The Group is organised into Divisions and Regions (see section 1.1.4). Alongside the management of each country, business or manufacturing entity, the Divisions and Regions are fully responsible for achieving the Internal Control objectives defined by General Management.
A system of delegating authorities is in place and continues to be reinforced. The powers of the legal representatives of Group companies and the people they delegate to are limited and controlled in accordance with the provisions of the Legal Charter. Specialists in management, information systems, human resources, digital, retail, purchasing, logistics, production and legal affairs provide support to operations at all levels and help to ensure the Internal Control objectives are achieved.
Each member of the Executive Committee is entrusted with worldwide responsibility for the Internal Control of the activities that fall within their remit. The Functional Departments define, in their own areas, the strategies, policies and procedures which they communicate to the countries and entities. They bring their expertise to the operational staff and review the proper functioning of their respective areas of responsibility. They draw on their network of specialists and on regular assessments.
Indicators and reporting procedures simplify regular monitoring of the local activities of these Functional Departments.
The department assists and monitors operational employees in their administrative, financial, legal and compliance activities, as well as in terms of information processing. It sets the operating rules for all entities, defines and rolls out tools, procedures and best practices, particularly in terms of management, accounting and consolidation, M&A, investments (BOLD corporate venture fund) and holdings, financing and cash, taxation, legal and compliance matters and data governance (including personal data), financial communication, strategic planning and insurance.
An Internal Control Committee is tasked with taking all measures to promote proper understanding and proper application of the Group's Internal Control rules, as well as monitoring progress on important Internal Control projects. The Committee comprises the Chief Financial Officer, the Chief Ethics, Risk and Internal Control Officer, and Heads of Internal Control, Operational Finance, Internal Audit and Information Systems (Global IT).
In particular, this department coordinates the procedures for identifying, assessing and prioritising risks with all those concerned. It keeps the Group's risk mapping up to date. Its aim is to promote optimal use of resources in order to minimise and control the impact of negative events and maximise opportunities. The Chief Ethics, Risk and Internal Control Officer reports directly to the Chief Executive Officer.
This department, which is separate from the Internal Audit Department, is under the responsibility of the Ethics, Risk and Internal Control Department. In collaboration with the experts in each business line, it defines and updates the Internal Control framework relating to their area of activity. This framework is summarised in the Fundamentals of Internal Control Guidelines and detailed in standards and procedures that are listed in the Group's digital framework.
The Internal Control Department also manages and develops a network of around 180 regional and local Internal Control managers covering all Group entities. Their role is to apply the internal control framework and support employees in this respect. Frequent participation in seminars, training cycles or webinars with the various functions, and the publication of notes of engagement help to strengthen knowledge of the Internal Control framework within the Group.
As part of a continuous improvement approach, the Internal Control Department develops, disseminates and coordinates self-assessment campaigns focusing on the main risks and issues identified. These campaigns are gradually being rolled out in each of the functions. Self-assessment of Internal Control makes it possible for the Group's entities to ensure that the system is functioning properly and reinforce it with operational action plans.
The Internal Control Committee is driven by the Internal Control Department, which validates directions and priorities with regard to improving the Internal Control framework, developing the network of Internal Control managers and the tools used to perform Internal Control tasks. This department monitors variations related to Internal Control relating to expectations and market practices.
The Internal Audit Department audits major processes and checks that Group principles and standards are properly applied. Its work is carried out by a central team that reports directly to the Chief Executive Officer.
Internal Audit assignments are submitted to General Management and the Audit Committee. With the approval of those bodies, they result in an annual audit plan that takes account of the Group's risk mapping, the entities'contributions to the Group's key economic indicators, and the historical precedence and results of previous audits.
The risk-level assessment carried out by the Region Departments and experts in the different functions is also a determining factor in the elaboration of the annual audit plan.
In 2025, the Internal Audit Department carried out 53 assignments. Out of this total, 25 involved auditing entities (commercial entities, factories, international marketing and research & innovation departments) and 28 were audits on specific topics conducted at Group, Region or Country level, targeting key risks as a priority: six assignments focused on cybersecurity, five on shared service centres and five on the transformation of the Group, particularly as regards data governance and artificial intelligence.
Each audit assignment results in a report that sets out the findings and corresponding risks and proposes an action plan and recommendations for the audited entity. The Internal Audit Department monitors and measures these action plans, then reports on the rate of progress to the departments in question.
