Pernod Ricard Internal Audit Charter - Coorpacademy

1 Pernod Ricard Internal Audit Charter 1. Introduction This Charter sets forth the mission, powers and responsibilities of the Corporate Internal Audit function ( Internal Audit ) within the Pernod Ricard Group. The rights and duties of the auditors and the audited entities are also set forth in order to ensure compliance with the ethical and organisational rules applicable throughout the Pernod Ricard Group. This Internal Audit Charter refers to the international standards governing professional Internal Audit practices. 2. Objectives Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

2 3. Scope, roles and responsibilities The scope of Internal Audit includes all the Group s operations and affiliates. The scope of work of Internal Audit does not merely focus on accounting and financial processes: it can cover any operating and functional process. Internal Audit is not involved in any tasks that could jeopardise the independent nature of its evaluations and reports. The main role of Internal Audit is to assess the level of Internal control of Group affiliates, by conducting Audit missions, and issue recommendations when necessary. This notably entails the following responsibilities: Identify weaknesses and suggest improvements, Coordinate the risk identification process, particularly the formalisation of risk mapping, Evaluate the affiliates compliance with Pernod Ricard Group Internal Control Principles, Oversee the remediation of past Audit points, Coordinate the preparation of the report of the Chairman of the Board of Directors on Internal Control and risk management, Animate the community of Group s Internal auditors and controllers.

3 4. The Audit Plan All Internal Audit missions and initiatives defined for each fiscal year are formalized into the Audit Plan. With a risk analysis approach, the Internal Audit Director draws up this Audit Plan which sets priorities (subsidiaries / themes) in line with the Group s objectives. In particular, the Audit Plan features: Coverage of the Group s entities on a rotating basis, Audits on cross-functional themes, Specific missions or projects designed to strengthen Internal Control. In preparing the Audit Plan, the Internal Audit Director consults Group General Management, the Regions and the Functional Departments. The Statutory Auditors may also be consulted. Once the Audit Plan is validated by the Group Chief Executive Officer, it is submitted to the Audit Committee for approval and then sent to the affiliates concerned.

4 Ad hoc missions may be added to the Audit Plan at the request of Group General Management or the Audit Committee. 5. Organisation Internal Audit is managed by the Group Internal Audit Director, within Finance department. The scope of work of Internal Audit is conducted, as part of Audit Plan, by: One central team, fully dedicated to this activity Regional Audit (EMEA, Americas, Asia) and IT teams, including resources partly dedicated to Audit missions, according to a planning and details defined at the beginning of the fiscal year. When performing Audit missions, these teams functionally report to the Internal Audit Director External service providers, when necessary. The main conclusions of Internal Audit assignments are subject to periodic report to Audit Committee and Group General Management.

5 Furthermore, at all times, the Internal Audit Director can contact independently the chairman of the Audit Committee or the members of Group General Management. 6. Execution of an Internal Audit assignment Before any Audit assignment, a mission letter is sent out to the Chief Executive Officer of the audited entity. It gives a general description of the Audit and provides content to allow a mutual understanding between Internal Audit and the audited affiliate (purpose, scope of the Audit , date and duration of the Audit ). A detailed work program is sent out to the audited affiliate before the work begins in the field. It includes the composition of the Internal Audit team, a description of the topics to be reviewed and a list of documents and schedules that the affiliate must prepare and supply to Internal Audit beforehand.

6 In the fieldwork phase, the auditors conduct interviews and perform tests using the material provided to them in order to base their conclusions on a systematic and methodical approach which involves an objective analysis of the facts. In all instances, Internal Audit makes every effort to establish and sustain a constructive and evidence-based dialogue with the audited affiliate. Throughout the Audit , Internal Audit regularly informs the audited entity of its observations and diagnosis. Furthermore, a kick-off meeting to present the objectives of the Audit and the work program and a closing meeting to present and validate the conclusions are held with the affiliate s management. Upon completion of the Audit in the field, Internal Audit draws up an Audit Report that describes the work carried out, the weaknesses identified and the recommendations made.

7 Each area of improvement is assigned a color code in order to help the affiliate prioritise its action plans: Critical Requires significant improvement Requires improvement Point to be brought to management s attention, but not flagged as an Internal control weakness Good practice After the Internal Audit Director reviews the main conclusions of the report, it is sent to the audited affiliate to enable it to produce Management s Comments. For each weakness identified, the comments must explain how and when the recommendations shall be implemented and who shall be in charge. Management s Comments are reviewed by Internal Audit before the Final Report is circulated to the affiliate s management, to Group General Management, to the Audit Committee and to the Statutory Auditors.

8 Internal Audit follows up the implementation of the recommendations by checking the progress of the action plans set out by the management of the audited affiliate. The status of remediation of past Audit points disclosed in Internal Audit reports is formally presented to the Audit Committee twice a year. 7. Auditor s ethics Pursuant to the IIA1 / IFACI2 Code of Ethics, Internal Audit must observe and enforce the following fundamental principles: Integrity: the integrity of Internal auditors establishes trust and thus provides the basis for reliance on their judgment. Objectivity: Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating and communicating information about the activity or process being examined.

9 Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments. Confidentiality: Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. Competency: Internal auditors apply the knowledge, skills and experience needed in the performance of Internal auditing services. 8. Responsibility of the audited affiliate Whenever an affiliate is audited it must ensure that: Internal Audit has unhindered access to the documentation it requests and to the people it wishes to interview in the preparation and in the fieldwork phases of the Audit , A formal response is produced for every weakness identified in the Audit Report, with an action plan that features the person in charge and the timetable for the implementation, The action plans agreed upon are implemented as scheduled.

10 9. Responsibility of affiliate as regards Internal control Each affiliate must set up an Internal Control framework that suits the nature of its operations, its organisation and its regulatory environment. All affiliates that do not have any resource fully dedicated to Internal Control must have one employee who has been identified and partly assigned to Internal Control. Under such circumstances the affiliate must fulfill the following obligations: Formalise and implement procedures in compliance with Pernod Ricard Group Internal Control Principles, Update the risk matrix and ensure that the risks are monitored, Submit the Internal control self-assessment questionnaire (so called LSF ) to the Supervising Entity with the representation letter signed by the Chief Executive Officer and the Chief Financial Officer, Ensure that the action plans identified in the Audit reports are implemented and report formally to Internal Audit twice a year.