Universal registration document and annual financial report 2020

2020 Universal registration document and annual financial report - BNP PARIBAS 275

4Consolidated finanCial statements for the year ended 31 deCemBer 2020

Statutory Auditors report on the consolidated financial statements

General IT controls

Description of risk How our audit addressed this risk

The reliability and security of IT systems plays a key role in the preparation of BNP Paribas consolidated financial statements.

We thus deemed the assessment of the general IT controls of the infrastructures and applications that contribute to the preparation of accounting and financial information to be a key audit matter.

In particular, a system for controlling access rights to IT systems and authorisation levels based on employee profiles represents a key control for limiting the risk of inappropriate changes to application settings or underlying data.

For the main systems used to prepare accounting and financial information, assisted by our IT specialists, our work consisted primarily in:

■ obtaining an understanding of the systems, processes and controls which underpin accounting and financial data;

■ assessing the general IT controls (application and data access management, application changes/developments management and IT operations management) on key systems (in particular accounting, consolidation and automatic reconciliation applications);

■ examining the control for the authorisation of manual accounting entries;

■ performing additional audit procedures, where appropriate.

Analysis of legal risk with respect to regulatory and administrative investigations and to class actions (See Notes 1.o, 2.h, 4.p and 7.b to the consolidated financial statements)

Description of risk How our audit addressed this risk

In each of the countries where it is present, BNP Paribas is subject to the regulations applicable to the sectors in which it operates. If the Group does not comply with the applicable laws and regulations, it may be exposed to significant fines and other administrative and criminal sanctions. It may also incur losses as a result of private legal disputes in connection with or unrelated to these sanctions.

Any provision recognised to cover the consequences of investigations into non compliance with certain regulations requires judgement due to the difficulty in estimating the outcome of regulatory procedures.

Any provisions recognised with respect to class actions or other private legal disputes also requires management to exercise judgement.

In light of the increase in regulatory and administrative investigations and class actions brought against financial establishments in recent years and of the significant judgement exercised by management to estimate the amount of provisions recognised, we deemed this risk to be a key audit matter.

We familiarised ourselves with the procedure for identifying and assessing legal risk with respect to regulatory and administrative investigations and to class actions, in particular through quarterly interviews with BNP Paribas legal functions.

Our work consisted primarily in:

■ obtaining an understanding of the analyses prepared by the financial and legal departments at the end of each quarterly accounting period;

■ interviewing the specialised law firms with which BNP Paribas works when subject to legal disputes.