Groupe Renault - 2020 Universal Registration Document

96 GROUPE RENAULT I UNIVERSAL REGISTRATION DOCUMENT 2020 Find out more at group.renault.com 01 INTERNAL CONTROL AND RISK MANAGEMENT GROUPE RENAULT Structuring around three lines of control In accordance with the general principles of internal control defined by the AMF, and in compliance with the principle of separation of offices, Groupe Renault’s internal control and risk management system is structured around the concept of the three lines of defense described below: Executive Committee / Operational Review Committee Risks and Internal Control Committee (CRCI) Ethics and Compliance Committee (CEC) 1 st line 2 nd line 3 rd line Operational Management • Functions • Regions • Programs Corporate Functions • Risk Management • Internal Control • Ethics/Compliance • Control • Accounting • Quality • HR • Legal • Environment, etc Internal Audit Audit, Risks and Compliance Committee (CARC) operational management, the first line of control, applies and P deploys in its area of responsibility the principles and techniques of internal control and risk management defined at Group level. Employees are therefore required to comply with the internal control system defined for their field of activity, the Group’s code of ethics, the guide for preventing corruption and influence peddling, as well as their own dedicated Codes of Ethics; corporate functions, an essential link in the second line of control, P provide ongoing support to assess the proper application and effectiveness of risk management. This monitoring is performed by: the Internal Control department, which circulates P self-assessment questionnaires and carries out compliance tests. It also ensures that action plans are identified and implemented to correct the shortcomings identified, the Risk Management department, which is responsible for P updating the mapping of the Group’s major risks and monitoring action plans designed to reduce the impact or probability of the main risks identified, and for providing support for the risk mapping of programs, operating entities and corporate functions, the Group Performance Control department, with its P representatives in the entities, which coordinates and steers the process in the field. It ensures that all personnel comply with management rules and assists operational staff in the coordination of their action plans and monitoring, the other departments of the so-called “corporate” functions, P which are responsible at the global level for establishing policies, standards and methods; internal audit, the third line of control, assesses the functioning of P internal control and risk management systems and makes recommendations for their improvement. Internal Audit department The Internal Audit department conducts an independent and objective assessment of the corporate governance, risk management and control processes as defined within the Group. The mission, role, responsibilities and scope of internal audit are laid down in an audit charter whose updated version was approved by the Audit, Risks and Compliance Committee (CARC) in May 2019. Through its recommendations, Internal Audit contributes to the improvement of operational security and the optimization of the overall performance of the company. At the end of each assignment, Internal Audit distributes a final report and summary note, which are systematically distributed to the areas audited, the functions/ entities/projects in question, the Chief Executive Officer and the Chairman of the Group. The summary note includes an opinion issued by Internal Audit that aims to give an overall assessment on the level of control of the audited activities: satisfactory (green), some improvements needed (yellow), substantial improvements needed (orange), insufficient (red). The Internal Audit department covers all entities and activities of Groupe Renault’s automotive branch, excluding AVTOVAZ, which has its own internal audit structure. The financial branch (RCI Banque) also has its own internal audit structure. The Internal Audit department can also audit functions that have converged with Nissan. For entities in partnership with Groupe Renault, Internal Audit may intervene if the partner so agrees. For activities entrusted to third parties, intervention by Internal Audit is possible if the contract’s audit clause so provides. Audit plans are made on an annual basis and cover a 2-year period. They are verified by Senior Management and approved by the Audit, Risks and Compliance Committee. The audit plans are revised as often as necessary to take into account additional requests. Internal Audit missions make it possible to: assess the compliance of processes and their application with the P rules, standards, laws and regulations in force; assess the effectiveness of processes and the performance of P transactions; verify the quality of the controls performed by the operational P department and the support and control functions; suggest areas for improvement or progress in the form of P recommendations; fight against fraud and corruption; P verify the effective implementation of the recommendations. P Following the recommendations made in each audit report, an action plan defined by the audited entities is approved by the audit function. Recommendations have three levels of criticality (high, medium, low, identified respectively as A, B and C). The Internal Audit department ensures that the recommendations are implemented. Every six months, it prepares a progress report on A and B recommendations for the Group Executive Committee and the Audit, Risks and Compliance Committee.