Universal Registration Document 2023

2.2 Internal control and risk management procedures

2. Risk and Risk management - AFR

2.2 Internal control and risk management procedures

2.2 INTERNAL CONTROL AND RISK MANAGEMENT PROCEDURES

2.2.1 Objectives and organization

The internal control and risk management framework is fully integrated into the operational and financial management of the Groupe. Its remit extends across all the Groupe’s activities and structures. The Groupe internal control and risk management policy, which is regularly monitored by the Audit Committee and the Strategy and Risk Committee, approved by the Management Board and applied at all levels of the Groupe, is designed to provide reasonable assurance regarding the achievement of the Groupe’s objectives in relation to:

  • the reliability of financial and non‑financial information;
  • compliance with applicable laws and regulations;
  • the management of strategic, operational and financial risks;
  • the efficacy and efficiency of operations, in line with the direction set by the Management Board.

The objectives of this framework, as approved by the Management Board and presented to the Audit Committee and Strategy and Risk Committee, are to enable:

  • continuous monitoring aimed at identifying risks and opportunities having a potential impact on the achievement of the Groupe’s strategic, operational and financial objectives;
  • appropriate communication about risks contributing to the decision‑making process;
  • regular monitoring of the effectiveness of the Groupe internal control and risk management framework.

The Groupe has a Secretary General function, which allows an organized and centralized monitoring of the activities that constitute the internal control framework. The Secretary General is a member of the Groupe’s Management Board. This function includes the Legal Department (managed by the General Counsel), the Internal Audit, Internal Control and Risk Management Department (managed by the VP of Internal Audit, Risk & Control), the Human Resources Department (compensation and employee benefits, human resources information system management, employee‑related matters and mobility) and Corporate Social Responsibility (CSR). The Secretary General attends all meetings of the Strategy and Risk Committee. The Secretary General and the VP of Internal Audit Risk & Control attend all Audit Committee meetings and have easy access to its Chair and each of its members. Similarly, the Audit Committee has direct access to the Groupe’s risk management and internal control department. Expertise that enables a broader vision of risks and action levers are thus brought together, which supports the effort to improve risk management throughout the entire organization.

The Groupe’s internal control and risk management system bases its structure on the 2013 COSO (Committee of Sponsoring Organizations of the Treadway Commission) guidelines, as well as the reference framework defined by the AMF.

This organizational chart outlines the Group's activities and structures.

At the top of the organizational hierarchy is the supervisory board. Just below it are the ESG committee, the strategic risk committee, and the audit committee. Next is the Management board, under which the first line of defense is located, consisting of the operational department in countries, regions, and businesses. Following this is the second line of defense, made up of operational functions such as the finance department, legal department, compliance department (compliance and data protection), risk management, FMC (Financial Monitoring Controls) department, and CSR (Corporate Social Responsibility) department. Below the first and second lines of control is the shared service centers, which is directly linked to the management board. Finally, we have the third line of control, consisting of internal audit. External auditors also operate throughout the group's organization