PERNOD RICARD - 2018-2019 Universal registration document

4.

RISK MANAGEMENT Internal control and risk management procedures

Internal control and riskmanagement procedures 4.1

This section covering risk management and internal control follows corporate governance guidelines compliant with the French Financial Markets Authority (AMF) reference framework for risk management and internal control.

Definition of internal control 4.1.1 The internal control policies and procedures in effect within the Group are designed to ensure: that management, transactions and personal conduct comply with — guidelines relating to Group business conduct, as set out by the Group’s governing bodies and General Management, applicable laws and regulations, and in accordance with Group company values, standards and internal rules; that the accounting, financial and management information provided — to the Group’s governing bodies accurately reflects the performance and the financial position of the companies in the Group; and the proper protection of assets. — One of the objectives of the internal control systems is to prevent and control all risks arising from the Group's business activities, in particular, accounting and financial risks, including error or fraud, as well as operational, strategic and compliance risks. As with all control systems, they cannot provide an absolute guarantee that such risks have been fully eliminated. Description of the internal 4.1.2 control environment Components of the internal control 4.1.2.1 system The principal bodies responsible for internal control are as follows: At Group level The Executive Board is the permanent coordination body for the — Management of the Group. The Executive Committee ensures that the Group’s operations are — carried out and that its main policies are applied. The Internal Audit Department works under the Group Chief — Executive Officer and reports to the Executive Board and the Audit Committee. The internal audit team based at Headquarters is in charge of implementing the audit plan, with the support of the audit teams in the Regions. The audit plan is drawn up once the Group’s main risks have been identified and analysed. It is validated by the Executive Board and the Audit Committee and presents various cross-disciplinary issues that will be reviewed during the year, the list of affiliates that will be audited, and the main topics to be covered during the audits. The findings of the work are then submitted to the Audit Committee, Executive Board and Statutory Auditors for examination and analysis. External Auditors . The Board of Directors selects the Statutory — Auditors to be proposed at the Shareholders’ Meeting on the basis of recommendations from the Audit Committee. The Group has selected Statutory Auditors who are able to provide it with comprehensive worldwide coverage of Group risks. At affiliate level The Management Committee is appointed by Headquarters or the — relevant Region and is composed of the affiliate’s Chairman & CEO

and the Directors of its main functions. The Management Committee is responsible for managing the main risks that could affect the affiliate. The affiliate’s Chief Financial Officer is tasked by the affiliate’s — Chairman & CEO with establishing appropriate internal control systems for the prevention and control of risks arising from the affiliate’s operations, in particular, accounting and finance risks, including error or fraud. Identification andmanagement of risks 4.1.2.2 FY19 focused on: updating the Group’s internal control principles, a process that — involved various Group affiliates and functions; strengthening internal control within the Group, using various — approaches, including the continued development of data analytics to strengthen auditing methods; implementing the self-assessment questionnaire on internal control — and risk management. This questionnaire, which was updated during the financial year, complies with the AMF reference framework for risk management and internal control, as does its application guide, itself updated in July 2010; and performing audits: 30 internal audits were conducted in FY19. — The purpose of these audits was to ensure that the Group’s internal control principles were properly applied at its affiliates. They also reviewed the processes in place, best practices and potential for improvement in various cross-business areas (Brand Homes, IT mobility). All of the key areas for improvement identified were addressed in specific action plans drawn up at every affiliate and at Group level, which were validated by the Executive Board and the Audit Committee. Their implementation is regularly monitored and assessed by the Group’s Internal Audit Department. The work performed enabled the quality of internal control and risk management to be strengthened within the Group. Key components of internal control 4.1.2.3 procedures The key components of internal control procedures are as follows: A formal delegation of authority procedure sets out the powers of the Chairman & CEO, as well as the powers delegated to the members of the Executive Board. The internal control principles outline the common ground of all the principles and rules that apply to all of the Group’s affiliates with respect to internal control for each of the 14 main operational cycles identified. The self-assessment questionnaire , which is regularly updated to comply with the AMF reference framework for risk management and internal control. In particular, it covers corporate governance practices, operational activities and IT support. Submitted to the Group’s affiliates, it enables them to assess the adequacy and the effectiveness of their internal controls. Responses to the questionnaires are documented and reviewed by the Regions and the Group’s Internal Audit Department. All of this work is detailed in: a summary by affiliate and an overall Group summary, both of which — are provided to the Executive Board and the Audit Committee; and

124

2018-2019

PERNOD RICARD UNIVERSAL REGISTRATIONDOCUMENT