company. |
5. | Password Polcy as for Halyps | The purpose of this policy is to make sure all company resources and data receive adequate password protection. The policy covers all employees who are responsible for one or more account or have access to any resource that requires a password. |
6. | SAP Single Sign On Policy | The purpose of this policy is to cover the needs for single sign ons. |
[1] Please clarify if you have additional processes which have a direct impact on financial reporting and are not mentioned above (if necessary with your local auditor).