(i) Audits
Audits of Applicable Rules are used to check that the Vigilance Plan is correctly implemented by the Subsidiaries and Suppliers included in the Risk Matrix.
Audits are done by specialist external companies.
When a Subsidiary or Supplier is audited, the process is carried out in accordance with the Risk Matrix described in paragraph “Risk hierarchy of non-compliance with the Applicable Rules” in section 3.4.5.2. of this document. A written audit report is prepared.
With respect to the Subsidiaries, the reports are stored in a secure database available to Group Human Resources Directors and to the Country Operations Directors, in some cases. The reports on Suppliers are intended for Group buyers.
In order to ensure compliance with the Group’s EHS policy, a system of worldwide audits has been set up since 1996, and was reinforced in 2001 with the presence of external auditors, who are experts in the local context and regulations. These audits take place regularly on each L’Oréal site: every three years for production sites and every four years for distribution centres, administrative sites and research centres. If the result of the audit does not meet the standard required by the L’Oréal benchmarks, a specific interim audit is scheduled for the following year. Every year, the teams responsible for EHS risks review the audit results and identify general improvement plans. The improvement plans specific to the audited Sites are established immediately after the end of the audit. In addition, any emergency measure intended to prevent an imminent risk for the health of persons at the Site is implemented by the Site EHS teams without waiting for the completion of an audit even if it is not part of the improvement plan that may exist.
There are various audit grids called “risk”, “culture”, or“combined risk and culture”, used depending on the maturity and type of activity at the Sites. They assess in particular:
Each risk finding is classified in one of three categories A, B and C according to a matrix of level of impact/probability of occurrence. “A” findings are monitored monthly and consolidated annually by risk type.
The monthly reporting of safety and environmental data also enables consolidation and analysis of any anomalies and incidents leading to regulatory non-conformity, complaints and/or fines.
In the event of a non-conformity (Needs Continuous Improvement, Needs Immediate Action, Zero Tolerance), corrective action plans must be implemented which are then audited at the level of the Subsidiary or Supplier.
Failure to implement a corrective action plan can, in the case of a Subsidiary, result in an alert being sent to the Country Manager. In addition, Subsidiaries can decide to link part or all of the remuneration of their managers and/or of their performance evaluation to the implementation of the Applicable Rules.
In the case of Suppliers, serious non-conformities (Needs Immediate Action, Zero Tolerance and Access Denied) or the failure to implement corrective action can result in the non-listing of a new Supplier or the suspension or termination of commercial relations with a listed Supplier.
In the event that the existence of a serious non-conformity with the Applicable Rules is reported, a specific audit can be initiated. In particular, visit reports are issued as part of the process of routine visits made to Suppliers. They can result, if necessary, in additional audits.
Additional specific EHS audits are conducted by independent third parties for subcontractor sites for aerosol production or storage, bleaching powders, flammable products under the criteria defined by L’Oréal, which are similar to those used for the Group’s sites. These audits are triggered at the time of referencing/qualification, follow-up (audits conducted between 12 months and 36 months maximum after the immediate improvement request (NIA), depending on the severity of the non-conformities found); and again at the time of confirmation, 5 years after the initial audit.
The results of these audits are the same type as those previously described: satisfactory, NCI, NIA and ZT.
Serious non-conformities (Needs Immediate Action, Zero Tolerance and Access Denied) or the failure to implement corrective actions can result in the non-listing of a new Supplier or the suspension or termination of commercial relations with a listed Supplier.
All the main non-conformities found are monitored and consolidated annually by risk type.
In the event that the existence of a serious non-conformity with the Applicable Rules is reported, a specific audit can be initiated. In particular, visit reports are issued as part of the process of routine visits made to Suppliers. They can result, if necessary, in additional audits.