NEOPOST_REGISTRATION_DOCUMENT_2017

3

Management Report

Risk factors

a wrap-up brief following the audit; • delivery of a preliminary report by the Auditors; • a response from the audited entities with specific action • plans for each audit point (manager, description of the action plan and deadline); delivery of the final report to the managing director, the • Group chief financial officer, the Chairman and CEO and the Regional director; the quarterly follow-up audit via a communication to the • regional director and a review during the Operating Reviews. general audits: 23 audits covering all aspects of internal • control were carried out in 16 different entities. They dealt with all topics coverd by the self-assessment questionnaire; thematic audits: 5 on specific topics; • follow-up audit: 4 for situations requiring a regular • follow-up. In addition, training sessions for new Auditors were held in December 2017 in Europe. In all, since 2009, around 65 employees with complementary roles in the Group (chief financial officer, Auditor, accountant, quality assurance director, Chief Executive Officer, investor relations manager, and human resources manager, etc.) have received training. The 2018 audit plan was presented to the audit committee on Friday, 23 rd March 2018. It contains the audit schedule, structured around 30 or so audits, including general and thematic audits (each Group entity is audited at least once every two years), and audits of newly acquired entities, as well as production and leasing units. As in previous years, the Group will pursue the recruitment and training, notably targeting finance department personnel who will join the internal audit team to conduct more cross-audits during the financial year. Neopost opted for an audit system consisting of audits in subsidiaries that are carried out by employees from another subsidiary or from head office, with the aim of sharing best practices. Three types of audits were conducted in 2017:

The code of ethic covers the following topics:

respect for fundamental human rights; • commitment to employees (health, work safety, diversity, • open dialog, employability, etc.); business integrity: antitrust regulation, confict of insterest, • bribery, insider trading, relation with third party; Group assets and third party assets : asset protection, • confidential data and data protection, intellectual property; • A person in charge has been appointed for each topic : employee (HR Group), fraud and conflict of interest (director of internal control), Bribery and competition (Group legal counsel), responsible citizenship (Group director of quality). A whistle-blowing procedure has been set up at each level. Operational management of each entity is in charge of communicating and applying of code of ethics. Application of the Sapin 2 law French Sapin 2 law which went into force on June 1 st 2017 requires large companies to implement an anti-corruption compliance program within all their subsidiaries. The anti-corruption compliance program involves the adaptation of the Code of ethic in order to define and illustrate prohibited acts and behaviors likely to characterize acts of corruption or of influence peddling. Such Code of ethic have been incorporated into internal applicable rules and regulations of each Group company. To comply with the legal requirements, Neopost group ensure that: the Code of ethic is made available to and understood by all • employees; sanctions are imposed for breaching the code of conduct • and notably for influence peddling. Internal audit The Group’s internal audit missions respect the following principal working standards: responsible citizenship.

a scoping letter; • an opening meeting with the local management; •

62

REGISTRATION DOCUMENT 2017 / NEOPOST