2022 Universal Registration Document

3.1. Definition and objectives of Internal Control

Chapter 3 : Risk factors and risk management

3.1. Definition and objectives of Internal Control

3.1. Definition and objectives of Internal Control

This chapter is based on the work carried out by the Group’s Internal Control and Risk Management departments. It presents the internal control environment of L’Oréal, including the system relating to the preparation and processing of accounting and financial information. It describes the risk factors pursuant to Regulation (EU) 2017/1129 of 14 June 2017 (“Prospectus Directive III”), as well as the associated risk management policy. These risks are presented in four categories: (i) business risks, (ii) industrial and environmental risks, (iii) legal and regulatory risks, (iv) financial and market risks. The main non-financial risks within the meaning of the Non‑Financial Performance Statement(1) are described in chapter 4. The Vigilance Plan(2) is also included in this chapter.

3.1.1. Reference work

For the purposes of preparing this Document and defining Internal Control, L’Oréal has used the Reference Framework and its application guide published by the French Financial Markets Authority (AMF) in January 2007, and updated on 22 July 2010. 

3.1.2. Internal Control - preventing and controlling risk

At L’Oréal, Internal Control is a system that applies to the Company and its consolidated subsidiaries (the “Group”), which aims at ensuring that:

  • economic and financial targets are achieved in compliance with the laws and regulations in force and the Group’s Ethical Principles and standards;
  • the orientations set by General Management are followed;
  • the Group’s assets and reputation are valued and protected;and
  • the Group’s financial and accounting information is reliable and provides true and fair statements.

By contributing to preventing and managing risks, the Internal Control system promotes the steady and sustainable manufacturing and economic development of the Group within a control environment that is appropriate for the Group’s businesses. However, any system or process has its imitations. These result from a number of factors, in particular the uncertainties of the outside world or malfunctions due to technical or human failures.

The handling of risk should be based in particular on a reasonable informed choice between the challenges to be controlled, the opportunities to be seized, the cost of the risk management measures, and the effects of these measures on the occurrence and impact of the risk.

3.1.3. A process for the continual improvement of the Internal Control system

In 2022, the Group continued its efforts to improve the system of Internal Control by, in particular:

  • constantly adjusting the Group matrix for the segregation of duties and the associated control environment;
  • providing new operational guides to remind employees of the Group’s principles and enable the sharing of best practices(e.g. the e-commerce control playbook);
  • updates to the “Fundamentals of Internal Control” digital library (for example, on business continuity plans and sourcing);
  • regularly adapting the reference frameworks to address new challenges;
  • updating the Group’s digital referential(3); and
  • revamping of the programme to raise awareness of the risks of fraud.

The deployment of online training (prevention of corruption, data security, competition, cyber security, personal data protection) is ongoing.

The network of Internal Control managers continued to be built up worldwide through:

  • specific training courses;
  • informative web chats for sharing updates on Group projects and business standards; and
  • a special-purpose communication platform that promotes the sharing of best practices.
  1. As defined by Articles L. 225-102-1 and L. 22-10-36 of the French Commercial Code.
  2. Drawn up pursuant to Article L. 225-102-4 of the French Commercial Code.
  3. See section 3.2.1.