LEGRAND_REGISTRATION_DOCUMENT_2017

03

INTERNAL CONTROL AND RISK MANAGEMENT

Internal control system

3.2 – INTERNAL CONTROL SYSTEM

3.2.1 – Definition and purposes of internal control

The Group’s internal control system consists of a set of resources, behaviors, policies, procedures, tools and actions tailored specifically for Legrand, which: W enable it to take appropriate account of significant risks, whether strategic, operational, reputational, financial or compliance related; and W contribute to the control of its business activities, the efficiency of its operations and the efficient use of resources. The internal control system is a wide-ranging scheme not limited solely to procedures for making accounting and financial reporting data more reliable. More generally, its objectives are to: W ensure compliance with laws and regulations;

W ensure that instructions are applied and that the objectives set by the General Management are achieved; W to guarantee the proper functioning of the internal procedures, especially those that contribute to the protection and safeguarding of assets; W provide an assurance of the reliability of financial and accounting information; W support both organic and external growth; W contribute to the optimization of procedures and operations. The risk management process continually feeds into the internal control process, which, as a result, adapts in response to developments in the Group’s risk environment.

3.2.2 – Procedures, controls and assessments

The 2017 self-assessment campaign showed that the Group’s entities have achieved an overall rate of 90% conformity with the minimum requirements of the internal control scheme, similar to 2016. The Group considers that this is a satisfactory conformity rate. Targeted support is provided to help all entities to reach this level, and cross-functional initiatives are launched as and when required. In 2018, specific actions will be carried out to tighten the management rules for access to IT, to support the roll-out of new procedures as part of the compliance program, and to prevent fraud. The IT system used to support the internal control process includes a module for overseeing the action plans defined by the subsidiaries. The Group’s internal control system, and any changes it may undergo, are presented annually to the Audit Committee. The tools, procedures and results of internal control reviews are available to the Company’s Statutory Auditors, and there are regular consultations to optimize the internal control framework and coverage of risk areas, which reinforce the internal control scheme and risk control.

The Group’s internal control activity (procedures and controls) are defined in internal control standards which are regularly updated. These internal control standards, as well as all the legal, financial, management and accounting rules applied by the Group, can be accessed on the Group’s website. Internal control activities, and particularly the controls in place, are reviewed annually using a self-assessment mechanism which is mandatory for all entities and supported by a dedicated tool. The self-assessment process covers matters concerning the internal control environment, and the controls over the Group’s main processes (e.g. Purchasing, Sales, Inventory management, Payroll, Fixed assets, etc.). The questionnaire evolves each year as part of a continuous improvement process. The questionnaire is adapted to take account of the strengths and weaknesses identified during audits and self-assessments, and of changes in risks and in the control environment. The size of the questionnaire varies depending on the size of the respondent entities. The results of these self-assessment questionnaires and tests are systematically reviewed, consolidated and analyzed by the Internal Control Department.

42

REGISTRATION DOCUMENT 2017 - LEGRAND