RISK FACTORS AND INTERNAL CONTROL Management of the entities. The goal of these action Following each audit and based on recommendations plans is to bring each entity up to the level of control by the auditors, action plans are prepared by of its processes recommended by the Rexel Group the relevant entities to address the weaknesses and, by doing so, to control risks. identified in the audit report. The Internal Audit Department has established a fol low-up process These self-assessments also make it possible to on the action plans to ensure that the detected identify more general areas of improvements, which weaknesses are corrected. are included in the internal control improvement action plans for the headquarters functional These assignments also allow a control of the results departments. These plans define and disseminate of the self-assessments conducted by the entities. good practices and provide assistance to local About half of the controls on self-assessments were management teams. reviewed during a standard audit on all accounting, financial and operational processes. Certain entities are less mature in their internal 2 control system, such as entities which recently joined Moreover, each quarter, the Director of Internal Audit the Rexel Group post-acquisition. The purpose of presents to the Rexel Audit and Risk Committee an continual ly improving internal control is to bring overview of team activity, the main findings of the these entities to the required level. audits and a progress update on the related action plans. Given its nature, the self-assessment approach cannot guarantee that the internal control system is applied 2.3.5.3 The External Audit role in an effective manner. The Rexel Group therefore expands this approach by carrying out internal audits External auditors help monitor the internal control and testing certain key controls included in the entities’ system. In addition to the diligence conducted in self-assessment. External auditors also review internal certifying the financial statements, they verify each control systems within the Rexel Group on a regular year the reliability of the results of the self-assessment basis and inform the Rexel Group’s management and campaign with respect to a portion of the framework, administration bodies of their findings. which varies from year to year. Although the scope of this review is limited, this verification applies to all Rexel Group entities, and the Internal Audit teams 2.3.5.2 The Internal Audit role follow up with more comprehensive verifications on a Executive Management has entrusted the Internal limited number of entities. This allows the Rexel Group Audit Department the task of ensuring the to improve the reliability of the self-assessments and entities’ compliance with the Group’s rules. More harmonize practices. generally, the Internal Audit Department evaluates the operational, financial or personal safety risks 2.3.5.4 Headquarters functional departments covered by these audits. The functional departments have a role in the internal The role, the scope and the responsibilities of Internal control and risk management system and in the risk Audit have been defined in an Internal Audit Charter, management procedures. In identifying need for whose update was officially approved by the Audit group-wide action, they base their decisions on the Committee in February 2011. responses to the self-assessment questionnaires and the audit reports prepared by Internal Audit teams. At the end of 2017, Internal Audit included 23 people, Each functional department supports subsidiaries including 7 in the headquarters and 16 in the main in the setting-up of action plans to reduce identified subsidiaries of the Rexel Group (located in Australia, risks in their areas of expertise. Austria, Canada, France, the United States and the United Kingdom), each of the major Regions having at least one auditor. 2.3.6 Internal control procedures relating to the preparation and treatment of accounting Based on an audit plan approved by the Audit and and financial information Risk Committee in early 2017, the internal audit teams performed in 2017 around 30 audits of accounting, 2.3.6.1 Planning, steering and reporting financial and operating procedures. About 400 activities audits on the network of branches were also carried The planning, steering and reporting processes out or supervised by this team. are organized by entities, which may be countries, REXEL 2017 – REGISTRATION DOCUMENT 51