Saint Gobain - Registration document 2016

7 RISKS AND CONTROL 2. Internal control

Internal control 2. operations, compliance with laws and regulations, and application of its strategy, the effective conduct of resilience to external events as quantified in a business Every Group company assesses the key risks affecting the continuity plan. The entities are responsible for their own internal control and with teams under the umbrella of the shared service centers for managing their process risks, and work collaboratively between these organizations for successful skills optimization or IT centers. It is essential that there is a segregation of tasks are managed by the General Delegations. The Group are managed by the Sectors and Activities; elsewhere, they and transaction security. In France, the shared service centers Paris Stock Exchange regulated market. requirements applicable to companies listed on the Euronext Commission (COSO). The system complies with the legal Committee of Sponsoring Organizations of the Treadway Supported by a continuous improvement process and an internal control and risk management system is a whole set of Internal Control Reference Framework, Saint-Gobain Group’s company’s specific characteristics which: means, behaviors, procedures and actions tailored to each implementation of its strategy, the effectiveness of its contributes to the control of its activities and the ‹ operations and the efficient use of its resources; financial, compliance and other risks. enables it to appropriately address material operational, ‹ It is more specifically designed to provide assurance concerning: guidelines; application of general management’s instructions and ‹ company; compliance with the laws and regulations applicable to the ‹ industrial, marketing, financial and other processes; the efficiency and effectiveness of internal operating, ‹ particular the prevention of fraud; the protection of tangible and intangible assets, in ‹ the reliability of financial information. ‹ July 2010, and on the 2013 update to the framework from the (Autorité des marchés financiers - AMF), as updated in Saint-Gobain’s internal control and risk management system framework defined by the French securities regulator is based on the internal control and risk management 2.1

Corporate Departments help to define shared common guidelines with the Sectors and General Delegations. connection with balance sheet and cash flow reviews, Priority measures, or “6 Essentials”, have been defined in discrepancies, margin analysis and validation of sales policies, improved competitive bidding, analysis of inventory addition of computer access management and risk and excellence in managing travel expenses. The systematic alignment of objectives. management helps to ensure optimum performance and Internal control and risk management are matters for all needs, under the personal responsibility of its manager. implementing an internal control system appropriate to its Group employees. Every entity is responsible for

MANAGEMENT SYSTEM COMPAGNIE DE SAINT-GOBAIN’S INTERNAL CONTROL AND RISK

management system is therefore more than just a set of The Saint-Gobain Group’s internal control and risk processes. It is in place in all Group entities, where it procedures and it extends beyond accounting and financial performance. contributes to value creation and strengthens companies’

management environment The internal control and risk

2.1.1

system are as follows: The cornerstones of the internal control and risk management adherence to the values and behavioral rules set out in the ‹ the Principles, see Saint-Gobain today, Corporate culture), Saint-Gobain Principles of Conduct and Action (regarding which are distributed to all employees; clearly defined organization and allocation of ‹ ensuring effective segregation of duties; responsibilities, supported by written procedures and are aligned with the effective allocation of responsibilities; delegations of signature authority and other powers that ‹ policies for human resources management aimed at ‹ needed to fulfill their responsibilities and training policies ensuring that new hires have the knowledge and skills and knowledge; to help Group employees expand and update their skills manner to employees; written internal procedures distributed in an appropriate ‹ issued by the Group Information Systems Department. have an obligation to comply with the basic security rules effective segregation of duties. Saint-Gobain subsidiaries the basis of allocated roles and responsibilities, to maintain secure information systems with access rights granted on ‹

7

175

SAINT-GOBAIN - REGISTRATION DOCUMENT 2016