2018 Registration document and annual fi nancial report - BNP PARIBAS274
4 CONSOLIDATED FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 DECEMBER 2018
4
Statutory Auditors report on the consolidated fi nancial statements
Analysis of legal risk with respect to regulatory and administrative investigations and to class actions (See Notes 1.o, 3.h, 5.p and 8.b to the consolidated fi nancial statements)
Description of risk How our audit addressed this risk
In each of the countries where it is present, BNP Paribas is subject to the regulations applicable to the sectors in which it operates. If the Group does not comply with the applicable laws and regulations, it may be exposed to signifi cant fi nes and other administrative and criminal sanctions. It may also incur losses as a result of private legal disputes in connection with or unrelated to these sanctions.
Any provision recognised to cover the consequences of investigations into non-compliance with certain regulations requires judgement due to the diffi culty in estimating the outcome of regulatory procedures.
Any provisions with respect to class actions or other private legal disputes also requires management to exercise judgement.
In light of the increase in regulatory and administrative investigations and class actions brought against fi nancial establishments in recent years and of the signifi cant judgement exercised by management to determine the amount of provisions recognised, we deemed this risk to be a key audit matter.
We were informed of the procedure for identifying and assessing legal risk with respect to regulatory and administrative investigations and to class actions, in particular through quarterly interviews with BNP Paribas legal functions.
Our work consisted primarily in: ■ obtaining an understanding of the analyses prepared by the fi nancial and legal departments at the end of each quarterly accounting period;
■ interviewing the specialised law fi rms with which BNP Paribas works when subject to legal disputes.
General IT controls
Description of risk How our audit addressed this risk
The reliability and security of IT systems plays a key role in the preparation of BNP Paribas consolidated fi nancial statements.
We thus deemed the assessment of the general IT controls and the application controls specifi c to the information processing chains that contribute to the preparation of accounting and fi nancial information to be a key audit matter.
In particular, a system for controlling access rights to IT systems and authorisation levels based on employee profi les represents a key control for limiting the risk of inappropriate changes to applications settings or underlying data.
For the main systems used to prepare accounting and fi nancial information, assisted by our IT specialists, our work consisted primarily in:
■ obtaining an understanding of the systems, processes and controls which underpin accounting and fi nancial data;
■ assessing the general IT controls (application and data access management, application changes/developments management and IT operations management) on key systems (in particular accounting, consolidation and automatic reconciliation applications);
■ examining the controls for the authorisation of manual accounting entries;
■ performing additional audit procedures, where appropriate.