7

RISKS AND CONTROL

2. Internal control

178

SAINT-GOBAIN

- REGISTRATION DOCUMENT 2016

WWW.SAINT-GOBAIN.COM

Corporate departments

2.2.4

defining internal control strategies and procedures in their

responsible for setting up an internal control structure and

area. To this end, they:

Compagnie de Saint-Gobain’s corporate departments are

internal processes;

identify and analyze the main risks associated with their

‹

the Internal Control Reference Framework;

define appropriate controls based on those described in

‹

controls within their area;

inform and train the employees responsible for internal

‹

the results of internal audits.

analyze any internal control weaknesses or incidents and

‹

internal control system within the Company entities.

The corporate departments are also responsible for the

Corporate departments

Main responsibilities

Reference standards and/or measures

2016 key figures

and Medical Department

Safety (EHS) Department

Environment, Health and

Promote and coordinate

‹

Group EHS policy

principles

reference framework

Monitor the application of EHS

‹

EHS reference framework and standards

‹

Integrated EHS audits

‹

Self-diagnostic tool

‹

OSHAS 18001 and ISO 14001 standards

‹

° 43 “12-step” audits

Industry audits:

‹

° 135 “20-step” audits (1)

Distribution audits:

‹

° 448 ESPR audits (2)

Department

Information Systems

information systems and

Define Group policy for

‹

computer network security

annual self-assessment plan

Promote and coordinate an

‹

practices

Develop rules and best

‹

Minimum security rules

‹

Technical standards

‹

Development standard for secure web

‹

applications

Note on the Cloud

‹

Datacenter security rules

‹

ITAC reference bases

‹

SAP users control tool

‹

See chapter 7, section 2.4.4, General

‹

security

doctrine on information systems

Purchasing Department

Purchasing program, an

Manage the World-Class

‹

approach focusing on

department

purchasing performance,

supplier innovation

professionalization and

multi-country purchasing

Execute multi-business and

‹

purchasing activities in France

conduct multi-business

function in France and

Coordinate the purchasing

‹

ISO 9001 standard with certification in

‹

Energy for Saint-Gobain Purchasing

Raw Materials, Precious Metals and

Control Reference Framework (14 risks,

Purchasing process of the Internal

‹

38 controls to be applied)

purchaser actions in 2016

Completion of 12,000 individual

‹

technical purchases

24 internal audit assignments on

‹

countries

63 Buy/Techs executed in 20 different

‹

Risk and Insurance

Department

Define Group policy for

‹

or distribution sites

property damage at industrial

insurance and monitoring its

Define Group policy for

‹

implementation

programs

Steering centralized insurance

‹

Prevention/ protection reference base

‹

“Risks Grading” self-assessment tool

‹

Doctrine memos

‹

Risks and Insurance Intranet

‹

485 site visits by prevention engineers

‹

Risk Grading self-assessment

1,357 sites that have performed their

‹

911 assessments of Building Distribution

‹

ESPR audits

Sector sales outlets by, including 289

22 prevention training sessions

‹

Regular field inspections

‹

Department

Treasury and Financing

Define policy for financing,

‹

banking relationships for the

market risk control and

entire Group

- for subsidiary activities

- for DTF activities

Procedures reference base

‹

Daily reports (DTF) and monthly reports

‹

(subsidiaries and DTF)

112,813 internal/external foreign

‹

exchange transactions per year

per year

25,816 internal/external transfers issued

‹

Financial Control Department

operating performance

of the Group’s results and

Implement continuous control

‹

Participate in drawing up the

‹

reviews

budget and quarterly budget

figures at all levels of the

Oversee monthly results

‹

organization

Closely analyze and validate

‹

restructurings

capital expenditure plans and

the financial consequences of

divestment, merger and

investment, acquisition,

Dashboards

‹

Permanent relationship with

‹

Delegations and Sectors

controllers

Oversight of the network of Group

‹

tools

Implementation of common analysis

‹

corporate departments and Sectors

Group reference base and notices to

‹

Sectors and Delegations

Over 200 meetings per year with

‹

participation of 150 employees

15 training sessions with the

‹

215 DAC (Credit Authorization

‹

Requests)

have been completed

58 planned acquisitions, 34 of which

‹

70 divestments and mergers completed

‹

Audits following a 12- and 20-step schedule for the Group’s industrial activities.

(1)

ESPR (Environment, Safety, Prevention of Risks) audit: specific to the Building Distribution Sector.

(2)