SCH2017_DRF_EN_Livre.indb

1 Overview of the Group’s strategy, markets and businesses Internal control and risk management

8.5 Control procedures In addition to the general missions already described, this section describes specific measures taken in 2017 to improve the Group’s control system. Operating units For internal control to be effective, everyone involved must understand and continuously implement the Group’s general guidelines and the Key Internal Controls. Training in Key Internal Controls continued in 2017 for those involved for the first time in the annual self-assessment process: newly promoted managers and units recently integrated. Operational units, undertook self-assessment of compliance with the Key Internal Controls governing their scope of operations. The self-assessments conducted during the 2017 campaign covered more than 90% of consolidated sales and made it possible to define improvement plans in the operating units, when necessary. The ultimate goal is that these evaluations should cover at least 90% of consolidated sales each year. The self-assessments are conducted in the units by each process owner. Practices corresponding to the Key Internal Controls are described and the entity is either compliant or not compliant with a particular control. In 2017, based on the self-assessment, the level of compliance improved by around 2 points versus 2016. If a particular unit is not compliant in any of the controls, an action plan is defined and implemented to achieve compliance. These action plans are listed in the self-assessment report. The unit’s financial manager conducts a critical review of the self- assessments by process, and certifies the quality of the overall results. The self-evaluation is then also certified by the person in charge of the unit. The regional internal controllers carried out controls on site to assess the reliability of self-assessments and conducts diagnostic missions as requested by management. Global Functions In 2017, the Global Functions continued to set guidelines, issue instructions and provide support. For example: E the ethical risk matrix created in 2015 and updated in 2016 was requested for all entities. Results were analyzed in order to support the implementation of action plans via the network of Principles of Responsibility Advisor , depending on the level of exposure which is calculated based on both internal and external risk factors. External risks are based on internationally recognized indexes on corruption, human rights abuses and environmental pollution by countries. Internal risks are based on the level of communication and implementation of the ethics & compliance program, and company policies;

E the Security Department issued a new Global Security Directive on “International Assignee Security in Risky Destinations”. This newDirective is to define the impact of theDuty of Care regarding this category of employees (commonly named “expatriates”) and to define roles and responsibilities of all stakeholders involved. Risk management approach, guidance and recommendations for host countries and all key stakeholders are also provided; E two Security Handbooks were also created: 1 for the use of the Country President and 1 for the use of the Site/Facility Manager. These Handbooks are to give the concerned manager a comprehensive single document gathering all the Company’s relevant governance regarding Security; E the Global Security Department created new security positions at zone level: North America, Central & South America, East Asia & Pacific, South-East Europe. These new positions are to provide more support to the local Security Managers or Correspondents and to the local Management in assessing risks and in defining relevant security setups, means & procedures; E the Global Anti-Corruption Policy was updated and the Anti- Corruption Code of Conduct was issued; E training on ethical topics continued for all employees, with a specific focus on the most exposed functions and entities – especially newly acquired companies. For more information, see the “Ethics & Responsibility” chapter 2, page 87; E the Group chose and started to deploy Credit Management and Trade Finance tools worldwide, to improve the follow up of risks and commitments. A new organization was set up with a Credit Manager and Treasury & Trade Expert in each zone to enhance competency and control. A dashboard on Financing and Treasury subjects is now issued on a quarterly basis. Internal Control Department The Internal Control Department continued to deploy the Key Internal Controls – training and requests for self-assessments – throughout the units, with the scope extended to cover new units. In 2017, certain Key Internal Controls that were identified since 2015 as critical remained a focus and actions were taken to increase the level of awareness and compliance. The list of Key Internal Controls continues to evolve. The software package for the management of self-assessment questionnaires and follow-up action plans of internal audit and internal control introduced in 2011 continues to be improved. The local Internal Control team consists of around 11 members located in various geographies dedicated their efforts to improve internal controls in the local entities.

2017 REGISTRATION DOCUMENT SCHNEIDER ELECTRIC

61