Saint Gobain - Registration document 2016

First page Table of contents Previous page 183 Next page Last page

7 RISKS AND CONTROL 2. Internal control

a technical standard to Secure the Hosting of Internet ‹ Applications (SHIA); a technical standard for SaaS systems which defines ‹ responsibilities and security measures for implementation; Rules 4 SG, the new version of the 55 Datacenter Rules); the central and regional datacenters (Datacenter Security a set of security rules to annually monitor the security of ‹ by Saint-Gobain partners for publication on the internet. a technical standard for the security of applications hosted ‹ Moreover, the ITAC reference guide was published in 2012 as describes the automated and semi-automated controls used an addition to the Internal Control Reference Framework. It Management and Accounting. It covers the Group’s main ERP for five key processes: Purchasing, Sales, Inventory, Cash software and includes: points; a reference guide for SAP: ITAC4SAP with 143 control ‹ a reference guide for MOVEX M3: ITAC4M3 with ‹ 96 control points; 85 control points. a reference guide for EXACT: ITAC4EXACT with ‹ with the update to the Internal Control Reference Framework The ITAC4SAP reference guide was updated for consistency of tasks). (143 control points, including the controls for the separation information systems as follows: The controls are being gradually integrated into the Group’s systems covering 121 Group companies), including specific ITAC100 ITAC4SAP for SAP systems (deployed in 22 SAP ‹ updates for the Building Distribution Sector; M3 systems covering 17 Group companies); ITAC96 ITAC4M3 for MOVEX M3 systems (deployed in 4 ‹ EXACT system covering 2 Group companies); ITAC85 ITAC4EXACT for EXACT systems (deployed in 1 ‹ covering 1 Group company. ITAC principles deployed in 1 MS Dynamics system ‹

At the site level, those in charge of Prevention Management risk rating software package. This tool assesses risks as well perform an annual self-assessment of risks at their sites via a as the corresponding levels of protection and prevention. This Research and Development Centers and logistical sites. A self-assessment is updated annually by the industrial sites, the Furthermore, regular inspections of the Group’s most are auditors external to the Group (approximately 450 important sites are carried out by prevention engineers, who a view to improving their level of prevention and protection inspections per year). The sites update their action plans with based on recommendations prepared by these prevention engineers. special assessment is carried out for the points of sale. Principles of Conduct and Action. developed through its values, which are formally stated in the The culture of compliance that drives the Group has main themes: compliance with rules relating to competition The compliance program currently focuses on the following sanctions and embargos. law, preventing corruption, and compliance with economic The tools used in implementing the program include: key messages are posted and tools made available; a dedicated intranet, entitled Conform’Action, on which ‹ sanctions and embargos); Sanctions and Embargos (rules relating to economic ACT (preventing corruption) and Saint-Gobain Economic online training modules such as Comply (competition law), ‹ in-person training; ‹ distribution of technical guides: ‹ the Thread of Competition, ‹ 20 best practices in competition law for purchasers; ‹ such as: the dissemination and implementation of internal policies ‹ anti-corruption policy, ‹ gifts and invitations policy, ‹ conflicts of interest policy, ‹ economic sanctions and embargos policy, ‹ sales agents policy, ‹ policy on membership of professional associations, ‹ managers. frequent dissemination of messages from General ‹ Tools of the Group’s culture of 2.4.6 compliance

prevention manual Industrial and distribution risk

2.4.5

7

The Group’s policy for prevention of property damage and collection of standards and best practices, is defined by the the resulting operating losses, compiled as part of an internal policy implementation through the Sectors and Activities with Risk and Insurance Department (DRA). The DRA coordinates and Activities, Prevention Coordinators manage the the support of the General Delegations. Within the Sectors application of Group policy within the scope of their activities.

183

SAINT-GOBAIN - REGISTRATION DOCUMENT 2016

Made with