Saint Gobain - Registration document 2016

7 RISKS AND CONTROL 2. Internal control

Action plans follow-up 2.3.2 compliance statement campaign, and about the action plans remedy any non-compliance issues identified during the drawn up following audits performed by the internal audit. to centralize information about the measures implemented to An action plan management and monitoring database is used This means that each Group company has access to a action plans by reporting the corrective measures taken and centralized operational platform it can use to manage its also use the system to monitor these action plans. implementation schedule. The corporate departments can the progress made compared with the predefined and General Delegations. dashboard circulated to the heads of the Sectors, Activities changes to the related action plans are also monitored via a Compliance statements results, internal audit memoranda and Part 2, added in 2016, introduces the Group’s risk universe, which comprises 13 main categories of risk, covering 86 means of identifying the risks for their entities. sub-categories. The framework thus provides Directors with a Group entities. controls” (around 200) are mandatorily implemented in all process and sub-process. The controls identified as “Key Part 3 contains all the controls (around 500), organized by system. control/risk matrices that assist in understanding the control process to refer specifically to risk types by control, using The risk sub-categories listed in Part 2 are used in each

Directors of the operating entities, the heads of the IT centers to the Group’s General Management on the level of internal and the heads of the shared service centers report annually questionnaire relating to the Internal Control Reference control within their entity or center, by filling out a to remedy any cases of non-compliance with the internal Framework. They also commit to taking all necessary actions control reference framework. and tracked by the Internal Audit and Internal Control The compliance statements and action plans are centralized the information. They are reviewed if necessary with the Department, which also prepares an executive summary of corporate departments. An annual report on compliance heads of the Company’s Sectors, General Delegations and Chief Executive Officer, to whom the Internal Audit and statements is submitted to Saint-Gobain’s Chairman and Business Control Department reports, and to the Audit and Risks Committee of the Board of Directors.

2.4

REFERENCE STANDARDS AND PROCEDURES

Compagnie de Saint-Gobain has developed internal control of its subsidiaries. and risk management procedures for its own needs and those

Framework Internal Control Reference

2.4.1

Framework: There are three parts to the Internal Control Reference Part 1 – Internal control and risk management at ‹ Saint-Gobain; Part 2 – Risk universe; ‹ Part 3 – The 18 internal control processes. ‹ Part 1 describes the Group’s internal control and risk and the current oversight arrangements. management system, its implementation in the subsidiaries

180

SAINT-GOBAIN - REGISTRATION DOCUMENT 2016

WWW.SAINT-GOBAIN.COM