PERNOD-RICARD - URD 2021-22 EN

4. Risk management Internal control and risk management

4.1

Internal control and risk management

This subsection covering risk management and internal control follows corporate governance guidelines, in compliance with the French Financial Markets Authority (AMF) reference framework for risk management and internal control.

At affiliate level The Management Committee is appointed by Headquarters or the relevant Region and is composed of the affiliate’s Chairman and CEO and of the Directors of its main functions. The Management Committee is responsible for managing the main risks that could affect the affiliate. The affiliate’s Chief Financial Officer , assisted in most cases by an internal controller, is tasked by the Managing Director of the affiliate with establishing appropriate internal control systems for the prevention and control of risks arising from the affiliate’s operations, in particular, accounting and finance risks, including error or fraud. Identification and management of risks 4.1.2.2 During FY22, the Group focused on: a review of the Group’s risk mapping involving Senior Management and the Audit Committee. This annual review takes into account the major changes in the risk environment to which the Pernod Ricard Group is exposed; strengthening internal control within the Group, using various approaches, including the continued development of data analytics to strengthen auditing methods; implementing the self-assessment questionnaire on internal control and risk management. This questionnaire, which was updated during the financial year, complies with the French Financial Market Authority (AMF) reference framework for risk management and internal control, as does its application guide, itself updated in July 2010; and performing audits: 27 internal audits were conducted in FY22. The purpose of these audits was to ensure that the Group’s internal control principles were properly applied in its affiliates. They also allowed to review the processes in place, best practices and potential areas for improvement on various cross-cutting themes. Unlike in FY21, this year the teams were able to return to the field to carry out the majority of audit assignments. All of the key areas for improvement identified were addressed in specific action plans drawn up at every affiliate and at Group level, which were validated by the Executive Board and the Audit Committee. Their implementation is regularly monitored and assessed by the Group’s Internal Audit Department. The work performed resulted in an improvement of the quality of internal control and risk management to improve within the Group.

Definition of internal control 4.1.1 The Group’s internal control policies and procedures are designed to ensure: that management, transactions and personal conduct comply with Group business conduct, as set out by the Group’s governing bodies and Senior Management, applicable laws and regulations, and in accordance with Group’s values, standards and internal rules; that the accounting, financial and management information provided to the Group’s governing bodies accurately reflect the performance and the financial situation of the companies within the Group; and the proper protection of the Group’s assets. One of the objectives of the internal control systems is to prevent and control all risks arising from the Group’s business activities, in particular, accounting and financial risks, including error or fraud, as well as operational, strategic and compliance risks. As with all control systems, they cannot however provide an absolute guarantee that such risks have been fully eliminated. system The principal bodies responsible for internal control are as follows: At Group level The Executive Board is the permanent coordination body for the management of the Group; The Executive Committee ensures that the Group’s operations are carried out properly and that its main policies are applied; The Internal Audit Department works under the Group Chairman and CEO and reports to the Executive Board and the Audit Committee. The internal audit team based at Headquarters is in charge of implementing the audit plan, with the support of the audit teams in the Regions. The audit plan is drawn up once the Group’s main risks have been identified and analysed. It is validated by the Executive Board and the Audit Committee. It presents various cross-disciplinary issues that will be reviewed during the financial year, the list of affiliates that will be audited, and the main topics to be covered during the audits. The conclusions are then submitted to the Audit Committee, Executive Board and Statutory Auditors for examination and analysis; and External Auditors : the Board of Directors selects the Statutory Auditors to be proposed at the General Meeting on the basis of recommendations from the Audit Committee. The Group has selected Statutory Auditors who are able to provide comprehensive worldwide coverage of Group risks. Description of the internal control environment Components of the internal control 4.1.2 4.1.2.1

166

Pernod Ricard Universal Registration Document 2021-2022