Groupe Renault - 2019 Universal Registration Document

RENAULT: A RESPONSIBLE COMPANY

ANNUAL GENERAL MEETING OF RENAULT ON APRIL 24, 2020

GROUPE RENAULT

CORPORATE GOVERNANCE

FINANCIAL STATEMENTS

RENAULT AND ITS SHAREHOLDERS

ADDITIONAL INFORMATION

INTERNAL CONTROL AND RISK MANAGEMENT

Main actors in internal control and risk management In accordance with the AMF’s general internal control principles and respecting the principle of the separation of offices, the Renault internal control system is implemented in accordance with the three lines of defense set out in section 1.5.1.3: at line one are: P operational management, which adapts and applies within its P scope of responsibility the internal control and risk management principles and methods defined at Group level, employees, who are expected to comply with the internal P control system established for their work areas and with the code of ethics Groupe Renault and the Guide for preventing corruption and influence peddling as well as their own dedicated Codes of Ethics; at line two, this system is permanently monitored to evaluate its P proper application and efficiency. This monitoring is performed by: the Internal Control department using self-assessment P questionnaires and compliance tests. It also sees that action plans are carried out if any shortcoming is observed, the Risk Management department: as both project leader for P mapping the Group’s major risks, and adviser and support for risk mappings by programs, operating entities in Regions (whether industrial or commercial), global functions, or for more specific mapping needs, the Group Performance and Control department coordinates P and leads this process in the field, supported by its representatives in the entities and Regions. It ensures that all personnel comply with management rules and assists operational staff in the coordination of their action plans and monitoring, the departments, known as “Corporate Functions”, represent P the business functions and are responsible on a global scale for establishing policies, standards and methods; at the third level is the Internal Audit department, which conducts P an independent and objective assessment of corporate governance, risk management and control processes, as defined within the Group. Through its recommendations, Internal Audit contributes to the improvement of operational security and the optimization of the overall performance of the company. At the end of each assignment, Internal Audit distributes a final report and summary note, which are systematically distributed to the audited functions/regions/projects, the Chief Executive Officer and the Chairman of the Group. The summary note includes an opinion issued by Internal Audit that aims to give an overall assessment on the level of control of the audited activities: satisfactory (green), some improvements needed (yellow), substantial improvements needed (orange), insufficient (red). 1.5.1.5

The Internal Audit department monitors all Groupe Renault entities and activities excluding the financial branch (RCI), which has its own Internal Audit structure. It can also audit functions that have converged with Nissan. For entities in partnership with Renault, Internal Audit may intervene if the partner so agrees. For activities entrusted to third parties, intervention by Internal Audit is possible if the contract’s audit clause so provides. Audit plans are made on an annual basis. They are verified by Senior Management and approved by the Audit, Risks and Compliance Committee. Annual audit plans are revised as necessary to take into account additional requests. Internal Audit missions make it possible to: assess the compliance of processes and their application with the P rules, standards, laws and; regulations in force; P assess the effectiveness of processes and the performance of P transactions; verify the quality of the controls performed by the operational P department and the support and control functions; suggest areas for improvement or progress in the form of P recommendations; fight against fraud and corruption; P verify the effective implementation of the recommendations. P Following the recommendations made in the audit report, an action plan defined by the audited entities is approved by the audit function. Recommendations have three levels of criticality (high, medium, low, identified respectively as A, B and C). The Internal Audit department ensures that the recommendations are implemented. Every six months, it prepares a progress report on A and B recommendations for the Group Executive Committee and the Audit, Risks and Compliance Committee. The Internal Audit department is certified by the French Institute of Audit and Internal Control (IFACI) (1) , in accordance with the standards for the professional practice of internal auditing ( référentiel professionnel de l’audit interne , RPAI) comprising 25 general requirements divided into 100 detailed requirements across five categories: positioning, steering, audit processes, GRC (governance, risks and compliance) assessment program and professionalism.

01

French Institute for Audit and Internal Control (Institut français de l’Audit et du Contrôle interne). (1)

93 GROUPE RENAULT I UNIVERSAL REGISTRATION DOCUMENT 2019