1.5. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM The Group operates in a constantly changing environment and like any company, L’Oréal is necessarily exposed to risks which, if they were to materialise, could have a negative impact on its business activities, its financial position and its assets, particularly in terms of reputation and image. In order to ensure the sustainability of its development and the achievement of its objectives, the Group strives to anticipate and manage the risks to which it is exposed in its different areas of activity. L’Oréal’s risk management consists in identifying, assessing and controlling risks that may affect the smooth running of the Company. It also participates in the Group’s development by promoting good use of resources to minimise the impact of negative events and maximise the realisation of opportunities. By contributing to preventing and managing the risks to which the Group is exposed, the purpose of the Internal Control system is to enable the Group’s manufacturing and economic development to take place in a steady and sustainable manner in a control environment appropriate for the Group’s businesses. At L’Oréal, Internal Control is a system that applies to the Company and its consolidated subsidiaries and aims at ensuring that: • economic and financial targets are achieved in compliance with the laws and regulations in force and the Group’s Ethical Principles and standards; • the orientations set by General Management are followed; • the Group’s assets and reputation are valued and protected; and • the Group’s financial and accounting information is reliable and provides true and fair statements. The control environment, which is critical to the Internal Control system, good risk management and the application of procedures, is based on behaviour, the organisational structure and employees. At L’Oréal, it forms part of a culture of rigour and commitment communicated by senior management and in line with the Group’s strategic choices. Risk management and Internal Control is everyone’s business, from the governance bodies to all employees. The Internal Control system is the subject of ongoing supervision in order to verify whether it is relevant and meets the Group’s objectives and addresses its issues. See also Chapter 3 “Risk factors and control environment” of this document, which includes, in particular, details regarding the identification and management of the most significant risks from the point of view of investment decision-making, within the meaning of the regulations, listed in the table below. Major risks to which the Group believes it is exposed Residual importance Business risks Sanitary crisis* Significant Information and cybersecurity systems* Significant Geographic presence and economic and political environment* Significant Crisis management Moderate Data Moderate Market and Innovation Moderate Business ethics Moderate Sales distribution networks Moderate Human Resources risk Limited Product quality and safety Limited Safety of people and property Limited Industrial and environmental risks Product availability* Significant Climate change Significant Environment and safety Limited Legal and regulatory risks Risk of non-conformity* Moderate Intellectual property: trademarks, designs & models, domain names, patents Limited Product claims Limited Financial and market risks Currency risk* Limited Risk on financial equity interests Limited Risk relating to the impairment of intangible assets Limited * Most material risks in each category. L ’ ORÉAL I UNIVERS AL REGISTRATION DOCUMENT 2021 51 PRESENTATION OF THE GROUP INTEGRATED REPORT Internal Control and risk management system 1