7

7

RISKS AND CONTROL

2. Internal control

177

SAINT-GOBAIN

- REGISTRATION DOCUMENT 2016

control and anti-fraud.

At the end of 2016, the Internal Audit and Business Control Department had 95 staff, working in the areas of audit, internal

Control Department

Internal Audit and Business

Main responsibilities

Reference standards and/or measures 2016 key figures

Internal control

Control Reference Framework

Develop and maintain the Internal

‹

Communicate and provide training

‹

management

on internal control and risk

statement process

Lead the annual compliance

‹

Analyze incidents, self-assessments

‹

and audit results

Monitor implementation of action

‹

plans

Internal Control Reference

‹

data sheets or Group memos

Framework and associated practical

Internal Control briefs

‹

Webinars and training sessions

‹

(Business Control Forums

(1)

)

Community (My SG)

Intranet and Internal Control

‹

ACTT2 database

(2)

‹

Dashboard/QlikView

(3)

‹

(655 questionnaires sent)

2016 Compliance Statement update

‹

Approximately 6,700 action plans

‹

end of 2016

open within ACTT2 database at the

managers trained during 16 Business

1,213 corporate leaders and

‹

countries

Control Forums in 14 different

newsletters published

19 webinars delivered and 13

‹

Internal Control community

Approximately 630 members of the

‹

Risk management

universe

Define and maintain the Group’s risk

‹

Perform risks map

‹

methodology

Develop the risk management

‹

Risks universe

‹

Risks map

‹

companies

Methodological tool for Group

‹

67 existing maps, of which 21 were

‹

updated in 2016

6 methodological training sessions

‹

via webex

Internal Audit

Ensure the relevance and

‹

systems

effectiveness of internal control

statements

Check the accuracy of compliance

‹

Identify and share best practices

‹

Perform organizational advisory

‹

request

tasks at general management’s

the department’s main objectives

Cross-functional audits according to

‹

Audit plan

‹

Audit methodology

‹

6 Essentials

(4)

‹

Best practices library

‹

IT Analysis Tool

‹

Auditor training Program

‹

169 audits performed

‹

published

52 new best practice briefs

‹

Entities covered every 5 years

‹

Anti-fraud

Develop anti-fraud policies

‹

Ensure fraud prevention

‹

Investigate fraud incidents

‹

Training and awareness

‹

Fraud incident reports

‹

managers trained

More than 200 Directors and

‹

internal control, anti-fraud measures, audit and compliance statements results, as well as practical case studies on various processes.

Business Control forums are 1- to 2-day training programs for Directors and managers, carried out within the Delegations. They primarily cover the fundamentals of

(1)

Centralized database for monitoring compliance statements and action plans.

(2)

security, risk and insurance, fraud reporting and financial data.

Online dashboard containing all information relating to internal control (compliance statement results, action plan implementation rates), audit assignments, IT

(3)

Fraud detection audit methodology.

(4)