A compliant value proposition
Carsten Højlund, Head of Group Internal Audit
A compliant value proposition
1
ISS’s business environment and specific compliance challenges
2
Value proposition
3
Implementation and monitoring in practise
4
Summary and Q&A
2
Financial highlights of 2014
Revenue
Organic Growth
74,105
2.5%
98%
Operating Profit
Operating Margin
Number of employees
4,150
5.6%
Cash Conversion
509,133
30 June 2015
What we do
51%
12%
Cleaning
Catering
29,583,169,977 total m2 of Cleaning
Contracts served. Globally. Annually.
Includes IFS Contracts.
1,164,547 total meals
prepared per day. Globally.
8%
7%
Support
Security
<45,000 Receptions manned.
Globally. Daily.
More than 498,341 h training
hours within Security Service
17%
5%
Property
Facility Management
More than 7,000 employed engineers.
3 million work orders generated
per year in the ISS Facility
Management System.
Broad exposure to both developed and emerging markets
Emerging Markets
Developed Markets
75%
43%
25%
57%
of Group revenue
of Group employees
of Group revenue
of Group employees
5
A compliant value proposition
1
ISS’s business environment and specific compliance challenges
2
Value proposition
3
Implementation and monitoring in practise
4
Summary and Q&A
6
Value proposition and focus
“Our market choices have naturally focused on identifying the
market segments where our value proposition resonates and
that have the greatest potential to contribute to the value we
want to generate for our stakeholders. In this vast and diverse
market, ISS has chosen to focus on large and medium-sized
Business-to-Business customers such as banks, hospitals,
the food manufacturing industry or remote sites where the
need for our services makes a difference to their business
and makes us a strategic partner helping to fulfil their
objectives. We provide these customers with a value added
offering which, in addition to a cost-efficient solution, delivers
among other things risk management and a sustainable and
transparent solution.”
ISS value proposition targets strategic partnerships for customers needing transparent risk management and
commitment to compliance.
The Essence of the ISS Value Proposition
A compliant value proposition
1
ISS’s business environment and specific compliance challenges
2
Value proposition
3
Implementation and monitoring in practise
4
Summary and Q&A
9
Policies and training
Values and Code of Conduct
Deployed locally
to ALL 500,000+ employees
Key compliance policies
Deployed from center
Risk based to key managers
Empowering Every Employee to Make a Difference
Follow-up and monitoring
Self assessment
Audit
Com pliance Score
Must Have Controls Assessm ent
Enforcing of Code of Conduct
Authority Matrix
SoD in ERP
Mapping local ERP to HFM
Adjustments local ERP to HFM
Bank reconciliations
Material BS account reconciliations
CF forecast approval
84%
83.57142857
Scope
Escalation of concerns
Data analysis
Period
Accounts Payable
1 Jul 14 - 30 Jun 15
Vendor Master Data (No of Vendors)
100
5
5%
4
4%
1
1%
Analysed
Investigated
- No issue
- With issue
Background inform ation and KPIs
Country
Focus Entity
Voldavia
Hospital segment
John Smith
Diana Hall
2.9%
1.0%
2.0%
0.7%
14,549
4,876
15th - 19th August
Sherlock Holmes
Auditee
Responsible manager
% of Group revenue
% of Group spend
Employees
Audit Date
Lead auditor
Access to payment systems
Statutory to HFM reconciliation
Data back-up
Active Vendors
With Transactions
225
250
90%
Focus Entity Historical financial perform ance
70
41
10
Top 3 business risks*
1)
2)
3)
15
Labour shortage
Public spending
Corruption
1
Effective, Effective Partially
no
comments
Management teams report annually on the
implementation of key controls – including
implementation of compliance tools.
Not
effective
Vendor Invoices (Amount in DKK '000)
1,000
Analysed
20
Investigated
2%
18
- No issue
2%
2
0%
- With issue
Revenue, Organic Growth & CBIII
60
50
Revenue DKK 'm
Sum m ary of tested controls
40
30
20
10
0
10%
9%
8%
7%
6%
5%
4%
3%
2%
1%
0%
Com pliance KPIs
83%
* Management's assessment
Act. Revenue
Act. CB3 %
Bud. Revenue
Org. Growth
Follow-up and confirmation of self
assessment is embedded in the Group
Internal Audit framework.
Whistleblower reporting site available in 20
languages covering 98% of main languages
of population in the countries where we
operate.
Audit Process
Baseline Audit Programme
Com pliance Score
Must Have Controls Assessm ent
Enforcing of Code of Conduct
Authority Matrix
SoD in ERP
Mapping local ERP to HFM
Adjustments local ERP to HFM
Bank reconciliations
Material BS account reconciliations
CF forecast approval
84%
83.57142857
Scope
Data analysis
Period
Accounts Payable
Background inform ation and KPIs
Country
Focus Entity
Voldavia
Hospital segment
John Smith
Diana Hall
2.9%
1.0%
2.0%
0.7%
14,549
4,876
15th - 19th August
Sherlock Holmes
1 Jul 14 - 30 Jun 15
Vendor Master Data (No of Vendors)
100
5
5%
4
4%
1
1%
Analysed
Investigated
- No issue
- With issue
Access to payment systems
Statutory to HFM reconciliation
Data back-up
Active Vendors
With Transactions
225
250
90%
Focus Entity Historical financial perform ance
70
41
Top 3 business risks*
1)
2)
3)
15
Labour shortage
Public spending
Corruption
Vendor Invoices (Amount in DKK '000)
1,000
Analysed
20
Investigated
2%
18
- No issue
2%
2
0%
- With issue
1
Effective, Effective Partially
no
comments
Not
effective
Revenue, Organic Growth & CBIII
60
50
Revenue DKK 'm
Sum m ary of tested controls
10
ISS Group Internal Audit (“GIA”) applies a broad audit programme
Auditee
Responsible manager
% of Group revenue
% of Group spend
Employees
Audit Date
Lead auditor
40
30
20
10
0
10%
9%
8%
7%
6%
5%
4%
3%
2%
1%
0%
Com pliance KPIs
83%
• to ensure that fundamentals are implemented to support our business across more than 50 countries,
• to consistently test implementation of 70 key controls within governance, finance and compliance processes,
• to verify the control self assessment submitted by management.
* Management's assessment
Act. Revenue
Act. CB3 %
Bud. Revenue
Org. Growth
Planning
• Embedded in the annual audit
planning.
• Scope includes an annual audit in
all the largest ISS countries. Rest
of ISS countries audited at least
every second year.
• Target 30+ audits per year.
• Supplementary deep-dive audits
applied following risk assessment.
Field work
• Well defined methodology to
test all 70 controls.
• Test will fail where evidence
cannot be provided by
management.
Reporting
• Summary reporting for each
audit provided to audit
committee.
Com pliance Score
84%
83.57142857
Must Have Controls Assessm ent
Enforcing of Code of Conduct
Authority Matrix
SoD in ERP
Mapping local ERP to HFM
Adjustments local ERP to HFM
Bank reconciliations
Material BS account reconciliations
CF forecast approval
Access to payment systems
Statutory to HFM reconciliation
Data back-up
Follow-up
• GIA follows up on agreed action
plans with line management
and reports monthly to senior
management.
Governance and Escalation
Board of Directors
Audit Committee
Executive Group Management
BIC update is standard
agenda item in all Audit
Committee meetings.
CFO reports on behalf of
BIC to Executive
Management Board.
CFO
Internal
Audit
Business
Integrity
Committee
Legal
People
&
Culture
BIC convenes as and when needed and at least every second month to
discuss integrity matters escalated through the line management structure or
through the whistleblower hotline.
A compliant value proposition
1
ISS’s business environment and specific compliance challenges
2
Value proposition
3
Implementation and monitoring in practise
4
Summary and Q&A
15
In summary
Our commitment to compliance is non-negotiable and rooted in our corporate
values…
…and the value proposition we bring to market.
Key policies defined and broad training programmes in place…
… and implementation is monitored across the business through self assessment
and standard audit programme.
Escalation mechanisms include an anonymous whistleblower channel.
Senior management resources committed to frequent meetings…
… and reporting directly to Executive Management with Audit Committee
supervision.
Q&A – Comments?