2021 UNIVERSAL REGISTRATION DOCUMENT

3. Risk factors and control environment

Global IT Department

The strategic choices in terms of systems are determined by the Group’s Global IT Department, whose main mission is to implement ERP management software which is used by the vast majority of the Group’s commercial subsidiaries, factories and logistics services. It also supports the digital transformation of the Group by developing the use of Cloud services (SaaS, Iaas, PaaS) and connected objects.

Within the Department, the Information Systems Security Department is responsible for the Information Systems Security Policy. Based on the international ISO 27001 standard, this policy covers the main topics of Information Systems security, including the protection of personal data, and describes the general principles to be applied for each of them. It enables all the Group’s Information Systems teams, and by extension, all employees, to share clear objectives, best practices and levels of control adapted to the risks incurred, notably, the risk of cyber attack. This policy is accompanied by an information systems security audit programme conducted by an outside firm. It is also supplemented by an Information and Communication Technologies Code of Practice, and a Code of Good Practice for the use of Social Media.

The Operations Department

This division comprises the Innovation, Product Packaging and Development, Quality, EHS (Environment, Health, Safety), Production management and operational excellence, Purchasing, Supply Chain, Information Systems (production) and industrial strategy departments. It defines the overall Operations strategy worldwide and defines the standards and methods applicable in the areas of quality, safety and the environment for deployment in all the countries in which the Group operates. It manages the Group’s comprehensive strategy to enable the teams in the Operational Divisions and regions to implement innovation, manufacturing and logistics policies suited to the markets.

In line with the Group’s Code of Ethics, since 2011, buyers have access to a practical and ethical “The Way We Buy” guide which aims at helping all employees in their relationships with the Group’s suppliers. Buyers also have the Group’s The Way We Compete and The Way We Prevent Corruption guides for which e-learning is provided.

The standard for managing suppliers and tender procedures specify the conditions for competitive tendering and for the registration of the main suppliers. The general terms of purchase form the framework for transactions with the suppliers. The “Purchase Commitments and Order Management” standard is aimed at facilitating and strengthening control of the spending and investments of Group entities.

In the area of the supply chain, the main assignments consist of defining and applying the sales planning, customer demand management, development and control of customer service processes, including through the management of physical order fulfilment, application of the general terms of sale, follow-up of orders, management of customer returns and customer disputes as well as accounts receivable collection procedures. Measures are also recommended for the management of distribution centres and inventories, subcontracting, product traceability, business continuity plans and transportation.