RISK FACTORS AND INTERNAL CONTROL For an operational entity, this manual contains also opportunities to mobilize the headquarters’ approximately 680 controls, including approximately and subsidiaries’ main managers with respect to the 130 critical ones, divided into the following processes: importance of conforming the Rexel’s activities to the Strategic processes: governance, communication, Group standards. • business development and sustainable development; Communications with the subsidiaries include regular Operating processes: sales, purchasing and supply exchanges throughout the year, notably during the • chain; and annual self-assessment (see paragraph 2.3.5 “Steering Support processes: information systems, human and monitoring of the internal control system” of • this Registration document) and the fol low-up of resources, financial and accounting information, action plans. Since 2012, a formal meeting (zone treasury, tax, legal, compliance, real estate and audit committee) is scheduled at least once a year insurance. with the General Manager of each region, its Chief This Manual includes additional procedures set Financial Officer, and the Chief Executive Officer up by the functional departments to be deployed and the Group Finance Department to monitor the within the Rexel Group’s entities. various internal control matters. For management reporting and preparing financial Moreover, the Rexel Group has developed a statements, the Financial and Administrative knowledge-sharing platform on its Intranet for Department of the Rexel Group has defined a set internal control, focusing on the policy manual and of procedures, tools and guidel ines that give it accompanying procedures. In addition, various the means to ensure the quality and consistency communities specific to each functional department of the information transmitted. These guidelines ensure that they diffuse their own instructions, are discussed in paragraph 2.3.6 “Internal control procedures and best practices. procedures relating to the preparation and treatment of accounting and financial information” 2.3.5 Steering and monitoring of the internal of this Registration document. control system The internal control system is based on the self- 2.3.4 Internal communication of relevant assessment of controls by the entities, a review and reliable information performed by internal or external auditors, and the Group’s functional departments that assist entities Steering the internal control system requires in enforcing these controls. Rexel’s Audit and Risk assembling appropriate expertise (to manage risk Committee steers and monitors the internal control by creating adequate controls). It also requires system. targeted communication to share more widely the Group’s objectives. This targeted communication 2.3.5.1 Internal control self-assessment helps the Rexel Group’s Executive Management share with local management teams not only the risk The Rexel Group is engaged in a process to management measures and objectives, but also the permanently improve its internal control system. To necessary information to align their decisions and do so, the Head of Internal Control coordinates on an activities with the defined objectives. annual basis a self-assessment exercise, measuring compl iance with the pol icy Manual, through a In this context, Rexel Group’s management bodies questionnaire sent to the management of the entities. are kept informed on a regular basis during the The results of this self-assessment are shared with meetings of the Audit and Risk Committee and of the Executive Committee, the management of the the Risk Committee. An overview of the internal entities, the functional departments at headquarters control and audit activities performed during the and the Audit and Risk Committee which shares preceding quarter is presented at each quarterly them with the Board of Directors. Audit and Risk Committee meeting. Besides, a specific meeting of the Audit and Risk Committee The last self-assessment was carried out in 2017 and dedicated to the review of risks occurs once a year. covered all processes of the Rexel Group framework The Audit and Risk Committee then expresses its (see paragraph 2.3.3 “Control activities” of this recommendations or propositions to the Board of Registration document). Directors. The Executive Committee meetings and Action plans related to these self-assessments are frequently-scheduled departmental meetings are defined and enforced under the responsibility of the REXEL 2017 – REGISTRATION DOCUMENT 50