PERNOD-RICARD - URD 2020-21

____ 4. RISK MANAGEMENT INTERNAL CONTROL AND RISK MANAGEMENT

4.1

Internal control and risk management

This section covering risk management and internal control follows corporate governance guidelines, in compliance with the French Financial Markets Authority (AMF) reference framework for risk management and internal control.

Definition of internal control 4.1.1 The Group’s internal control policies and procedures are designed to ensure: that management, transactions and personal conduct comply with guidelines relating to Group business conduct, as set out by the Group’s governing bodies and General Management, applicable laws and regulations, and in accordance with Group's values, standards and internal rules; that the accounting, financial and management information provided to the Group’s governing bodies accurately reflects the performance and the financial situation of the companies within the Group; and the proper protection of the Group's assets. One of the objectives of the internal control systems is to prevent and control all risks arising from the Group’s business activities, in particular, accounting and financial risks, including error or fraud, as well as operational, strategic and compliance risks. As with all control systems, they cannot however provide an absolute guarantee that such risks have been fully eliminated. system The principal bodies responsible for internal control are as follows: At Group level The Executive Board is the permanent coordination body for the management of the Group; The Executive Committee ensures that the Group’s operations are carried out properly and that its main policies are applied; The Internal Audit Department works under the Group Chief Executive Officer and reports to the Executive Board and the Audit Committee. The internal audit team based at Headquarters is in charge of implementing the audit plan, with the support of the audit teams in the Regions. The audit plan is drawn up once the Group’s main risks have been identified and analysed. It is validated by the Executive Board and by the Audit Committee and presents various cross-disciplinary issues that will be reviewed during the financial year, the list of affiliates that will be audited, and the main topics to be covered during the audits. The conclusions are then submitted to the Audit Committee, Executive Board and Statutory Auditors for examination and analysis; and External Auditors: the Board of Directors selects the Statutory Auditors to be proposed at the Shareholders’ Meeting on the basis of recommendations from the Audit Committee. The Group has selected Statutory Auditors who are able to provide comprehensive worldwide coverage of Group risks. Description of the internal control environment Components of the internal control 4.1.2 4.1.2.1

At affiliate level The Management Committee is appointed by Headquarters or the relevant Region and is composed of the affiliate’s Chairman & CEO and of the Directors of its main functions. The Management Committee is responsible for managing the main risks that could affect the affiliate; and The affiliate’s Chief Financial Officer is tasked by the Managing Director of the affiliate with establishing appropriate internal control systems for the prevention and control of risks arising from the affiliate’s operations, in particular, accounting and finance risks, including error or fraud. Identification and management of risks 4.1.2.2 During FY21, the Group focused on: updating the Group’s risk mapping, a process that involved various Group affiliates and functions; strengthening internal control within the Group, using various approaches, including the continued development of data analytics to strengthen auditing methods; implementing the self-assessment questionnaire on internal control and risk management. This questionnaire, which was updated during the financial year, complies with the French Financial Market Authority (AMF) reference framework for risk management and internal control, as does its application guide, itself updated in July 2010; and performing audits: 25 internal audits were conducted in FY21. The purpose of these audits was to ensure that the Group’s internal control principles were properly applied in its affiliates. They also allowed to review the processes in place, best practices and potential areas for improvement on various cross-cutting themes. The specificity of this exercise was the setting up of remote audits for most of the assignments carried out. All of the key areas for improvement identified were addressed in specific action plans drawn up at every affiliate and at Group level, which were validated by the Executive Board and the Audit Committee. Their implementation is regularly monitored and assessed by the Group’s Internal Audit Department. The work performed resulted in an improvement of the quality of internal control and risk management to improve within the Group.

150

PERNOD RICARD UNIVERSAL REGISTRATION DOCUMENT 2020-2021