BIC - 2020 Universal Registration Document

RISKS MANAGEMENT

Risk Management and Internal Control procedures implemented by the Company and insurance

IC&A Department’s activities in 2020 a) A multi-year audit rotation schedule is in place to ensure that all sites and key processes are reviewed on average every three to five years. The 2020 schedule led the IC&A Department to perform four audits in manufacturing and distribution entities, combining initial and follow-up visits, and investigations. These audits were carried out in accordance with the methodology and procedures set by the IC&A Department, including in particular: performance of tests (walkthroughs and detailed testing) and ● interviews with the contributors of the cycles reviewed on a risk-based approach; the issuance of a report after the audit, which lists ● recommendations for improvements to be considered by the site/department, in accordance with a precise action plan and deadlines. The IC&A report is an excellent communication tool and plays an important role in the continuous improvement of controls within the Group. No significant issue was identified further to these reviews. The recommendations issued in the audit reports highlighted improvements required to certain controls to improve their effectiveness. Local Management has shared its response to these recommendations and proposed action plans, together with the related implementation dates and the responsibility for their execution. These implementations have been checked during follow-up visits performed by the IC&A Department. Furthermore, quarterly follow-up of action plans progress contributes to efficient monitoring of the recommendations’ implementation related to significant audit issues. Dashboards are communicated quarterly to the representatives of the continents and categories. Finally, best practices in terms of internal control noted while performing these reviews are communicated and shared within the Group. If necessary, the General Manager of the subsidiary provides details of non-significant weaknesses for which corrective actions will be implemented the following year. These actions should ensure that reasonable confidence can be placed on the achievement of operational goals, the reliability of financial information reported, and compliance with relevant laws and regulations in force. The IC&A Department collects the data provided by the subsidiaries and performs analyses to enhance the risk-based approach in the determination of the annual audit plan and the performance of audit work. The results will be shared with Group Statutory Auditors and the Audit Committee. A summary of the work performed by the IC&A Department during the year is presented to the Executive Committee, Audit Committee, and Board of Directors. The analysis includes a summary of the main audit findings and recommendations, as well as a summary of the risk analysis and action plans implementation progress. Perspectives and Action Plan for 2021 b) The IC&A Department will continue to focus on processes and efficiency improvements, testing of operational effectiveness of key controls, and enhancing the overall review process.

The annual audit schedule, prepared by the IC&A Department and validated by the Audit Committee and the Executive Committee, meets the multi-year rotation principle for site and processes reviews. Finally, the IC&A Department will maintain its coordination role for the continuous improvement of Group procedures and will continue to be involved in the risk management approach. 2.4.3.5 The function of the Risk Management Department is to collect, analyze and rank the external and internal arising risks that could have an impact on the Group. It coordinates the risk monitoring in agreement with the Executive Committee. 2.4.3.6 Each team member is involved in the internal control processes in accordance with his/her respective knowledge and has access to the information used to design, operate, and monitor the internal control system. The Group Internal Control Policies including the Group Controllers’ Manual, are available online for team members with access to the Group Intranet. To reinforce the commitment of all team members to the importance of internal control in the Company, the Values of the Group are posted at all Group locations so that all team members have access to them. Regular company-wide engagement surveys are conducted and cover multiple aspects of engagement and also assess our adherence to our Company Values. In 2018, over 11,000 team members were invited to participate, encompassing 59 countries. The response rate increased to 93% compared to 84% in 2016. Overall, employee engagement was favorably assessed at 84%, representing strong engagement at 4.5% above the market norm. Significant drivers of overall engagement focused on the favorable assessment of willingness to stay with BIC and recommending BIC as a good place to work. A question on Diversity and Inclusion was added to the survey to gauge whether our team members believe BIC is a diverse and inclusive work environment. This question was answered favorably at 82%. The questions on Values showed very favorable responses overall and were specifically strong with respect to the values of Responsibility and the application of Ethics. This reaffirmed the efforts taken in 2017 to reengage our team members on the importance of the principles behind the Group Code of Ethics. The Group Code of Ethics is available for all team members on the Group Intranet. The Code of Ethics and its guide were updated in 2014. The Board of Directors has taken note of it and reaffirmed, as necessary, the importance of the action and behavior principles mentioned in this Code. The Executive Committee validated the Group Code of Ethics and related procedures and policies and distributes it throughout the Group. A Group Anti-Corruption Policy was also made available to all team members on the Group Intranet in 2016, stating that the Group prohibits bribery and corruption in any form and upholding our reputation for integrity. In 2017, the Group also launched its Anti-Corruption and Code of Ethics e-learning, which was completed by most team members in all BIC markets. The Risk Management function Teammembers

67

• BIC GROUP - 2020 UNIVERSAL REGISTRATION DOCUMENT •