This chapter is based on the work carried out by the Group’s Internal Control and Risk Management departments. It presents the internal control environment of L’Oréal, including the system relating to the preparation and processing of accounting and financial information. It describes the risk factors pursuant to Regulation (EU) 2017/1129 of 14 June 2017 (“Prospectus Directive III”), as well as the associated risk management policy. These risks are presented in four categories: (i) business risks, (ii) industrial and environmental risks, (iii) legal and regulatory risks, (iv) financial and market risks. The main non-financial risks within the meaning of the Non‑Financial Performance Statement(1) are described in chapter 4. The Vigilance Plan(2) is also included in this chapter.
For the purposes of preparing this Document and defining Internal Control, L’Oréal has used the Reference Framework and its application guide published by the French Financial Markets Authority (AMF) in January 2007, and updated on 22 July 2010.
At L’Oréal, Internal Control is a system that applies to the Company and its consolidated subsidiaries (the “Group”), which aims at ensuring that:
By contributing to preventing and managing risks, the Internal Control system promotes the steady and sustainable manufacturing and economic development of the Group within a control environment that is appropriate for the Group’s businesses. However, any system or process has its imitations. These result from a number of factors, in particular the uncertainties of the outside world or malfunctions due to technical or human failures.
The handling of risk should be based in particular on a reasonable informed choice between the challenges to be controlled, the opportunities to be seized, the cost of the risk management measures, and the effects of these measures on the occurrence and impact of the risk.
In 2022, the Group continued its efforts to improve the system of Internal Control by, in particular:
The deployment of online training (prevention of corruption, data security, competition, cyber security, personal data protection) is ongoing.
The network of Internal Control managers continued to be built up worldwide through: