2.2 Internal control and risk management procedures
2.2.2 Internal control frameworkThe Groupe’s internal control system also includes the Groupe’s whistleblowing system, which collects all types of alerts, whether internal or external.
This diagram illustrates Publicis Groupe’s governance and internal control model, which is structured around three lines of control.
The Board of Directors oversees the entire organization, supported by two specialized committees: the Strategy, Environment, and Social Committee, and the Audit and Financial Risk Committee.
The Executive Committee / Management Committee oversees two types of departments, in collaboration with Internal Audit and the external auditors.
First control line — Operational Guidelines: Countries, Regions, Careers.
Second control line — Operational functions such as: Finance Department, Legal & GDPR* Department, Compliance Department, HR Department, IT Department, GSO** Department, Risk Management Department, FMC*** Department, CSR Department, Insurance Department, Mergers & Acquisitions Department.
The First Line of Defense and the Second control line are linked through the Shared Service Centers.
Third control line — Internal Audit.
At the same time, external auditors are involved.
2.2.2 Internal control framework(1)
Publicis Groupe has a long established a framework (called “Janus”) setting the Groupe’s values, the principles and rules of ethical conduct and social responsibility, as well as other policies and procedures enabling the Groupe’s entities to carry out their activities in compliance with laws, regulations and best practices. The content of Janus is regularly updated. It is the foundation of the Groupe’s control and risk management environment. This framework is applicable and communicated to all Groupe hierarchy levels and in all business lines and countries. It is also always accessible online to all employees. Certain chapters of “Janus” are available on the Groupe’s public website.
The procedures relating to the preparation of accounting and financial information, the information systems security and major operational processes are detailed in order to ensure consistency at all levels of the Groupe and the various networks.
The Executive Management, Secretary General, CSR Department, Finance Department, shared service centers, Global Security Office (GSO), personal data protection, as well as the teams dedicated to IT, real estate, insurance and mergers and acquisitions, the Internal Audit, Risk Management and Internal Control Departments and the networks’ operational managers are all involved in deploying the internal control framework.
The shared service centers (Re:Sources) have been systematically implemented by Publicis Groupe since 1996 in order to overcome the challenges faced by a business that relies on a large number of agencies. This network is managed by Publicis Re:Sources CEO and the Groupe Chief Information Officer (CIO), reporting to the Chairman and Chief Executive Officer. The legal, financial and personnel management functions of the shared service centers are respectively under the functional responsibility at Groupe level of the Legal, Compliance, Finance and Human Resources Departments. The network of shared service centers covers more than 99% of Groupe revenue as of December 31, 2025.
The use of the same management application (ERP) in the large majority of the Groupe’s agencies, as well as a single financial consolidation system for all entities, also ensures good internal control quality through standardized processes and the sharing of best practices.
For companies acquired by the Groupe, the deployment of the internal control framework is rapidly launched and is generally completed within 12 months of the acquisition date. In addition, acquisitions are given particular attention when establishing the annual internal audit plan.