technicolor - 2019 Universal registration document

RISKS, LITIGATION, AND CONTROLS INTERNAL CONTROL

Internal Audit 3.2.3 GRI [102-33] [102-34]

In 2014, the Group established the Technicolor Innovation Council. Composed of Excom members, its mission is to review and approve innovation strategies, plans, and initiatives. Such innovation decisions include, without limitation, opex/capex expenditures/financial investments (including equity investments), mergers & acquisitions, restructurings, partnerships related to innovation and strategy execution. The Committee is a governance body and as such is required to ensure that innovation decisions comply with corporate documentation (bylaws, Internal Board Rules), internal control procedures, regulatory obligations, and generally, Group corporate policies. It also ensures that innovation decisions will not have an adverse effect on the Group’s contractual commitments and are consistent with the Group’s strategy, budget and Business Plan. The Group started evaluating its risks on a worldwide basis in 2005, with the Enterprise Risk Assessment (ERA) program. The risk management process evolved in 2010 to follow the strategic evolution of the Group. It is now under the Executive Committee responsibility using large support of the Management Committee and is called Technicolor Risk Management (TRM). The purpose of this annual four-step-process, supported by the Internal Audit Department, is to identify, assess, manage and monitor risks that may impact the Group’s ability to achieve its near and long-term objectives. The risk identification and analysis process consist of a top-down structured approach, summarized as follow: risk identification through a questionnaire completed by each member • of the Executive Committee and the Management Committee and an individual interview led by the Internal Audit Department; synthesis of main risk areas; • ranking of risks according to criteria in terms of potential impact and • vulnerability, performed by Executive Committee and Management Committee members. Every year, the Risk Mapping is reviewed and reassessed with any potential new risk. Consecutive to the risk ranking step, the CEO appoints risk owner(s) for each of the top 10 risks, among members of the Executive Committee or a direct report. These risk owners assess further the risk assigned to them, monitor and mitigate them. Status reports on each top risk are presented to the Audit Committee. RISK MANAGEMENT GRI [102-15] [102-30] [102-33] [102-34]

As defined in the “Internal Audit Charter”, Internal Audit performs independent and objective assurance, and consulting audits that are dedicated to adding value and improving Technicolor’s performance. It conducts risk assessments at all levels within the Group, identifies and proposes improvements in financial and operational processes, and helps the organization define action plans to mitigate risks and reinforce the control environment and governance principles. The Internal Audit Department reports its results to the Group’s management. The Audit Committee reviews and approves the annual Internal Audit Plan based on the pluri-annual Internal Audit plan and is informed of the main audit results. The Internal Audit Department also provides support in the Technicolor Risk Management process. Since 2013, Internal Audit and Internal Control Central Departments have been regrouped under the responsibility of the Chief Audit Executive to increase coordination and integration. It allows Internal Audit recommendations to be better embedded in the Internal Control framework, and deficiencies reported during the 8TIC’S campaign to be closely followed up by Internal Audit. Twice a year, the Internal Audit Department presents the audit schedule to the External Auditors, provides updates and shares conclusion of the reports resulting from audit reviews. In Addition, the Internal Audit Department coordinates control processes/sites reviews with the External Auditors to ensure coverage of various areas. The Internal Audit Department consists of approximately 9 auditors who have past experience in a large range of domains like finance, accounting, operations, engineering, and IT/Security. The team is located in several key sites for the Group: Paris (France), Lawrenceville, Georgia (U.S.), Montreal (Canada), Guadalajara (Mexico), Warsaw (Poland) and Bangalore (India). The Chief Audit Officer is located in New York (U.S.). She operationally reports to the Chief Financial Officer, and functionally to the Audit Committee. The Internal Audit Department conducts audits in various domains, covering operational and financial processes, financial audits, review of contracts or projects, compliance, fraud prevention, security audits, and follow-up audits at transversal and local levels. In 2019, 12 audit engagements were performed (both assurance and assistance types) compared to 15 audits in 2018. These audits were carried out in accordance with the methodology and procedures set by the Internal Audit Department, including in particular: performance of tests (walkthroughs and detailed testing) and • interviews with the control owners of the cycles reviewed on a risk-based approach; the issuance of a report after the audit, which lists recommendations • for improvements to be considered by the site/department, in accordance with a precise action plan and deadlines. The Internal Audit Department report is an excellent communication tool and plays an important role in the continuous improvement of controls within the Group.

3

65

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2019