Saint-Gobain // Universal Registration Document 2021

6

Risks and control Internal control

Monitoring of fraud and internal 2.4.4 control incidents Fraud and other major internal control incidents are closely monitored by the Audit and Risk Committee. Facts to be reported to the Group 2.4.4.1 Accounting anomalies and alterations which damage ■ the integrity of the financial information, irrespective of whether they are favorable or unfavorable to the entity or the Group. Misappropriation or jeopardizing of assets, whether ■ tangible or intangible. Events likely to be construed as acts of passive or ■ active corruption, or influence peddling. Violations of laws and regulations. ■ Other violations of the Principles of Conduct and ■ Action. The Group’s Fraud Officer ensures monitoring by applying a single, centralized procedure which all of the Group’s subsidiaries must follow. The facts are reported using a standard form available on the Security Intranet under the fraud section, which describes the facts and the measures taken. The declaration is updated by the entity as necessary. These declarations are then communicated by the Fraud Officer to the relevant management bodies. Group whistle-blowing system The Group’s internal whistle-blowing system makes it possible to collect reports from any employee concerning conduct or situations which are contrary to the Group’s Principles of Conduct and Action and the Group’s Anti-Corruption policy, offenses or crimes or serious and obvious violations of laws or regulations (for details, see the Saint-Gobain Group Alert System policy). The internal whistle-blowing system is accessible at the following address: https://www.bkms-system.com/Saint-Gobain/fr When the eligibility conditions for the report are met, the reported facts are investigated in a professional and independent manner and the investigations coordinated by duly trained alert referents. Whistle-blower protection system The whistle-blower is protected under the terms of the Whistle-blowing policy. Alert procedure 2.4.4.2 Fraud alert procedure

The auditors use IT tools provided to them to analyze the data systematically (data analytics) and share the results operationally with the entities: a performance-oriented tool for process analysis that ■ can be used to analyze and represent an entity’s organizational structure and its processes, to identify bottlenecks and irregularities in process flows; a compliance-oriented data analysis tool that is useful ■ in targeted searches for inconsistencies with the internal control rules in place. These two highly complementary tools thoroughly analyze the populations concerned (transactions, master files, access rights, etc.), so that anomalies can be detected and the most reliable conclusions reached. At the end of the work, the internal auditors design a priority action plan in conjunction with the entity which should improve the coverage of the risks identified; they also produce a report setting out their main observations and recommendations. The report is then sent to the Group’s General Management and the operational department to which the entity reports. 2021 was also marked by the Covid-19 health crisis, which disrupted the normal course of business. However, the audits were maintained in the majority of cases thanks to the launch of a special remote audit work program that adapted the audit system and conducted missions in a new form. Action plan monitoring 2.4.3 The “INTERACT” integrated audit and internal control tool centralizes: actions taken to correct the non-compliance identified ■ during the annual compliance declaration campaign; the priority action plans defined following the audits ■ carried out; the main actions defined as part of the annual risk ■ mapping campaign. The INTERACT tool also enables entities to trigger action plans independently, as part of a dynamic management of their internal control. This means that each Group company has access to a centralized operational platform it can use to manage its action plans by reporting the corrective measures taken and the progress made compared with the predefined implementation schedule. The corporate departments can also use the system to monitor these action plans. Furthermore, a dashboard circulated at the Group’s different management levels makes it possible to monitor the results of the compliance statements, internal audit grades and the progress of the related action plans.

SAINT-GOBAIN UNIVERSAL REGISTRATION DOCUMENT 2021 246

www.saint-gobain.com