7

7

RISKS AND CONTROL

2. Internal control

179

SAINT-GOBAIN

- REGISTRATION DOCUMENT 2016

Corporate departments

Main responsibilities

Reference standards and/or measures

2016 key figures

Doctrine Department

all financial, administrative

Manage, update and distribute

‹

and management procedures

companies

applicable to the Group’s

Group organization and procedures

‹

Financial and accounting standards

‹

Group Intranet

‹

Doctrine Intranet

403 documents available on the

‹

338 questions addressed via the hotline

‹

News

1,417 employee subscribers to Doctrine

‹

Legal Department

Identify the main legal risks

‹

Define and implement

‹

relevant policies and controls

Provide guidance to

‹

network of compliance and

operational staff through the

embargo correspondents

economic sanctions and embargos, gifts

on competition, anti-corruption rules,

interest, etc.)

and invitations policies, conflicts of

in force (particularly in relation to laws

Group Doctrine in respect of legislation

‹

in force and Group policy adopted on

Employee training related to legislation

‹

the subject (online and in person

trainings)

Questions on the compliance statement

‹

Internal Control Reference Framework

General Management controls in the

‹

completed online training on

More than 23,000 employees

‹

at least once

anti-corruption rules or competition law

Embargos” online training on economic

“Saint-Gobain Economic Sanctions and

sanctions and embargos

More than 5,000 employees completed

‹

counsel (since 2007)

competition audit by specialized legal

More than 145 sites subject to

‹

training seminars (competition law,

In 3 years, more than 400 compliance

‹

anti-corruption rules, economic

organized

sanctions and embargos) have been

Sectors, Activities and General

2.2.5

Delegations

The Presidents of the Sectors, Activities on the one hand, and

managing the specific risks associated with their business.

compliance with Group instructions. They are responsible for

Their responsibilities also include:

of the General Delegations on the other, are tasked with

companies under their responsibilities and ensuring

distributing the Internal Control Reference Framework to the

which are laid out in their own risk map;

assessing and managing the principal risks in their domain

‹

specifying, so far as is necessary, the specific conditions for

‹

implementation of Group controls to reflect the particular

their scope;

features of the processes and information systems within

entities in their scope;

necessary by risks specific to the operations carried out in

prescribing the supplementary controls which are made

‹

Internal Audit and Business Control Department;

leading the compliance statement procedure set up by the

‹

results of audits to achieve continuous improvement of the

analyzing internal control failures and incidents, and the

‹

internal control system;

defense, which they represent directly through the

coordinating the supervisory controls or second line of

‹

controls on major points.

dissemination of standard procedures or the sampling of

MANAGEMENT PROCESS IN THE GROUP’S ENTITIES

IMPLEMENTATION OF THE INTERNAL CONTROL AND RISK

2.3

control system that is appropriate to its needs and aligned

Each entity is responsible for implementing an internal

with the Group’s internal control system.

The head of each entity is responsible for:

system in place within their entity;

the relevance and effectiveness of the internal control

‹

its compliance with the Group’s internal control system;

‹

appropriate management of the risks faced by their entity.

‹

support from the Company’s corporate and operational

This responsibility can not be delegated and is exercised with

Directors and from the site Directors.

To build a suitable internal control system for their business,

described below:

the Directors of the entities have to follow the steps

introducing the fundamentals of internal control;

‹

Control Reference Framework;

implementing the controls described in the Internal

‹

risks;

by incorporating controls for dealing with the identified

analyzing the main risks and extending the Internal Control

‹

deploying the internal control in all of the entities’ sites;

‹

overseeing the internal control and risk management

‹

statement.

system, specifically at the time of the compliance

Compliance statement

2.3.1

is used to periodically assess entities’ compliance with a

The compliance statement is a self-assessment process which

fundamentals.

limited number of Internal Control Reference Framework