LOREAL_Registration_Document_2017

2 Corporate governance *

RISK FACTORS AND CONTROL ENVIRONMENT

The Administration and Finance Division This Division’s main role is to assist and control the operational employees in their administrative, financial and legal activities and in the processing of information. In order to do so, it sets the operating rules that apply to all entities and is responsible for the definition and deployment of tools, procedures and best practices, particularly in the following areas: financial control, accounting and consolidation, financing and treasury, tax matters, legal affairs, financial communication, strategic planning, information systems and insurance. An Internal Control Committee has the task of taking all measures to promote the proper understanding and the proper application of the Group’s Internal Control rules and also to monitor progress on important Internal Control projects. It consists of the Administrative and Finance Director and of the Risk Management and Compliance, Internal Control, Operational Finance, Internal Audit and Organisation and Information Systems (Global IT) Directors. The Risk Management and Compliance Department The objective of this department, which was created in 2012, is to identify, assess and prioritise risks with all those concerned, and keep the risk mapping analysis up-to-date. Its aim is to promote optimal use of resources to minimise and control the impact of negative events and maximise the realisation of opportunities. The Internal Control Department This department, which is separate from Internal Audit and placed under the responsibility of the Risk Management and Compliance Department, ensures the distribution and updating of the “Fundamentals of Internal Control” guide. Frequent actions at seminars and during training cycles and the publication of newsletters help to increase knowledge of this tool, to improve its application and use by operational employees and keep them informed of the Group’s projects and priorities in the area of Internal Control. It is responsible for the continued development of the network of Internal Control managers in the Group’s entities. In this connection, the role of this function was specifically detailed and a training module was created. At the end of 2017, the Internal Control Department had a network of 140 local managers present in the Group’s different entities. The Internal Control Department leads the Internal Control Committee and coordinates the implementation of projects decided by the Internal Control Committee with the business line experts. The updating of the standards mentioned in this document is one example of this work. With the constant desire for improvement, the Internal Control Department, on the basis of the “Fundamentals of Internal Control” reference guide, develops, disseminates and coordinates self-evaluation campaigns focusing on the main risks and issues identified, gradually being rolled out in each of the professions and businesses. The self-evaluation of Internal Control makes it possible for the Group’s entities to ensure the due and proper functioning of the system and to reinforce it with operational actions. In addition, this department monitors the regulatory obligations relating to Internal Control.

The Audit Committee and the Board of Directors The Board of Directors has always asserted the importance that it attributes, together with General Management, to Internal Control and to its main areas of application. Since its creation, the Audit Committee has been responsible for monitoring actions undertaken in the area of Internal Control and it reports thereon to the Board of Directors. Its remits are defined in the Internal Rules of the Board of Directors. Each year, the committee performs a review of the Internal Audit plan, its objectives and the general conclusions of Internal Audit assignments. Major Internal Control projects and initiatives are also presented to it. The committee then prepares a report with its own remarks for the Board of Directors. The Operational Divisions and geographical zones The Group is organised into worldwide Divisions and geographical zones which are fully responsible, with the management of each country, commercial or industrial entity, for the achievement of the objectives defined by the General Management with regard to Internal Control. The Functional Divisions bring their expertise to all operational employees. Worldwide responsibilities for Internal Control of the activities of their Division or department are entrusted to each of the members of the Management Committee. A system of delegation of authority is in place and continues to be reinforced. The powers of the legal representatives of Group companies and of those to whom they delegate are limited and controlled in accordance with the provisions of the Legal Charter. Specialists in financial control, information systems, Human Resources or industrial and logistics techniques provide support to operational employees at all levels of the organisation, which makes it easier to disseminate Internal Control best practices. The Functional Divisions and Departments Through their network of specialists or via regular audits, the Functional Divisions review the functioning of their respective areas of responsibility, as follows: the Purchasing Department with regard to suppliers and s their working conditions; the Environment, Health & Safety Department, for checks s related to site safety and environmental compliance; the Quality Department to measure performance and the s progress made by industrial entities with regard to the quality of production; the Global IT Department to assess compliance with the s Security Policy. Indicators and reporting procedures enable the regular monitoring of the local activities of most of these Functional Divisions. Each of the Functional Divisions defines, in their own areas, the focuses and procedures that they pass on to the countries and entities.

REGISTRATION DOCUMENT / L'ORÉAL 2017

108