Universal Registration Document 2023

2. Risk and Risk management - AFR

2.2.2 Internal control framework

Publicis Groupe has a long established a framework (called “Janus”) setting the Groupe’s values, the principles and practical rules of ethical conduct and social responsibility, as well as other practices enabling the Groupe's entities to carry out their activities in compliance with laws, regulations and best practices. The content of “Janus” is regularly updated. These guidelines are applicable and communicated to all Groupe hierarchy levels and in all business lines and countries. They are also always accessible online to all Groupe employees. They are the foundation of the Groupe’s control environment.

The procedures relating to the preparation of accounting and financial information, the information systems security and major operational processes are detailed in order to ensure consistency at all levels of the Groupe and the various networks.

The control environment is also strengthened through a network of shared service centers (Re:Sources) systematically implemented by Publicis Groupe since 1996 in order to overcome the challenges faced by a business that relies on a large number of agencies. This network is managed by the Shared Platforms CEO, reporting to the Chairman of the Management Board, with the legal, financial, employment matters and benefits functions of the shared service centers respectively under the functional responsibility of the Groupe’s Legal, Finance and Human Resources Departments. The network of shared service centers covers more than 99% of Groupe revenue as of December 31, 2023.

The use of the same management application (ERP) in the large majority of the Groupe’s agencies, as well as a single financial consolidation system for all entities, also ensures a good internal control quality through standardized processes and the sharing of best practices.

The Management Board, the Secretary General, the Finance Department, the shared service centers, as well as the teams dedicated to IT, real estate, insurance and mergers and acquisitions, the Internal Audit, Risk Management and Internal Control Departments and the networks' operational managers are all involved in deploying the internal control framework.

For companies acquired by the Groupe, the deployment of the internal control framework is rapidly launched and is generally completed within 12 months of the acquisition date. In addition, acquisitions are given particular attention when defining the annual internal audit plan.

2.2.3 Monitoring the effectiveness of the internal control framework

The Groupe’s senior management is responsible for the Groupe’s internal control framework. The Secretary General and the VP Internal Audit, Risk & Control regularly report to the Audit Committee and to the Management Board on the quality of the Groupe’s internal control framework. The VP Internal Audit, Risk & Control meets the Chair of the Audit Committee one‑on‑one at least once a year, which guarantees its independence.

2.2.3.1 Internal audit assignments

The Internal Audit Department helps the Groupe to achieve its objectives by assessing, with a methodical and systematic approach, the effective implementation and relevance of a set of internal control, risk management and corporate governance procedures and processes.

The missions and responsibilities of the auditors are described in the internal audit charter, which is included in the Code of Conduct and Ethics (Janus). This charter highlights the independence of the internal audit function and stipulates the duties and prerogatives of the auditors and audited entities.

The internal audit team is composed of around twenty experienced auditors, including, since 2021, auditors dedicated to information systems audits. They all carry out internal control assessments that encompass various financial and operational processes within the Groupe’s entities, based on an annual audit plan which, since 2022 has progressively included IT controls. This audit plan is based on an assessment of the risks impacting the various entities (including corruption risk), as well as past events, specific requests from Senior Management and consultation interviews with management of the countries and regions; this annual plan is approved by the Management Board and validated by the Audit Committee.

The Internal Audit Department conducted 86 assignments in 2023, mainly entity audits, but also special assignments covering specific and cross‑functional issues at various levels within the Groupe, as well as internal investigations of cases of suspected fraud or alerts reported through the Groupe’s internal whistleblowing system. 2023 was an opportunity to strengthen integrated audits, which include IT controls. In addition, data analysis was strengthened by the recruitment of new skills.