Anne Defrenne-Leroy

Conducting consulting missions in internal audit and control, risk management, compliance/ AML-CFT/ Sapin 2, CSRD, fraud/ cyber/ DORA.

Examples of missions:

- On behalf of a mutual insurance company (MGEN Solutions), supporting the development of operational risk matrices, identifying controls covering risks, and developing action plans.

- On behalf of a subsidiary of the Mulliez group, developing a map of major risks.

- On behalf of a financial institution subject to ACPR regulations, conducting outsourced periodic control (organizational, financial, AML-CFT, IT, BCP, PSEE, ... audits).

- On behalf of an energy sector operator, developing an Internal Control Manual.

- On behalf of a works council, conducting a risk mapping mission related to fraud (internal and external) and non-compliance with procedures, developing an action plan.

Examples of missions for IFACI:

- Evaluation and certification missions for Internal Audit Departments (Covéa, Groupe VYV, MAIF, Mutuelle Générale, Total, Sodexo, Renault, Orange, Société Générale, BNPP, Groupe Barrière…) as an IFACI (French Institute of Audit and Internal Control) certifier.

- Facilitating training sessions on various topics (governance, risk management, internal audit, internal control, DORA, CSRD/ Taxonomy).

- Facilitating training in audit and internal control for IFACI as well as in fraud & cyber for clients.

- Administrator of the Club des Administrateurs de ETI et PME (ADAE).

Creation and development of the Risk Consulting Department within the EXPONENS group to complement the "core-business" activities of accounting and auditing. Reporting to the President-Founder of the firm. Team management (1 to 6 auditors).

1) Internal Audit for large groups and medium-sized companies/SMEs:

- Organizational/strategic/financial/operational/compliance/IT/Sapin 2 audits for large accounts (Aéroports de Paris) and medium-sized companies/SMEs (e.g., Mutuelle Fraternelle d’Assurance, Socram Banque, Sisley, Apsys,…)

- Performance improvement missions (e.g., study to improve the functioning of Works Councils of the Opéra national de Paris, evaluation of the transformation plan of the CCI de Paris).

- Conducting fraud investigation missions.

2) Internal Control and Compliance:

- Evaluation of the internal control system for audit mandates of the firm (e.g., Sisley, Expertise-France),

- Drafting, updating procedures and policies (Vastned),

- Diagnosis of internal control, risk management systems subject to Solvency 2 for mutual insurance companies,

- Conducting outsourced periodic control with financial institutions (bank, insurance) subject to AMF and ACPR financial and banking regulations.

3) Risk Management:

- Developing and updating risk maps at the corporate and division levels,

- Defining, deploying, monitoring action plans for the main risks and reporting to the Audit Committee,

- Diagnosing risk management systems.

4) Training:

- Raising awareness and facilitating training on audit and internal control, fraud and cybersecurity.

Writing articles in the DFCG journal and co-writing two books ("Organizational Governance" and "Association Governance") published by Dunod.

Facilitating conferences (CRCC de Paris, Forum Associations)

Team management (1 to 6 consultants), particularly in the following areas:

INTERNAL AUDIT:

- Coordination, supervision, and execution of financial/operational/compliance/IT audits of subsidiaries (approximately 15 to 20 missions per year in Europe and USA) for Danone, Havas, Sage, Renault, United Biscuit, Gaz de France,

- Presentation of audit results at closing meetings and to the Audit Committee,

- Assistance in the creation and implementation of an internal audit function (Axway/Sopra),

- Supporting Internal Audit Directors in the transformation and improvement of the internal audit department for Nissan Europe, La FDJ.

INTERNAL CONTROL:

- Development, deployment, and facilitation of the internal control system for La FDJ, Engie (ex-GDF),

- Rationalization of the internal control system with the Internal Control Department of the Orange group,

- Evaluation of the SOX (Sarbanes-Oxley Act) internal control system for subsidiaries of American groups (e.g., Daimler-Chrysler, Yamaha, Cephalon, Johnsondiversey, General Motors) and J-SOX (for subsidiaries of Japanese groups such as Nissan Europe, Yamaha),

- Development of an internal control manual (Lagardère Active),

- Coordination of the internal control review during the acquisition of Hagemeyer by Rexel.

RISK MANAGEMENT:

- Development of risk maps and action plans (Valéo, Faurecia..).

FRAUD:

- Implementation of fraud prevention systems (anti-fraud plan).

GOVERNANCE:

- Diagnosis of the functioning of corporate and operational governance for La FDJ.