MCS Booklet 2024

MINIMUM CONTROL
STANDARDS - 2024
INTRODUCTION
As a global leader in our industry, Holcim adheres to the highest of

standards when it comes to how we manage and operate our business
day to day everywhere around the world. We see it as our ethical duty.
At the same time, we ensure our license to operate towards government

and authorities as well as our employees, investors and the communities
where we work.
With this in mind, first and foremost Holcim complies with all local laws
and regulations where we operate and manage a set of Minimum Control
Standards that every country and business in our organization must
follow – with clear guidance and consequence management.
Minimum Control Standards are the capstone of our Corporate Governance

framework and encompass 63 mandatory controls from Governance
and Compliance, Fixed Assets, Revenue, HR, Inventory, Expenditure, IT,
Accounting and Consolidation, Tax and Treasury to Sustainability and
Operational Technology.
These minimum control standards are mandatory throughout our

operations. Each Holcim employee has an important role in ensuring the
implementation and effectiveness of our Minimum Control Standards and
thus running the Internal Control System.
It is crucial that we engage them in the Minimum Control Standards

implementation and ensure that the right organization is in place to
improve control effectiveness.
The Minimum Control Standards are assessed and tested every year in all
our businesses across the globe. Our local CEOs and CFOs and regional
management certify through signed letters to the Group that they are in
place and operating effectively.
Group Internal Control

MCS SUMMARY AND CONTENTS
Reputational Errors in Operational Financial
MCS P. Compliance Fraud
damages financials disruption losses
GOVERNANCE AND COMPLIANCE 11

Communication and promotion of the Code of Business Conduct
01
and speak-up culture
12 H ● ● ●
02 Compliance with Fair Competition laws and requirements 14 H ● ●
03 Related party transactions and conflict of interests 15 H ● ● ●
04 Board of Directors secretarial requirements 17 ●
05 Health, Safety & Environment 18 ● ● ●
06 Risk assessment 19 H ● ● ●
07 Mitigation of business risks - Security 20 ● ● ● ●
08 Mitigation of business risks - Group insurance 22 ●
09 Mitigation of business risks - Business Resilience System 24 ● ● ●

Mitigation of business risks - Remediation of deficiencies
10
and non-compliance with MCS
26 H ● ● ● ● ●
11 Personal data protection 28 H ● ●
12 Segregation of duties and user access review 30 ● ●
13 Delegation of authorities and approval workflows 32 ● ● ●
14 Litigation disputes 34 ● ●
15 Review of contracts by Finance 35 ● ●

FIXED ASSETS 37
16 Management of titles, licenses and permits 38 H ● ● ●
17 Quarry reserves and provisions for restoration and rehabilitation 40 ● ● ●
18 Classification and depreciation of fixed assets 42 ●
19 Physical verification of fixed assets 44 ● ● ●

REVENUE 45
20 Management of customer and material master data 46 H ● ● ●
21 Price management 48 ● ● ●
22 Control of customer credit limits 50 H ● ●
23 Matching of sales orders, shipments and invoices 51 ● ● ●
24 Accounts receivable valuation 53 ● ● ●

HUMAN RESOURCES 55
Execution of onboarding, offboarding, master data management
25
and transfers of workers
56 H ● ● ● ●
26 Payroll 59 ● ●
27 Compliance with payroll and local labor laws 60 ● ●
28 Employee pension and benefit plans 61 ● ●

EXPENDITURE 63
29 Management of supplier master data 64 H ● ●
30 Supplier qualification and claim management 66 H ● ● ●
31 Three-way match, two-way match and direct vendor invoices 68 ● ● ●
32 Payment processing 70 H ● ● ● ●
33 Accruals for expenditures not invoiced 72 ●

INVENTORY 75
34 Physical stock take of spare parts and materials, and volume reconciliations 76 ● ● ●
35 Inventory valuation 80 ● ● ●
IT 81
36 Management of access to IT systems 82 ● ●
37 Review of IT user access rights to production IT systems 83 ● ●
38 Security configuration settings and batch job management 84 ● ●
39 Data backup, storage and restoration process 85 ● ●
40 Managing changes to IT systems 86 ● ●

ACCOUNTING AND CONSOLIDATION 89
41 Compliance with accounting and reporting standards 90 ● ●
42 Reconciliation of general ledger accounts 91 ●
43 Reconciliation of bank accounts 93 ● ● ●
44 Reconciliation of intercompany balances 94 ● ●
45 Manual journal entries 96 ● ● ●
46 Impairment of goodwill, intangible assets and tangible assets 97 ●
47 Transactions in a foreign currency 99 ●
48 Management of legal structure and consolidation hierarchy 100 ●
49 Consolidation of financial statements 102 ●
50 Statutory financial statements 103 ●

TAX 105
51 Tax risk assessment and reporting 106 ● ●
52 Tax filings and payments 107 ● ●
53 Deferred and current income tax calculations 108 ● ●
54 Transfer pricing 109 ● ●
55 Non-income (indirect) taxes 110 ● ●

TREASURY 111
56 Bank relations 112 H ● ●
57 Cash transactions are not permitted without the Group approval 114 H ● ●
58 Secure payment means 116 ● ●
59 Financial instruments, borrowings, commitments and working capital schemes 119 ● ●
60 Forex, interest rate, commodities risks monitoring and hedging 121 ●

SUSTAINABILITY 123
61 Environmental impact 124 ● ● ●
62 Social impact: human rights and stakeholders 126 H ● ● ●

OPERATIONAL TECHNOLOGY 129
63 OT Security baseline controls for cement plants and grinding stations 130 ● ● ● ●
Governance and
compliance
10 HOLCIM • MINIMUM CONTROL STANDARDS HOLCIM • MINIMUM CONTROL STANDARDS 11

1 Communication and promotion
GOVERNANCE AND COMPLIANCE

of the Code of Business Conduct
and speak-up culture
PRIMARY OBJECTIVE CONTROL & FREQUENCY REQUIREMENTS
Senior management continuously • The Code of Business Conduct (CoBC) is • For existing suppliers, the commitment
communicate and role model the Code of 1. CEO communication of the communicated to all new employees, with to our Supplier Code of Conduct is
Business Conduct (CoBC) while promoting a Code of Business Conduct and a short introduction, at on-boarding. New documented through contractual terms
integrity line to employees at employees acknowledge that they have and conditions included in the purchase
speak-up culture read and understand the policy and this orders and during the tendering process
least annually, performance of
is stored in the employee’s personnel file. for the new suppliers. In all other
trainings to risky employees The method used for acknowledgment contracts, best efforts are made for
RISK according to the training plan,
- Poor tone at the top (Step 1, 2) is defined by the local Legal and Human inclusion of a clause which recognizes the
- Corruption and Bribery (Step 1, 2, 3)
and acknowledgement of the Resource departments (or designated principles of Anti-Bribery and Corruption,
- Money Laundering (Step 1, 2, 3) Code of Business Conduct department). (Step 1) as well as Sanctions risk, either referring to
- Transaction with sanctioned parties (Step 1, 2, 3) by newly joined employee, • At least annually and more frequently our Supplier Code of Business Conduct or
- Infringement of Fair Competition regulations maintained by Human as the need demands, the CEO our template clause. (Step 2)
(Step 1, 2, 3) Resources (or designee). communicates to all employees • In the event that substantiated breaches
- Data leakage of sensitive information Annual concerning the values of Holcim and occur, remediation (consequential
(incl. non compliance with GDPR) (Step 1, 2, 3) the Code of Business Conduct and management and effect discipline)
- Infringement of human rights standards 2. Communication of the Supplier encourages employees to speak up, must occur in consultation with Group
(Step 1, 2, 3) Code of Conduct to suppliers, report suspected misconduct. (Step 1) Investigations. This process will be
- Ineffective or unethical vendor selection outsourced service providers, • Employees, with roles and responsibilities governed by the Country General Counsel
process (incl. TPDD process) (Step 2) must be documented. that encounter significant Code of at country level and Region General
Upon Change Business Conduct risks or have a function Counsel or Head of Compliance above
IMPACT of reducing these risks (as defined by local country level. (Step 3)
3. Remediation by management
- Compliance Legal & Compliance) are to undertake Link to: Code of Business Conduct,
- Reputational Damages of any confirmed breach. periodic training defined locally. (Step 1) Code of Business Conduct for Suppliers,
- Financial Losses Upon Request Anti-Bribery and Corruption Policy,
• The integrity line phone number must be
- Fraud working from all our facilities, the access Compliance Policy, Human Rights and
to the website is available through our Social Policy, SpeakUp & Investigations
network and posters should be placed Directive, Sanctions and Export Controls
in all our locations, the Integrity Line is Directive, Human Rights Directive, Third
communicated in the Intranet, Internet Party Due Diligence Directive, Sustainable
and within or along with the local Supplier Procurement Directive and Compliance
Code of Business Conduct. (Step 1) Training Cycle 2022-2024
• The organization’s commitment to

integrity and ethical behavior as
defined in the Supplier Code of Conduct
is communicated to the suppliers
outsourced service providers. (Step 2)

2 Compliance with Fair Competition
3 Related party transactions

laws and requirements and conflict of interests
PRIMARY OBJECTIVE CONTROL & FREQUENCY PRIMARY OBJECTIVE CONTROL & FREQUENCY
Follow Group Fair Competition Ensure approval of related
Directive, Commercial 1. Training on fair competition party transactions by Legal 1. Monitoring by the appropriate person
Documentation Directive and compliance of highly and medium and communication to all (see Conflict of Interests Directive)
competition law advice and risk exposed employees is completed employees to declare personal and the local compliance officer
ensure risk-exposed employees and is documented by Local Legal for interests that overlap business of potential Conflict of Interests
are trained trainings at country level and Group decisions they need to make situations reported by employees
Legal – Competition Law for trainings and any resulting actions or
at Group Level. Annual requirements, with documentations
RISK 2. Pricing decisions, competitor contacts RISK kept by local Legal and Compliance
- I nfringement of Fair Competition - Poor tone at the top (Step 2) department. Upon Request
regulations (Step 1, 2)
and sources of market information are - Corruption and Bribery
documented in accordance with the (Step 1, 3, 4, 5) 2. Perform Conflict of Interests
IMPACT Commercial Documentation Directive. communication annually. Annual
- Compliance Advices by Group Legal - Competition IMPACT
- Reputational Damages - Compliance 3. Review and approval by the legal
Law to Local legal department department before initiating any
- Financial Losses - Reputational damages
and business stakeholders are - Financial losses business deal or arrangement
documented. Upon Request - Fraud between a Holcim entity and a
shareholder or director’s company.
Upon Request
REQUIREMENTS 4. The privileged information on Holcim
Ltd, the insiders’ list is elaborated
•E
mployees must comply with the Fair recruited medium exposed employees and handled at Group level - by
Competition Directive and applicable must be trained within six months of Legal & Compliance. Group Legal
local competition laws. (Step 1) taking on a job with Holcim. Successful and Compliance sends the quarterly
•A
ll highly exposed employees must completion of an e-learning training communication. The insiders’ list is
participate in a virtual or physical must be documented by automatic
certification generated by the e-learning
cross-checked with HolcimiNK users
face to face training every two years; list. (Group Level) Quarterly
these trainings are organized by tool or by any other verifiable means)
the local legal department or if at with records retained by Local Legal or 5. The privileged information on a listed
the Group Level, by Group Legal – if at the Group level, by Group Legal - Group company, the insiders’ list is
Competition Law. (Step 1)
Competition Law. All newly recruited elaborated and handled at country
highly exposed employees must be • Employees must comply with the level - by the Legal department or
trained within 6 months of taking on Commercial Documentation Directive company secretarial department. The
a job with Holcim. Participation in the to ensure pricing decisions, competitor
virtual or physical face to face training contacts and sources of market
country Legal department sends the
must be documented using a signed information are properly documented. quarterly communication. Quarterly
participation list or by any other (Step 2)
verifiable means (paper or electronic • Group Legal – Competition Law regularly
form) with records retained by the Local advises legal and business stakeholders
Legal or if at the Group level, by Group on competition law compliance by
Legal - Competition Law. (Step 1) guidance papers or any other means,
•A
ll medium exposed employees must whenever applicable. (Step 2)
complete an e-learning training every
three years; this e-learning training is Link to: Code of Business Conduct, Fair
provided by Group Legal - Competition Competition Directive and Commercial
Law to all Local Legal. All newly Documentation Directive

3 Related party transactions and
4 Board of Directors secretarial

conflict of interests requirements
REQUIREMENTS PRIMARY OBJECTIVE CONTROL & FREQUENCY

•E
mployees are to assess their own information. These lists shall be The local secretary and the
situation and disclose any Conflict updated on an ongoing basis. As chairperson of the Board 1. Signing by the Board of Directors
of Interests (COI) situation to their soon as privileged information such of Directors (BoD) ensure chairperson and secretary of a
manager as soon as it becomes as consolidated financial data and letter to confirm compliance with
apparent. The disclosure will be projects data is available internally a that all local corporate legal
all corporate legal requirements.
reviewed as described in the Conflict of communication informing insiders of requirements are met
Interests Directive. (Step 1) their obligation not to trade shall be sent Annual
out. The updated list and its previous
• Training on the Conflict of Interests versions as well as the communication is RISK
Directive is a mandatory part of the stored by Group Legal & Compliance (or - Lack of Board’s oversight
standard Anti-Bribery and Corruption the applicable listed entity). Permissions responsibilities over risk and
(ABC) Compliance Training for regarding access to the folder where internal control (Step 1)
Employees. (Step 2) the lists are stored and secured must be - Absence of control and supervision
• Conflict of Interests Directive is restricted and controlled. (Step 4) over remote or small entities (Step 1)
communicated once a year to enable • Group Companies having Securities IMPACT
employees to declare potential conflict listed on a stock exchange shall - Reputational damages
of interests. (Step 2) adopt a binding Insider Dealing and
•A
ny business deal or arrangement Market Disclosure setting at least
between a Holcim entity and a equivalent standards and processes
designed to ensure compliance by REQUIREMENTS
shareholder or a director’s company
shall be deemed a related-party that Group Company and its directors
and employees of their respective When required by law, an entity that • Annual shareholders meeting occur, if
transaction. For companies locally has a Board of Directors must ensure applicable.
listed, related party transactions are to obligations under applicable laws and
regulations. Insider Dealing Market that all corporate secretarial duties are • Any other local legal requirements
be reviewed by the legal department performed and documented in a timely
before approval or signature. (Step 3) Disclosure Directive. (Step 5) (the defined secretary should specify
manner in accordance with the local all the local legal requirements or liaise
•F
or Group privileged information, Link to: Compliance Policy, Anti-Bribery requirements. On behalf of the Board of with the local legal team to obtain such
Group Legal and Compliance lists all and Corruption Policy, Code of Business Directors, the secretary and chairperson information and formalize it).
employees that have access to that Conduct, Insider and Management must ensure that the Board of Directors
Transaction Directive, Decisions with and its Committees (if applicable) •T
he Board of Directors chairperson and
information. For other publicly listed secretary shall jointly confirm compliance
entities, the entity legal department Integrity – Conflict of Interest Directive operate according to the provisions of
and Compliance Training Cycle the local corporate laws, company’s with all applicable corporate legal
may also need to list employees in the requirements by signing a compliance
entity that have access to privileged 2022-2024 articles of incorporation, bylaws,
charters or other corporate governance confirmation letter as part of the annual
regulations. This includes in particular internal control certification process.
that: (Step 1) Objective of this control is considered
achieved with the following alternative
• Key corporate documents and records measures: 1) in case the CEO is a member
are maintained in accordance with of the board, a certification letter signed
applicable retention policies (local law by the CEO in his/her capacity of a board
and Group regulations). member and by the secretary; 2) in case
• Meetings of the Board are held at least the CEO is not a member of the board,
as frequently as required by local law. a certification letter signed by the CEO
• Minutes are taken at the meetings, are and the secretary, presented in the board
approved and are maintained as part of meeting with formalized meeting minutes
the corporate records. signed off by the chairperson of the
board.
• Shareholder and Director’s registers are
kept up-to-date. Link to: Group Delegated Authorities

5 Health, Safety
6 Risk assessment

& Environment
PRIMARY OBJECTIVE CONTROL & FREQUENCY
Ensure effective Perform and document
implementation of the four 1. Ensure annually the Health, a robust business and 1. A risk assessment is performed
sections of the Health, Safety Safety & Environment policy is compliance risk assessment annually and documented per Group
& Environment Management correctly applied by verifying at the country / service center Risk management process. Action
System (Leadership and the implementation of rewards level at minimum annually Plans are defined and monitored
Engagement, Objectives, & recognition and consequence for all high risks (as a minimum)
management, Health, Safety & in accordance with the Risk
Planning and Management RISK
Environment Improvement Plan management guidelines. Annual
Review, Operations completion, employees and - Poor tone at the top (Step 1, 2)
- Misalignment of the organization 2. Country and service center risk
and Support Processes, contractors training plan, Critical
with business needs and objectives assessment reports are signed-off by
Performance Evaluation Controls and Health, Safety & (Step 1, 2) the Country CEOs and the Heads of
Environment Key Performance Service Centers for their respective
Indicators. Annual IMPACT
RISK - Compliance entities (electronically or physically)
- Health & Safety issue (injuries, - Reputational damages and submitted to Group Risk
fatalities, illness) or incident (Step 1) - Operational disruption Management. Annual
- Financial losses
IMPACT
- Reputational damages
- Operational disruption
- Financial losses
REQUIREMENTS
REQUIREMENTS • A risk lead is appointed in each country • Action plans must be defined for all
to support the local management with high residual risks (at a minimum)
Country must ensure that the following plan which must meet minimum the risk assessment process and to in accordance with the Group Risk
4 sections of the Health, Safety and expectations of classroom and practical monitor mitigation actions. (Step 1) Management guidelines. Action plans
Environment management system are in per Health, Safety & Environment • A risk assessment is performed and (title and description), owner and due
place and operating with regular reviews: standards. Countries must implement signed off at least annually and identifies date have to be documented in the risk
(Step 1) the Critical Controls Management as risks with the greatest likelihood of management tool. (Step 1)
defined by the Group. occurring and with the highest potential • Update of the status of actions in the
•L
eadership and Engagement: Rewards,
impact as per the current Group Risk risk management tool is done when the
Recognition and Consequence • Performance Evaluation: Group Health,
assessment methodology (please refer risk assessment is performed as per the
Management program is in place. Safety & Environment Audit and annual
to Group Risk Management guidelines. Group requirement. (Step 1)
self-assessment performed at unit
• Objectives Planning and Management Risks, risk comments (i.e. description),
level. Process Safety Management and Link to: Finance Policy
Review: An annual Health, Safety & likelihood (initial and residual), impact
Incident Reporting and Investigation
Environment Improvement Plan (HSEIP) (initial and residual) and risk treatment
with incidents correctly classified and
is set up following the Group process. have to be documented in the current
action plans kept up-to-date with
The Health, Safety & Environment Group Risk assessment tool. (Step 1, 2)
relevant actions. Road Key Performance
Improvement Plan completion is Indicators (KPIs) should be reviewed.
tracked at the country Executive
Committee level and the strategic Link to: Health, Safety & Environmental
area of Health, Safety & Environment Policy, Health, Safety and Environment
Improvement Plan is tracked in the management system, Critical Controls
Group tracking tool. Management, Group Health, Safety
& Environment site and Sustainable
•O
perations and Support Processes: Procurement Directive
Ensure that all employees and
contractors are in scope of the training

7 Mitigation of business risks -

Security
Implement security measures
Holcim must implement and manage a d. Travel: Country Travel and Events
and procedures in accordance 1. Annual sign off by the Country Security and Resilience program, based rules are in place, mirroring the Travel
with the Security and Resilience Chief Executive Officer (CCEO) of on the Security and Resilience Policy, and Events Policy. Appoint a Country
the Country Ecosystem report, the the Security & Resilience Management Travel Coordinator; travel agency(ies)
Governance
Country Security Risk Assessment System (SRMS) and the Security are connected to I-SOS Travel Tracker;
directives. This applies to all companies the Travel dashboard weekly extract is
and the Country Security & Resilience
controlled by Holcim and their projects systematically used to verify visibility
RISK Briefing. Annual throughout the entire lifecycle (e.g. of all international business travellers
- Assault on person (Step 1, 2)
-A ttack against business asset 2. Ensure minimum implementation Solutions & Products, Holcim Trading, in the Travel Tracker and that they
requirements of the Security and IT Services Centers, Business Services have completed the mandatory
(Step 1, 2)
Resilience policy, the Security & Centers, etc). general Business Travel eLearning.
- Theft (Step 1, 2)
At a minimum, they must perform the The Country Travel Guide is updated
Resilience Management System
IMPACT following tasks: annually.
(SRMS), and directives are
- Reputational damages e. Third Parties: Engage, Manage and
- Operational disruption completed by the Country Security • Ecosystem: capture on an annual
basis the country ecosystem (people, Evaluate suppliers providing security
- Financial losses Representative. Annual services annually in line with Holcim
assets, etc) in the Holcim Sites
- Fraud processes.
Mapping Application (SMA), including
evacuation People on Board (POB), f. Incident response: report all security
where applicable, using the Country incidents through Holcim Security
Ecosystem report. (Step 1) Incident Notification Tool (SINT) and
• Risks: validate the S&R Threat provide evidence that all recurring
Assessment from Group and conduct incidents, as well as High and Very
the Risk Assessment at country level on High impact (attempted) incidents
annual basis using the Country Security have documented lessons learned and
Risk Assessment. (Step 1) related action plans.
• Minimum implementation requirements: • Audit, Assurance and Performance:

(Step 2) (Step 1, 2)
a. Structure: CEO must appoint a a. Track the implementation of the

fit for purpose Country Security Security & Resilience Management
Representative (CSR) and relevant System and the deployment of
organization to successfully implement directives;
the program. Mandatory trainings b. Send the Country Security & Resilience
are completed by the relevant Briefing to Country Chief Executive
stakeholders and documented. Officer (CCEO) and Group Security &
b. Budget : Report total FY-1 spend, Resilience at least annually
publish dedicated security budget Link to: Security and Resilience Policy,
for FY-0 and validate security related People Security Directive, Security
spend on a quarterly basis in the Services with Integrity (SSI) Directive,
Security Spend dashboard. Terrorist & Organised Crime (TOC)
c. Mitigation controls: implement Monitoring Program Directive, Travel
mitigation controls at the location of and Events Policy, Holcim Business
the risk and deploy specific programs Travel eLearning, Security & Resilience
where Group Level Material Risks Management System (SRMS) and SSI
(GLMRs) and directives (SSI, TOC) Quick Checklist
have been identified as “in-scope”.
The above requirements can be performed more frequently in response to a significant change to the
business or risk landscape, or if specifically mandated by Group Security and Resilience Governance
requirements.


Group insurance
Follow the Group insurance The country must comply with the business activity like installation of
process to ensure adequate risk 1. Payment of Group insurance following 5 priorities: building materials, new products with
coverage • Group insurance premiums are paid by different liability risks such as building
premiums is done prior to the due
the due date with no delay. (Step 1) material chemicals, etc.). (Step 4)
date. Annual
• Property insurance values are provided • All Capex projects in excess of EUR 5m
RISK 2. Annual approval by the local annually to Group Insurance and Risk (or equivalent) are reported to Group
-L
ack of insurance coverage Executive Committee (or designee) Financing (GIRF) before the due date to Insurance and Risk Financing (GIRF) to
(Step 1, 2, 3, 4, 5) of property insurance values for avoid under-insurance. (Step 2) ensure appropriate coverage. (Step 4)
IMPACT accuracy according to Group • All claims and losses that are covered by • For risks that are not covered by Group
methodology, to ensure replacement a Group Insurance policy and that are insurance programs*: (Step 5)
- Financial losses
value cover. Annual likely to exceed the applicable deductible a. Local Executive Committee must
or exceed EUR 500,000 (or equivalent) put in place local insurances as
3. By using Group Risk Insurance Tool have been timely declared to Group required by local regulations (e.g.
Incident Report is submitted within Insurance and Risk Financing (GIRF) motor liability, workers compensation
48 hours by the local Executive within 48 hours of incident via Group Risk insurance).
Committee (or designee) for all Insurance Tool (GRIT). (Step 3)
b. Local Executive Committee may
claims and losses that are covered • All Risk Improvement Actions (RIA) put in place local insurance for non-
by a Group Insurance policy and that recommended by our insurer have to mandatory local risks as long as these
are likely to exceed the applicable be mitigated within a reasonable time do not overlap Group insurance
deductible or exceed EUR 500,000 frame. If Group countries do not agree programs (e.g. allowed would be
with the RIA, GIRF must be notified and fiduciary insurance for local pension
(or equivalent). Upon Request alternative measures must be put in fund, trade credit insurance).
4. Group Insurance and Risk Financing place. (Step 4)
is informed: 1) before new business • Any change in the business that impacts Link to: Finance Policy, Group Insurance
activity is put in place, 2) of all Capex the Group Insurance programs* are Directive, Capex Directive and Group
communicated to Group Insurance Insurance Program
projects in excess of EUR 5m, 3) of
any Risk Improvement Actions (RIA) and Risk Financing (GIRF) (e.g. new
countries do not agree with. Upon
Change *Group insurance programs:
• Property Damage / Business Interruption (PDBI); Third Party Liability (TPL); Directors & Officers
5. Local Executive Committee (D&O); Marine Protection & Indemnity and Charterers Liability; Marine Cargo and Cyber.
approves purchase of additional • Construction All Risk / Erection All Risk (CAR/ EAR) – alternative local insurance allowed if cleared
local insurances for risks that are by Group Insurance and Risk Financing before project commences.
Group Insurance and Risk Financing is regularly reviewing the risks situation and reserves the right to
not covered by a Group insurance define other risks to be covered by a Group insurance program.
program. Upon Request


Business Resilience System
Every country must have a
Holcim must implement and manage •P repare and maintain a Country Business
Business Resilience program 1. Annually verify that the following a Business Resilience (BR) program, Resilience Plan (‘Plan on a Page’).
requirements are in place at country following their Security and Resilience •M aintain and test at least annually the
level in accordance with the Holcim Management System (SRMS) and country level plans for in-scope Group
RISK Business Resilience Directive: Annual the Business Resilience Directive Level Material Risks (GLMRs), High and
- Assault on person (Step 1) requirements. This applies to all Very High inherent risks identified in the
- Supply chain disruption (Step 1) a. Appointed Business Resilience companies controlled by Holcim and their Holcim S&R Risk Assessment tool and
-B usiness disruption due to IT/OT Sponsor, Business Resilience projects throughout the entire lifecycle from the Resilience and Governance
unavailability (Step 1) Coordinator and Business (e.g. Solutions / Products, Holcim Trading, (RaG) incidents or programs.
-A ttack against business asset Resilience Team IT Services Centers, Business Services
(Step 1) •P erform an annual Business Resilience
b. Up to date Country Business Centers, etc). In case of joint Business
Team exercise of their choice.
Resilience program with a Holcim country,
IMPACT Resilience Plan (‘Plan on a Page’). • I ncident response: report all S&R
a formal agreement should exist.
- Reputational damages c. Up to date Crisis Management incidents through the Holcim Security
- Operational disruption At a minimum, they must perform the
Plan and Business Continuity Incident Notification Tool (SINT) and
- Financial losses following tasks:
Plan at country level, Emergency provide evidence that all incidents
• Nominate a Business Resilience Sponsor requiring the activation of a BRT have
Response Plan available at the and a Coordinator to implement the documented lessons learnt and related
location of the risk(s). Business Resilience program. Appoint action plans.
d. Specific country level plans for a Business Resilience Team (BRT)
Link to: Security and Resilience Policy and
Group Level Material Risks, High consisting at a minimum of Business
Business Resilience (BR) Directive
Resilience Team leader and core
and Very High inherent risks,
members.
Resilience and Governance (RaG)
• Perform and document annually the
incidents or programs.
training of Business Resilience sponsor,
e. Post-exercise report which Coordinator and Business Resilience
includes objectives, the risk being Team.
exercised and the lessons learnt.
f. All live S&R incidents have been
reported in the the Holcim Security
Incident Notification Tool (SINT);
lessons learnt, including action
plans, have been documented.


Remediation of deficiencies
and non-compliance with MCS
Management process is in Management responds timely and MCS# 01, 02, 03, 06, 10, 11, 16, 20, 22, 25,
place to identify and correct 1. Approval by Group Head of Function appropriately to any deficiencies 29, 30, 32, 56, 57, 62. (MCS01.01/02/03;
deficiencies found while and Group Internal Control for local identified through monitoring activities MCS02.01/02; MCS03.01/02/03/04/05;
control design which do not agree / of and takes adequate and timely actions MCS06.01/02, MCS10.01/02;
monitoring the MCS
comply with Minimum Control to correct deficiencies. This process MCS11.01/02; MCS16.01/02/03/04;
Standards requirements /central includes: MCS20.01/02; MCS22.02, MCS25.01;
MCS29.01; MCS30.01/02; MCS32.01/02;
RISK description. Validation by Regional • The MCS exception approval process:
In case a country is not able to design a MCS56.02; MCS57.01, MCS62.05)
-P
oor tone at the top (Step 1) Internal Control correspondent of must be approved by the Regional
-M
isalignment of the organization Not Applicable controls. Deficiencies local control description in compliance
with the Minimum Control Standards Compliance Officer before signature
with business needs and objectives to Minimum Control Standards
(MCS) requirements, (“Requirements” of the Country Certification Package.
(Step 1, 2)
are approved by Region Head (for + “Control Description”), the country (Step 1)
IMPACT countries) / Group management (for Internal Control Manager clears • Perform root cause analysis, a detailed
- Compliance functions) through the certification with Regional Internal Control description of the deficiency and the
- Reputational damages process. Annual correspondent, uses the MCS Design creation of an action plan to remediate
- Errors in financials and Implementation non-compliance the weakness identified. (Step 2)
- Operational disruption 2. Monitoring by the local Executive approval form to seek Group approval.
Committee of the progress of all • Deficiencies are communicated to those
- Financial losses Submission must be done two weeks parties responsible for taking corrective
- Fraud action plans relating to deficiencies to prior to the Control Design Assessment action, at senior management. (Step 2)
ensure they are resolved and reported (CDA) deadlines. Approvals are to be
• Follow-up of corrective actions and
to the Group according to Internal uploaded/linked at SAP Governance,
Risk, and Compliance tool (SAP-GRC). progress towards completion. (Step 2)
Control instructions. Half year
(Step 1) • Action plans relating to deficiencies are
• Controls rated as Not Applicable and tracked regularly by the local Executive
split of responsibility among entities Committee and to Group Internal
and service centers must be formally Control at least twice a year. (Step 2)
validated by Regional Internal Control • All deficiencies and action plans are
correspondent. (Step 1) tracked in SAP Governance, Risk, and
• Deficiencies to Minimum Control Compliance tool (SAP-GRC). (Step 2)
Standards has to be validated by Link to: Finance Policy, MCS Design
local management, Region Head (for and Implementation non-compliance
countries) /Group management (for approval form, Internal Control
functions) through the certification Instructions and Holcim Financial
process. (Step1) Certification Permanent Instructions
• Any deficiency related to MCS classified
with an impact over Compliance:

11 Personal data

protection
Ensure personal data/
If required by the local data protection addendum to the existing commercial
personally identifiable 1. Train employees in scope, as per and privacy laws and regulations, contract, or it is embedded into the
information (PII) managed the country defined training cycle, general terms and conditions of the
• The Data Privacy Notice/Policy is made commercial agreement). (Step 2)
in the company (acquired, on how to comply with local Data available to all existing employees and
processed, stored and deleted) Protection laws and regulations as distributed to new employees during • Customer’s consent is collected and
is handled in accordance with well as on recognizing and reporting the onboarding process. (Step 1) recorded whenever required. Seek
data breaches. Annual advice from the Data Protection
local laws and regulations • If required by the local data protection Responsible / Legal and Compliance
2. Implement Data Subject Consent and privacy laws and regulations, concerning the collection of customer
Form (in local language, if necessary) relevant employees are trained to consents. (Link to the control standard
RISK for different types of data subjects recognize and report data breaches or on customer master data). (Step 2)
-U
nauthorized use of company & any incidents relating to personal data
(e.g. candidates, employees,
personal information (incl. non which may carry reporting/notification • If required by the local data protection
compliance with GDPR) (Step 1, 2)
customers, suppliers) if required by obligations. Country is free to determine and privacy laws and regulations,
-D
ata leakage of sensitive local data protection law. Annual who are relevant employees. (Step 1) when external vendors have access
information (incl. non compliance verification with each department to personal data / PII handled by
with GDPR) (Step 1, 2) that Data Processing Agreements • Countries are required to define a a Holcim entity, seek advice from
compliance training program for a the Data Protection Responsible /
are signed with vendors processing
IMPACT locally defined cycle. They define what Legal and Compliance concerning
- Compliance Personal Data on Holcim behalf. training they want to deliver, and which implementation of an agreement with
- Reputational damages Annual is the target population within what the vendors regarding the processing
- Financial losses time period. All newly recruited relevant and protection of that personal data /
employees must be trained within 6 PII. (Step 2)
months of taking on a job with Holcim.
(Step 1) • If required by the local data protection
and privacy laws and regulations,
• Seek advice from the Data Protection a process is put in place and
Responsible / Legal and Compliance if communicated internally to respond
necessary. (Link to the control standard to data subject requests concerning an
on employee onboarding). (Step 1, 2) individual’s personal data processed
• Consent is collected and recorded when by the company. Always inform and
the employee’s image (photo/video) is seek advice from the Data Protection
taken and used by the company. (Step 2) Responsible/ Legal and Compliance
concerning how to respond to a data
• Data Privacy Notice/Policy is made subject request. (Step 2)
available / distributed to all existing,
new customers and prospects (either by Link to: Compliance Policy, General Data
email, online on a dedicated customer Protection Directive and Data Retention
platform or on the company’s website, and Deletion Directive

12 Segregation of duties

and user access review
Ensure there is a proper
Segregation of Duties (SoD): Business Access Review:
segregation of duties and users
1. Information Technology Service • Information Technology Service Centers At least twice a year, the following occurs
have need based access to IT Centers annually review and validates (ITSCs) annually review the Segregation for all critical business applications
applications the Segregation of Duties rule set of Duties (SoD) rule set for Enterprise including TIS*:
Resource Planning (ERP) system and • A review of all user accounts to ensure
for Enterprise Resource Planning
other regionally scoped applications that users have access according to
RISK
(ERP) system, other in-scope for SoD, to ensure alignment with their job roles. Any excessive access
-U
nauthorized access, disclosure, applications per region and provides Group rules and update the local that is not required for the performance
modification, damage or loss of the confirmation to the countries / customized objects (transactions) with of their job role should be revoked
data (Step 1, 2, 3, 4) functions / service centers. Annual support from business and provides within one month from the date of
the confirmation to the countries / identification. (Step 3)
IMPACT 2. Review half yearly, at a minimum, functions / service centers. Where the
- Financial losses of the Enterprise Resource Planning Segregation of Duties (SoD) ruleset is • IT should provide a report for all
- Fraud (ERP) system, other in-scope managed directly by the countries, this business users with the level of access
applications per region Segregation should be performed at country. (Step 1) for business to review user access rights
to ensure that the access is in line with
of Duties reports by the respective • Risk with zero conflicts (RWZC) are their job role. Business must propose
Business Process Owners and the eliminated upon identification. There corrective actions (e.g. revoke access /
CFO. Segregation of Duties conflicts is no tolerance for conflicts over risks change access and send a request to IT
are removed or mitigated as per the mapped as “Risk with zero conflicts”. for such changes) to be supported by
Group requirements. Half year (Step 2) the IT team. (Step 3)
• Other SoD risks (non RWZC) are to be • Business must obtain the dormant user
3. Validation half yearly, at a minimum,
kept at a minimum. Whenever removal report from IT for all critical business
over users’ level of access for is not possible, they are mitigated by applications and review to ensure
all critical business applications implementing a compensating control. that dormant users access is timely
including TIS and corrective actions These compensating actions must be revoked / deleted (notify IT to disable/
taken within one month after the documented and monitored to ensure delete dormant user ID’s). (Step 4)
review, if needed. Half year they are reducing the identified risk. The
compensating controls must be tested Link to: Finance Policy, Annex 10: Holcim
4. Validation half yearly, at a minimum, for operating effectiveness. (Step 2) SoD conflicts (RWZC), Annex 10.02:
over dormant users access deletion/ Holcim SAP SoD Rule Set, Annex 09: IT
• Exceptions of the above, Risk with
revoked, and corrective actions taken zero conflicts and non-Risk with zero Controls and Annex 09.02: TIS Roles and
within one month after the review, if conflicts requirements, have to be Security management
needed. Half year reviewed and agreed with Regional
Internal Control correspondent and
approved by the Group Head of Internal *Critical business applications are defined and
Control. (Step 2) documented as per Annex 09: IT Controls

13 Delegation of authorities

and approval workflows
Define clear delegation of
Group Delegated Authorities (GDA): • Responsibilities are clearly stated and
authority in compliance with 1. Approval by the local Executive The Group defines approving authority communicated within the organization.
Group Delegated Authorities Committee (and Board of Directors, and threshold for key transactions and • The assignment of responsibilities is
with an adequate approval if applicable) of the authorization commitments involving Holcim or any clear, including third-party service
of its subsidiaries. These rules provide a
system policy which includes Group providers (who carry out activities on
framework to the countries and functions behalf of the organization), related to
Delegated Authorities requirements. to make their decisions. These rules must
Annual the extent of their decision-making
be complied with and all approvals must rights.
RISK be documented. (Step 1, 2)
2. Any contractual commitment • The delegation of authority is adhered
-A uthority and responsibility not
clearly and formally assigned included in the Group Delegated Defining the local delegation of to for every transaction which requires
(Step 1) Authorities entered into by the authority matrix: (Step 1, 2) approval.
- Unauthorized transactions/ company must bear dual signature of • An authorization policy or delegation • The delegation of authority matrix is
contracts made on the behalf of the authorized persons defined in the of authority (DoA) matrix must exist reviewed at least yearly for compliance
Holcim (Step 2, 3, 4) local delegation of authority matrix. to establish clear lines of authority for with the authorization policy or limits
IMPACT Upon Request the approval of all main transactions definitions and updated as needed.
- Errors in financials within monetary limits and other
3. Review and approval by the authorizations in the country, such as Maintaining the delegation of authority
- Financial losses manager responsible for the matrix in the system: (Step 3, 4)
the signing authorities. As monetary
workflow approval matrix (system thresholds increase, additional • The delegation of authority is loaded
or manual) for compliance with the approvals from senior levels of in the Enterprise Resource Planning
authorization policy. For any manual management are required, with the (ERP) system workflow approval matrix.
approval processes the method of highest monetary thresholds requiring This and any subsequent changes
documentation are to be defined Board of Directors and Executive require appropriate approval based on
Committee’s approval. This delegation supporting documentation.
and evidence must be maintained for of authority is formally documented,
each approval. Half year • Half yearly, a report is run of all users
kept up-to-date and signed-off by the set up in the release groups (authorized
4. Half yearly verification by the local Executive Committee, and Board approvers) to verify that they are in line
manager responsible of users set of Directors (when applicable). with the local approved delegation of
up in the approval workflows in the • Group Delegated Authorities must authority, which respects the Group
Enterprise Resource Planning (ERP) be respected within the country Delegated Authorities. The report
system (e.g. the users mapped to delegation of authority matrix. Country is reviewed and signed-off by the
authorities and threshold defined in manager responsible. Access to update
release groups). Exceptions, if any, the Group Delegated Authorities may the release groups is restricted to
should be investigated. Review of be delegated locally but such must be authorized users.
users with authorization to update documented in the local delegation of
the release groups is performed, authority (DoA) and approved by the Link to: Group Delegated Authorities
and Finance Policy
errors analyzed and corrected. local Executive Committee (and Board
Half year of Directors, if applicable).

14 Litigation disputes
15 Review of contracts

by Finance
Risks related to legal disputes Contracts and material commit-
are assessed and recorded 1. Quarterly approval by the country ments are reviewed by Finance 1. Review and approval by CFO (or
quarterly in the Group Legal Head of Legal (or designee) of the designee) of contracts in a foreign
Case Management tool information reported in the Case RISK
currency, leases and all material
Management tool to Group Legal - Unauthorized transactions/ commitments to ensure proper
to ensure all required information is contracts made on behalf of accounting, foreign exchange risk
RISK reported, complete and updated with Holcim (Step 1, 2) management and disclosure before
-F ailure in litigation management - Lack of contract management
(Step 1, 2)
the latest assumptions according to signing or upon subsequent change.
Group Legal requirements. Quarterly (Step 1) Upon Request
- I naccurate or fraudulent closing - Non-adherence to accounting
entries (incl. judgemental 2. Quarterly review by the local CFO (or and reporting requirements and 2. Approval by the CFO of the
assumptions and estimates) designee) of the provisions reported standards (Step 1, 2) accounting impact of significant
(Step 1, 2)
in the Case Management Tool to - Inaccurate or fraudulent closing leases based on locally defined
IMPACT confirm they correspond with the entries (incl. judgemental thresholds and Group Lease Directive
- Errors in financials amounts in the financial statements. assumptions and estimates) (Step 2) (including material, complex and
- Financial losses Quarterly IMPACT judgmental contracts). Upon Request
- Errors in financials
- Financial losses
REQUIREMENTS
•T
he legal department keeps track of reporting requirements. At a minimum
and properly completes the status provision amounts and the classification
of all ongoing disputes, including the of the risk in the Case Management tool
estimated maximum risk, estimated must correspond with to the amounts
expected risk, classification of the risk recorded in the financial statements
as probable, possible or remote and at that date. The estimated maximum
the related provisions recorded in the risk, the classification of the risk and the
financial statements. (Step 1) provisions are reviewed by the CFO.
•A
t year-end (minimum), legal opinion (Step 2)
letters shall be requested from external • Control must be performed at least
law firms assisting on disputes to every quarter at closing, and it’s a
receive updated information regarding requirement for the execution of the
such disputes. The legal opinions are Financial Certifications. (Step 2)
reviewed by the legal department and
CFO. (Step 1) Link to: Group Delegated Authorities,
Data Retention and Deletion Directive
•T
he Group Legal Case Management tool and Group Legal Case Management tool
must be updated as per the Group Legal

15 Review of contracts
by Finance Fixed assets
REQUIREMENTS
•E
ach entity should determine the scope etc). Countries are asked to avoid any
or defined criteria of contracts to be leases that result in a foreign exchange
reviewed by finance based on country’s exposure (FOREX). Therefore, all
materiality as per SAP- Financial leases that are not denominated in
Consolidation (SAP-FC) report P780- the functional currency of the country
050. For Leases apply the Group Lease always require a separate approval
Directive. (Step 1, 2) from Group Treasury (regardless of
whether leases are budgeted or not).
• Contracts are reviewed by finance prior
to signing to ensure: (Step 1,2) - In addition all contracts related to
the control assessment or scope of
- Contracts in a foreign currency are consolidation such as acquisition or
communicated to the local financial divestment contract, put or call option
department and approved by CFO (or contracts, shareholders agreement,
designee) before signature. must be reviewed and communicated
- Financial impacts are properly to Group Finance (HARP 4.1.5.3).
assessed, and are taken into account • During the Request for Proposal (RfP)
in the decision making (capital process, a financial review must occur
expenditures (CAPEX), operating to support the business decision to buy
expenses (OPEX), leases per or lease an asset, including assessment
International Financial Reporting of the financing method (by treasury)
Standards 16 (IFRS 16), take or pay, off and the potential impacts to the financial
balance sheet clauses, power purchase statements (from accounting expert).
agreements (PPA), etc.). See Lease Directive sections 2.1 and 2.2.
- All material commitments are (Step 1, 2)
communicated to the financial • In the case of a volume increase or scope
department to ensure proper changes during the life of a contract
accounting and disclosure notably for involving foreign currency, all changes
the Group external publication. must be communicated to finance for
- For International Financial Reporting further actions. (Step 1, 2)
Standards 16 (IFRS 16) before signing
the agreement, leases must be formally Link to: Group Delegated Authorities,
approved according to the threshold Finance Policy, Procurement Policy,
and the approvers defined in the Lease Lease Directive, Capex Directive,
Directive to ensure correctness of the Foreign Exchange (FX) & Interest Rate
data captured from each contract (IR) Risk Management Directive, HARP
(or change to a contract), as well as 4.2.1 4.2.1 Accounting for Leases under
the determination and valuation of IFRS 16 and HARP 4.1.5.3 Accounting for
the additional valuation parameters Put and Call Options on Non-Controlling
(interest rates, probable end date, Interests

16 Management of titles, licenses
FIXED ASSETS
and permits
Ensure proper validity, filing
• For all relevant permits and licenses organization) and in consultation with
and timely renewal of titles, 1. Annual approval by relevant local (e.g. environmental, archeological, the quarry (mine planner) and land
licenses and permits ExCo member of the list of all operating permits, quarry and mining, management officer to ensure they are
production, energy use, vessels valid. (Step 2)
relevant permits and licenses for the
and ports, construction, air, water,
business to operate, and sign off by deforestation, blasting), roles and • The land management officer leads a
RISK
-L ack of valid titles, licenses and
the CEO of exceptions or potential responsibilities are clearly defined review of the land ownership situation
issues. Annual within the organization, adequate twice a year (or according to the local
permits (Step 1, 2, 3, 4)
processes are put in place in order requirements). A review of the foreseen
- Unauthorized land and quarry 2. Annual approval by the local
to ensure their validity, proper filing land acquisition / disposals is led by
usage (Step 1, 2, 3, 4) legal team (or equivalent at your
and archiving, timely renewal, and the land management officer with the
-C orruption and bribery
organization) and the quarry (mine publication (if required). The list quarry management and the country
(Step 1, 2, 3, 4)
planer) and land management is updated and clear ownership is raw material competent person. These
IMPACT officer (or equivalent at your assigned together with a procedure reviews covers all requirements to
- Compliance organization) of the existing titles of for management of different types of maintain the relevant licenses and
- Reputational damages permit and licenses. (Step 1) permits. (Step 3)
ownership, mining and surface rights,
concessions and permits , including • Local laws and regulations, international • Renewal of permits, trigger and exercise
- Financial losses
upcoming renewals. Annual standards when required, as well as of mining rights and permits occurs
Holcim Code of Business Conduct before the expiration date. (Step 3)
3. Approval, half yearly, by the land
(CoBC), are respected in the
management officer (or equivalent • Meetings with all stakeholders are
management of all permits and licenses conducted to review the progress
at your organization), jointly with related activities. (Step 1)
quarries management, of the land of the mining activities, monitor
• Third Party interfacing with public compliance with the mining regulations
ownership situation, including
officials to acquire, renew or review and permitting obligations. These
proposed or planned land activity include Quarry & Plant Management,
titles, licenses and permits are managed
(acquisition, disposal), and the effect Sustainable Development, Environment,
through the Third Party Due Diligence
on the relevant licenses. Half year (TPDD) tool (control related to TPDD is Legal and Land Management. (Step 4)
4. Annual approval by stakeholders covered in MCS30). (Step 1) Link to: Code of Business Conduct, Third
(see requirements) of the progress of • All existing titles of ownership, mining / Party Due Diligence Directive, Technical
mining activities and the compliance surface rights, concessions and permits Recommendation: Land Management
with mining regulations and permit are reviewed at least annually with the and Holcim Raw Material Resources and
requirements. Annual local legal team (or equivalent at your Reserves Reporting Standard

17 Quarry reserves and
FIXED ASSETS
REQUIREMENTS
provisions for restoration • Reserves for cement production sites

must be classified according the Raw
is verified and approved by the country
plant management and is included
and rehabilitation Material Resources and Reserves

Reporting Standard. On a yearly basis,
as an annex to the plan, allowing the
assumptions to be verified. (Step 2)
Raw Material Resources and Reserves • At least once a year, finance and land
as well as raw mix lifetime figures and quarry management, with legal
PRIMARY OBJECTIVE CONTROL & FREQUENCY have to be reviewed and validated if necessary, meets to review the
by a Holcim Competent Person and validity of the restoration/rehabilitation
Ensure that quarry reserves reported according to the business concept as well as the evaluation of
are secured, restoration and 1. Annual reconciliation of the cycle requirements defined by the Plant related costs and validate assumptions
rehabilitation requirements are resources and reserves with the total Development Plan (PDP) as per the used to calculate site restoration/
Raw Material Resources and Reserves rehabilitation provisions (discount rate,
implemented for every quarry of extracted tonnages transmitted
Reporting Standard. Aggregates resource timing of future cash costs, residual life,
and properly recorded in to the accounting department based and reserves are classified according etc.). If a revision occurs that impacts a
financial statements on the yearly estimates and approval to HARP definitions. Each country shall legal guarantee related to rehabilitation,
by CFO. Cases where the remaining report yearly raw material Resources & finance will secure the corresponding
useful lives of plants and equipments Reserves according to the business cycle revision. (Step 2)
RISK are greater than the remaining requirements defined by Aggregates
Reserves Management (ARM). (Step 1) • A Biodiversity Management Plan
- Failure in quarry rehabilitation secured reserves must be reported (BMP) must be in place for quarries
and biodiversity management in the financial certification package. • The yearly estimate of the reserves are categorized as of high biodiversity
(Step 1, 3, 4) reconciled with the total of extracted
Annual importance according to the criteria for
-D epletion of our own reserves tonnages transmitted to the accounting biodiversity importance category (BIC 1
(Step 1, 4) 2. Annual verification by finance and department. (Step 1) and 2). (Step 3)
-N on-adherence to accounting land and quarry management of • All resources and reserves acquired are
and reporting requirements and • Biodiversity Index (BIRS) must be
the validity of the restoration / correctly reflected in the accounts and
standards (Step 2) established in all quarries (active and
rehabilitation concept and costs do not lead to any impairment issues. non-active, including closed sites).
- I naccurate or fraudulent closing
entries (incl. judgemental
as well as the assumptions used to Cases where the useful lives of the plants (Step 3)
calculate the provisions. Annual and equipment are greater than the
assumptions and estimates) • Materials used for restoration must be
remaining secured reserves and resulting
(Step 4) 3. Verify if the quarry is classified compliant to the Health, Safety and
production lifetime for cement and
as high biodiversity importance aggregates sites, the related action plans Environment (HSE) Internally Generated
IMPACT Waste standard. (Step 4)
according to criteria for biodiversity must be developed and reported in the
- Operational disruption importance category (BIC 1 and 2). financial certification package. (Step 1) • Restoration / rehabilitation work
If yes, annual review of Biodiversity • A restoration/rehabilitation plan contracts must be reviewed on
Management Plan (BMP) by an for each quarry operation must regulatory aspects by Legal expert prior
be developed according to Group to signing and are copied to finance for
expert to ensure that actions being
requirements and in line with the filing. (Step 4)
implemented properly address
intended long-term development Link to: Finance Policy, Raw Material
the site biodiversity issues. Verify
of the quarry site, specifying the Resources and Reserves Reporting
Biodiversity Index (BIRS) is magnitude and schedule of restoration/
established for all quarries. Annual Standard, Aggregates Reserves
rehabilitation work. The plan and its Management (ARM), Criteria for
4. Review and validation by legal supporting documents are available biodiversity importance category (BIC
of contracts relating to the from both land & quarry management 1 and 2), Quarry Rehabilitation and
and finance. (Step 2) Biodiversity Directive, Health, Safety &
rehabilitation / restoration work prior
to signing. Upon Request • The cost of restoration/rehabilitation Environment (HSE) Internally Generated
work, based on local historical data or Waste standard, Lease Directive and
estimates given by recognized specialists, Capex Directive
HARP references: 4.10.2 Site Restoration Costs, 6.6.5.3 Raw Material Reserves / 6.6.5.2 Raw Material Resources
• The life (but only for AGG) is defined by 60.6.5.05 Reserves Life [yrs]
• Accounting is specified in: 4.10.3 Amortization of Raw Material Reserves and 4.10.2 Site Restoration
• Capex classification defines how to report the purchase: 3.1.8.2 Classification of CAPEX
• 4.2.1 Accounting for Leases under IFRS 16 - defines specific exemptions related to reserves, when we
rent the land
• 3.2.1.2.28 Depreciation and Amortization of Long-Term Operating Assets - defines depreciation of raw
material reserves and capitalized mining concessions

18 Classification and depreciation
FIXED ASSETS
of fixed assets
Ensure the proper recognition
• Assets are properly classified. Refer recorded actual finish date. Any journal
and classification of fixed assets 1. Approval by the appropriate finance to HARP 3.1.1.2.4 Property, Plant entries made are reviewed to ensure
in the financial statements person to capitalize an expenditure and Equipment (PPE), HARP 4.4 proper classification and approved.
Capitalization, Accounting and HARP 3.1.1.2.4 Property, Plant and
according to the HARP classifications
Valuation of Assets and HARP 4.2 Equipment (PPE). (Step 2)
and assign the proper life and Accounting for Leases. Lease Directive
RISK • Accelerated depreciation of an asset
- I naccurate or fraudulent recording depreciation methods. Quarterly and CAPEX Directive. (Step 1) might be required if a tangible asset
of fixed assets (Step 2, 3) 2. Quarterly approval by the appropriate • Depreciation schedules required for becomes obsolete, is replaced earlier
-N on-adherence to accounting finance person of the Construction different purposes are maintained. Refer than expected, or cannot be used
and reporting requirements and in Progress accounts to ensure that to HARP 3.2.3.5 Ordinary Depreciation anymore as a result of newly introduced
standards (Step 1) and Amortization and HARP 4.4.4 stringent environmental measures.
only active projects are included (i.e.
- I naccurate or fraudulent closing Useful Lives of Property, Plant and (Step 3)
entries (incl. judgemental non viable projects are written off
Equipment. (Step 1) • Once assets are identified as unused,
assumptions and estimates) and completed projects are moved
to Property, Plant and Equipment). • For mineral reserves, refer to HARP mothballed or idle, the depreciation and
(Step 3)
3.1.1.2.4 Property, Plant and Equipment the assumptions should be supported
Quarterly (PPE) (section 3 Land and Mineral by adequate documentation and
IMPACT
- Errors in financials 3. Approval by the CFO (or designee) of Reserves). (Step 1) properly approved by the CFO (or
- Financial losses the write-off of all unused, mothballed • Capitalization of the expenditure and designee). Unused, mothballed and idle
and idle assets and/or change of the timely initiation of depreciation assets that have been written-off are
supported by adequate documentation
depreciation method used. Upon are reviewed and approved by the
appropriate Finance person. Journal and are approved by the CFO, as well
Request as change of depreciation method (incl.
entries, if needed, have attached the
supporting calculation and are signed Reduction of useful life). Refer to HARP
off by the the appropriate Finance G 002-13 Mothballing in HARP 3.1.1.2.4
person. (Step 1) Property, Plant and Equipment (PPE)
(section 2.10 Idle Assets). (Step 3)
• The person responsible for Construction
in Progress (CIP) reviews the status of •G
roup Sustainability targets which might
all Construction in Progress to check trigger additional investment in proven
whether assets, with a value deemed technologies resulting in certain assets
recoverable, are ready for use. Any being idle or obsolete in a shorter period
change related to the project and than the original estimated useful life
the use of the asset should be taken of the assets. This should be reviewed
into account in the assessment of the carefully with the Regional CFO and
irrecoverability of the asset value.Based accelerated depreciation might have to
on this review, finance staff responsible be accounted for. (Step 3)
for Property, Plant and Equipment Link to: Finance Policy, Lease Directive,
(PPE) reclassifies Construction in Capex Directive and Annual ARC
Progress to fixed assets and initiates impairment model and impairment
depreciation within 30 days of the testing guidelines

19 Physical verification
of fixed assets Revenue
Perform periodic verification of
the fixed assets to ensure the
1. Completion of a physical inventory
accuracy and completeness of fixed assets is performed at
of the balances in the financial least once every three years with
statements counts documented and differences
identified and adjusted after
approval by the CFO. Annual
RISK
- I naccurate or fraudulent recording
of fixed assets (Step 1)
-N on-adherence to accounting
and reporting requirements and
standards (Step 1)
IMPACT
- Financial losses
- Fraud
REQUIREMENTS
•R
egular physical inventories of assets the root cause and any adjustments
are performed on a rolling basis (at needed are approved by the CFO then
least once every three years) and recorded. (Step 1)
differences in floor to list and list to floor
comparisons are identified. Material Link to: Finance Policy
differences are investigated to identify

20 Management of customer
REVENUE
and material master data
Ensure only authorized
• Before adding a new customer in all required information is completed.
personnel can create, modify 1. Countries identify if there is a need countries designated as having a Regional specificities to be aligned
and delete customer and for screening for any new customer sanctions risk (see Legal & Compliance with Regional Internal Control Director.
to validate they are not designated intranet portal/sanctions), obtain (Step 2)
material master data
as having a sanctions risks. When a sanctions screen (or exemption)
from local or regional compliance • For existing customers, changes to bank
required, a sanctions screening is and/or Sanctions Board Approval, information in the customer master data
RISK performed and documented locally. must only be done post execution of
when required. Sanctioned entities
-T ransaction with sanctioned Upon Request the callback process, of which must be
or individuals cannot be added to the
parties (Step 1) documented with a post confirmation
2. Changes to customer master data customer master data. There should
-F ailure in customer master data via email that the verification call took
are based on approved requests and be an ongoing sanctions screening as
creation or maintenance place. (Step 2)
defined in the Sanctions and Export
(Step 2, 3, 4) performed by an authorized user only.
Controls Directive: systematically as • Quarterly, a master data change report
- Money laundering (Step 2) Quarterly review and sign-off by the defined in Symfact and at transaction
-F ailure in material master data manager responsible for changes to is run of all creations, modifications and
level considering the defined deletions to ensure that all the changes
creation or maintenance customer master data for a minimum transactions in scope. (Step 1) were duly approved and performed
(Step 3, 4, 5)
-U nauthorized access, disclosure,
25 random samples to ensure such by authorized users. If any exceptions
• The addition of a new material and
modification, damage or loss of changes were based on approved are found, they are documented and
subsequent changes require approval
data (Step 6) requests and performed by an based on a predefined approval reported immediately for investigation.
authorized user. Quarterly process or framework with appropriate Corrective actions are documented
IMPACT and tracked. All exceptions are closed
- Compliance 3. Annually extract a list of inactive supporting documentation. A check is
performed to confirm that all required within the locally defined timeframe. As
- Reputational damages customers and ensure they are blocked / minimum, in SAP the following fields
deactivated. Exceptions, if any, are information is completed. (Step 2)
- Financial losses for customer master data should be
- Fraud documented and approved by the • The addition of a new customer and considered as critical: Customer name,
responsible, identified locally. Annual subsequent changes require approval Value Added Tax (VAT), Bank details
4. Quarterly verification and sign-off by based on a predefined process with (as defined above), reconciliation
appropriate supporting documentation. account, account assignment group,
the responsible manager to ensure
As a minimum, a document supporting payment terms, tolerance group and
only users from customer Master Data the identify of the customer is for material master data: account
Management function have access required. One of these examples assignment group, valuation class,
to change customer master data. suffice: Certificate of incorporation or price control. Other fields can be added
Quarterly registration, Extract from commercial locally above the minimum. (Step 2, 5)
5. Changes to material master data are register, Business license, Tax
certificate, DUNS certificate, National • Customer records should be reviewed
based on approved requests and on an annual basis for activity and any
ID for individuals. Bank documentation
performed by an authorized user only. is highly recommended for inclusion record with no activity for a long period
Quarterly review and sign-off by the of a customer in the customer (18 months) should be deactivated, with
manager responsible for changes to master data but not mandatory, at a the exception of Solutions & Products’
material master data for a minimum minimum its required when a refund or customers (warranty program). (Step 3)
25 random samples to ensure such subsequent change to bank record is to • Changes to customer and material
changes were based on approved be processed. One of these examples master data directly in SAP should only
suffice: RIB; IBAN; bank letter of
requests and performed by an be performed by SCs.(SAP only and
confirmation or bank statement, a copy whenever possible). (Step 4, 6)
authorized user. Quarterly of cancelled check or other acceptable
6. Quarterly verification and sign-off by documentation that establishes the Link to: Sanctions and Export Controls
the responsible manager to ensure customer identity to the bank details. Directive and Sanctions and Export
only users from material Master Data A check is performed to confirm that Controls Resource Center
Management function have access to
change material master data. Quarterly

21 Price
REVENUE
management
Prevent unauthorized changes
• All price determination processes are • Exceptions to standard discounts/
to prices, discounts or rebates 1. Approval per the delegation of defined in a written pricing policy and rebates are specified in accordance
authority of standard prices, discounts formalized in sales contracts and/or with the company’s policy and are
sales orders, compliant with legal authorized by the designated approver.
RISK and rebates, price changes and
requirements as well as fair competition (Step 1)
-L
ack of commercial strategy and exceptions to standard discounts or and anti-bribery and corruption laws • All employees must comply with the
pricing policy (Step 1) rebates are reviewed and documented. and regulations. A price list of all Commercial Documentation Directive to
-U
nauthorized commercial Upon Request products and services are set by pricing, ensure all pricing decisions, competitor
commitments and conditions sales and marketing, taking into account
(Step 1, 2, 3)
2. Quarterly verification and sign-off by contacts and sources of market
different pricing aspects as per pricing information are properly documented
the responsible manager to ensure policy, including other providers (e.g.
IMPACT only users from commercial function (MCS 02). (Step 1)
transporters, applicators). A complete
- Errors in financials as per delegation of authority / • Price changes are properly approved,
list, including effective dates, is
- Financial losses accurately reflected in the system and
approved business service center users communicated to the team responsible
- Fraud exception reports are leveraged and
have access to change pricing data. for updating the list in the system.
No backdating of effective prices is reviewed before the sale. Corrective
Quarterly actions are duly closed within the
allowed. (Step 1)
3. Quarterly pricing master data change process of the company’s policy and
• Standard discount and rebate structures documented. (Step 1, 2)
report (including pricing condition are defined for different categories of
modifications) is reviewed and signed- customers. Each discount or rebate • Pricing master data change report
off by the responsible manager. type is documented in the company’s available at each region/country is
Unauthorized change to the master policy with specific objectives, clear reviewed. (Step 3)
data is investigated and corrective rules of application that were approved Link to: Anti-Bribery and Corruption
actions taken. Quarterly by management and supported by local Policy, Fair Competition Directive and
legal/compliance. No backdating of Commercial Documentation Directive
discounts and rebates schemes allowed.
(Step 1)

22 Control of customer
23 Matching of sales orders,
REVENUE
credit limits shipments and invoices
PRIMARY OBJECTIVE PRIMARY OBJECTIVE CONTROL & FREQUENCY
CONTROL & FREQUENCY
Grant prior authorization for Match and reconcile sales
customers exceeding their 1. Prior to shipment, ensure there orders, shipments and invoices 1. Monthly reconciliation of quantities
credit limit is an automated or manual check to ensure proper revenue and correction of any differences
to prevent shipment/ delivery to recognition identified in the matching of sales
customers exceeding credit limit order, invoices and shipments,
RISK (credit block). Approval as per including deviations from weighbridge
-U
nauthorized commercial RISK tolerances, to ensure that all deliveries
the local delegation of authority is
commitments and conditions (Step 1) - Unauthorized or erroneous sales
required to change customer credit are invoiced. Monthly
-P
oor credit and risk management orders and/or shipments
process resulting in increased bad limit. Upon Request (Step 1, 3, 4) 2. Weekly (or in line with the locally
debt (Step 1) 2. Letters of credit/guarantees or - Unauthorized commercial defined frequency of customers’
-T
ransaction with sanctioned note acceptance by banks not in commitments and conditions invoicing) reconciliation by the billing
parties (Step 2) (Step 1, 2, 3, 4) team of unbilled items and resolution
the Holcim Bank list are sanction
- Inaccurate or fraudulent revenue
IMPACT screened and approved by Country within a week. Upon change
recognition (Step 1, 2, 3, 4)
- Compliance CFO before the release of the goods/ 3. Monthly verification and approval by
- Financial losses services. Upon Request IMPACT
finance of any sales accrual needed at
- Fraud - Errors in financials
- Financial losses
month-end based on unbilled items.
- Fraud Monthly
REQUIREMENTS 4. Open sales orders with a planned
•C
redit line to a single customer • The individual order is released delivery date in the past (not shipped/
(legal entity level) to be approved in following a documented effective invoiced) are reviewed monthly and
accordance with the Group Delegated approval process to avoid unnecessary resolved on a timely basis. Monthly
Authorities (GDA). In case the sale is disruption.
covered by a security delivered by a • All invoices, deliveries, credit notes and
third party (letter of credit, stand by orders are computed to calculate the
letter of credit or a first demand bank customer balance and to compare it
guarantee) the amount secured shall against their credit limit.
be deducted from the risk exposure
only if the security is on first demand • Any practice of bypassing a hold on
(confirmed LC/stand by LC/first customer shipments (manual shipment,
demand guarantee, etc.) and issued by fictive cash customer account, etc.) are
a first class bank accepted by Group restricted and tracked by exception
Treasury. Only in this case, the credit reports. Corrective actions are duly
limit/line will be submitted for approval closed within the process of company’s
based on the net risk exposure after policy and documented.
deduction of the security. (Step 1) • If applicable, all letters of credit/
•C
redit limit checks must take place for guarantees or note acceptance are
all sales orders. Orders exceeding a issued/confirmed by a bank part of the
customer’s credit limit are managed and Holcim Bank List before the release of
approved according to an appropriate the goods/services. The acceptance of
procedure and local delegation of banks not part of the Holcim Bank List
authority (DoA). (Step 1) is subject to sanction screening and
Country CFO approval. (Step 2)
No shipments are allowed when customers
exceed their credit limit until: (Step 1) Link to: Group Delegated Authorities,
Finance Policy, First class bank accepted
•A
n increased credit limit has been by the Holcim Group and Sanctions and
properly approved by delegation of Export Controls Directive
authority and updated in the system.

23 Matching of sales orders,
24 Accounts receivable
REVENUE
shipments and invoices valuation
•A
ll sales orders, shipments and invoices approved parameters in the system Ensure receivable balances are
are recorded in the applications. (Step 1) from sales order to invoice. (Step 1) reviewed and provisions are 1. Quarterly review and approval by
• There is a pre-defined tolerance • SAP: All orders shall be processed via recorded on a quarterly basis the designated finance person of the
threshold at the weighbridge for SD including any discounts and rebates, provision for bad debt. Quarterly
dispatched goods. at least annually, i.e. no direct FI bookings. (Step 1)
weighbridges and measurement RISK 2. At minimum, quarterly monitoring by
• There is, at least at month end, a
equipment are re-calibrated as per local - Unauthorized or erroneous sales the Credit Committee of the doubtful
follow-up on unbilled items. The report
regulations. (Step 1) of unbilled items is reviewed weekly (or orders and/or shipments account balances. Quarterly
•A
ccuracy of amounts invoiced are in line with the locally defined frequency (Step 1, 2) 3. Recording of write-off approved by
checked when manually calculated, of customers’ invoicing) by the billing - Poor credit and risk management
process resulting in increased bad
the Credit Committee according to
or are accurately calculated by the team and all the unbilled items are the Delegation of authority (DoA).
application system using standard billed within one week from the date debt (Step 1, 2, 3)
- Inaccurate or fraudulent revenue Upon Request
programed algorithms and established they first appear in the unbilled report
terms of sales (unit price, discount and and within the same reporting month recognition (Step 1, 2, 3)
rebates rate). (Step 1) as the delivery. Every month end, the IMPACT
• Invoices/billing (e.g. quantities, price, sales manager receives the information, - Errors in financials
discount, rebates, product, customer documenting any follow-up action. - Financial losses
data) are matched with sales orders, Finance verifies and approves the need - Fraud
quantities shipped and customer master for a possible adjustment entry (e.g.
file information. An automated match sales accrual) at the end of the month,
based on the unbilled items. (Step 2, 3) REQUIREMENTS
is performed between the invoice and
order (including all necessary data). • Rules for closure of open sales orders The bad-debt provision must consider • The Credit Committee meetings are
(Step 1) with delivery date in the past must be the risk of debt recoverability at the end held regularly (at least quarterly)
•A
ny differences are investigated and defined locally in accordance to the of the reporting period every quarter: to monitor the doubtful accounts
related adjustments are approved and sales terms and conditions, but should (Step 1, 2) receivable balances.
documented (e.g. returns, redispatch, be resolved at a minimum half yearly.
• Quarterly reconciliation of trade Review over specific Accounts
interco mismatch, cut-off). In addition, (Step 4)
balances with the customers must Receivables which indicates
any discounts and taxes match the take place, and documentation kept uncollectibility is considered for write-off.
to demonstrate effort to collect the Uncollectibility is evidenced by significant
receivables (formal dunning process and difficulty of debtor, a high probability of
exchanges with the trading partner). bankruptcy or other situations as defined
• The assessment of the bad debt in Holcim Accounting and Reporting
provision is estimated using an Principles (HARP). (Step 3)
expected credit loss model (ECL). The • Write-offs are determined by the Credit
provision is based on a forward-looking Committee on the basis of appropriate
ECL, which includes possible default supporting documents
events on the trade accounts receivable • Write-offs for amount above a locally
over the entire holding period of the defined thresholds approved by the
receivable. This method is applicable for Country CFO.
all financial receivables including trade
accounts receivables, prepaid expenses • If receivables are collected after being
and other current assets (IFRS 9). written off, the amounts collected
should be directly credited on the
• Any change is clearly documented and company bank account and the
justifiable by the Country. information provided to Accounts
• Provisions are reviewed and approved Receivable department.
by the appropriate Country finance
person and recorded by the designated Link to: Group Delegated Authorities,
department. Finance Policy and HARP 3.1.1.1.5
Accounts Receivable Trade

Human Resources

25 Execution of onboarding,
HUMAN RESOURCES
offboarding, master data
management and transfers of workers
Ensure onboarding,
• Employment contracts or hiring - User termination process is agreed
offboarding and worker 1. Signing, by the employee and the documentation exist for all employees between the Human Resources /
transfer processes, including company, of employment contracts and are signed, as per Group Delegated Business and the IT function - Human
or hiring documentation for all Authorities (GDA) or delegation Resources / Business notifies IT on or
employee master data
employees, including a Compliance of authority (DoA). Employment before the last working day of the user
management, exist and cover contracts (if applicable by law) or hiring who is leaving the company (e.g. end
Reference Check for Senior Leaders
payroll changes, recovery documentation with all new employees of contract, resigned, terminated etc.)
Group or Country Executive Committee refer to the Code of Business Conduct requesting termination of access from
of assets, system access positions. Upon Request (CoBC) and indicate that disciplinary all IT systems.
termination and comply with measures can be taken on the ground
2. Notification to IT by Human Resources - Where the termination process is not
legal regulations or the business to request termination of this document in case of a breach. automated, a notification is received
For all new appointments to a Senior back from IT in a timely manner
of access from all systems before the
Leaders Group (SLG) or Country confirming that all IT system access
RISK last working day of user leaving the Executive Committee position, the is terminated (within 5 working days
-L
ack or ineffective HR company. Confirmation by the Human appointing manager must request a from the requested date).
management process (for example Resources that all assets were recovered Compliance Reference Check from the
onboard, offboarding, worker from terminated employees and relevant Region Compliance Officer • All employee departures follow a strict
transfer process) (Step 1, 2, 3) (or delegate) and for Group level written procedure ensuring that all legal
employee system was deactivated prior requirements have been respected
-F
ailure in employee master data to final payroll payments. Upon Request appointments from Group Compliance.
creation or maintenance (Step 4) (Step 1) (in particular in case of lay-off) and
-U
nauthorized access, disclosure, 3. Quarterly verification by Human all payroll related payments have
• A process is in place for Human been made to the employee, once all
modification, damage or loss of Resources and cost centers responsible Resources (HR) administration to company assets have been retrieved
data (Step 5, 6) that the headcount report is accurate be informed of all moves of both (only applicable if in compliance with
IMPACT (only own active employees, proper employees and temporary workers local labor legislation). (Step 2)
- Compliance coding and classification). Quarterly paid through payroll in a timely manner,
including on-boarding, off-boarding and • At least quarterly, employee headcount
- Reputational damages 4. Quarterly review and sign-off by the is reviewed and validated for accuracy
- Errors in financials changes of position. (Step 2)
control owner for changes to employee between Human Resources and cost
- Financial losses • For people changing positions or center responsibles, to ensure that:
master data for a minimum 25 random
- Fraud leaving the company, there is a 1) all own employees on the payroll
samples to ensure such changes were process to monitor the recovery are actively employed as per the latest
based on approved requests and of all company assets by notifying contractual situation, 2) employment
performed by an authorized user. relevant departments of the change status (i.e. active, leave, etc.) and the
Quarterly and obtaining confirmation that classification of employee is accurate,
the assets were recovered. This and 3) the payee is coded to the correct
5. Monthly validation of the employee includes a confirmation from the IT
movements (hire, transfer and departure) cost center. Any discrepancies found
Department that the employee access is should be resolved within 30 days.
recorded in the Employee Master Data deactivated. (Step 2) (Step 3)
and check the data consistency between
employee data in the local system and
SuccessFactors master data. Monthly
6. Quarterly verification and sign-off
by the control owner to ensure only
authorized users from the Human
Resources department have access
For countries using systems other than to manage employee master data in
SuccessFactors for employee master data SuccessFactors and employee data in
management, equivalent requirements and the local system. Quarterly
controls (Steps 4, 5 and 6) must be in place.

25 Execution of onboarding,
26 Payroll
HUMAN RESOURCES
offboarding, master data
management and transfers of workers
Review, validate and reconcile
REQUIREMENTS
payroll before and after 1. Monthly payroll approval by Payroll
Human Resources System Master Data they are documented and reported processing every month Team for reasonableness and data
Management: immediately for investigation by the accuracy prior to processing. Monthly
•A
fter the go-live in SuccessFactors, an Group HRIS team. Corrective actions
are documented and tracked. All RISK 2. Reconciliation by Payroll Team of
Employee Master management process
that defines roles, responsibilities and exceptions are closed within the next - Non compliance with local HR laws total payments to the payroll journal
rules for employee data management two weeks. (Step 4) and regulations (Step 1, 2, 3) after payroll processing. Monthly
must be in place and reviewed quarterly • At least monthly, the entity’s Human - Error in payroll process or
3. Approval by the cost center
to ensure quality, security, and Resources team must reconcile the unauthorized employee benefit
(Step 1, 2, 3) responsible that the employee being
compliance. All new hires and existing employee data between SuccesFactors
charged to their department are
employees must have complete records and the local payroll system to ensure IMPACT
in SuccessFactors as per the following data consistency (procedure). The correct. Half year
critical and mandatory fields. The hiring employee movements (hire, transfers - Financial losses
process should be enriched and has to and departure) are reviewed to ensure
be as automated as possible to fulfill the that they are recorded correctly in
requirement of this step. (Step 4) both systems. Discrepancies are to be
corrected within 30 days. (Step 5) REQUIREMENTS
•A
dding or changing a new employee
data requires appropriate approval • Only authorized users from the Human • Approval prior to processing payroll: exception reports to identify unusual
based on an employee change request Resources department have access (Step 1) amounts e.g. negative value check,
with supporting documentation. to manage employee master data in zero value check, significant increase
Each HR entity must identify the SuccessFactors and employee data - Balancing routine control: For manual
and mass uploading imports, the between two months).
mandatory supporting documentation in the local system for employee data
as per local regulations. A check is management (procedure). (Step 6) payroll manager should perform data • Reconciliation after processing payroll:
performed to confirm that all required accuracy controls (e.g. verify that the For each payroll, the total payment
For countries using systems other input of total hours worked received
information is completed and accurate. than SuccessFactors for employee issued (treasury account) is reconciled
Changes to Employee Master Data in from the manager matches with the with the payroll journal in order to check
master data management, equivalent total hours worked indicated in the
SuccessFactors must be processed requirements and controls (Steps 4, 5 that amount paid to employees matches
according to the standard Group HR payroll system; verify that the total with the amount calculated by payroll
and 6) must be in place. amount of bonus received from Human
definitions (Employee Data Governance department. (Step 2)
and Global People Data Management Link to: Group Delegated Authorities, Resources matches with the total
Guidelines) and as per the global and Human Resources Policy, Compliance amount in the payroll system). In case •A
t least every six months (e.g. during
regional procedures across the life cycle Negative Reference Check procedure, of Payroll system integration with any salary and bonus review and Budget,
changes of an employee (e.g. hire, job HARP 6.11.1.01 Personnel [FTE], other system, interface should ensure MTP or Forecast cycles), or more
change, termination, etc.). (Step 4) SuccessFactors Critical and Mandatory data approval from the source. frequently if risk is identified as high, cost
Fields, Employee Data Governance - When bonus or any other payout is center responsible must validate that
•Q
uarterly, an employee master data the own employee cost being charged
change report is run of all creations, Guideline,Global People Data processed (with or without payroll),
Management Guidelines, MCS 25.5 Data secondary approval should be to their department is correct (total
modifications and deletions to employee cost). High risk countries
ensure that authorized users duly Consistency Manual, MCS 25.6 Manual, performed to ensure accuracy of
SuccessFactors Security Roles and payout, both at individual and total are identified by the Regional Human
approved and performed all the Resources Director in coordination with
changes. If any exceptions are found, SuccessFactors Security Template amount to be paid.
the Regional Internal Control responsible.
- Analytical review comparing one Any discrepancies found should be
month to another justifying variance (if resolved within 30 days. (Step 3)
any) is performed before bank transfer
(analytical review covers payroll Link to: Human Resources Policy

27 Compliance with payroll
28 Employee pension
HUMAN RESOURCES
and local labor laws and benefit plans
PRIMARY OBJECTIVE CONTROL & FREQUENCY PRIMARY OBJECTIVE CONTROL & FREQUENCY
Ensure payroll and employment Ensure employee pensions and
practices are compliant with 1. Annual review and assessment by post-employment benefit plans 1. Any new plans, amendment or
local labor laws. Work permits Human Resources of key payroll, are defined according to Group de-risking project of current
and work contracts are in place, employment practices, employee policies and local labor laws plans must be communicated by
checked, and up-to-date at all liability and laws to ensure compliance. with proper calculation and the sponsor (local company) to
times In case of non compliance, notification recording Pension and Benefits Governance
to finance, legal and compliance Team and approved as per Group
to assess any financial impact / Delegated Authorities following
RISK provisions /disclosure. Annual RISK recommendation of the Pension
-N
on compliance with local HR laws - Error in payroll process or and Benefits Governance Team.
2. Employee data in the local system are
and regulations (Step 1, 2, 3) unauthorized employee benefit
timely updated in the event of a change. Annually, Pensions and Benefits team
-E
rror in payroll process or (Step 1, 2)
unauthorized employee benefit Upon Change - Pension fund insufficiently
to update the list of all pensions and
(Step 1, 2) capitalized, mismanaged or post-employment benefit plans and
3. Quarterly review, follow up and closure
with insufficient transparency validate with Group Pension and
IMPACT of open compliance actions related
regarding future obligations Benefits Governance Team that they
- Reputational damages to local labor laws and regulations.
(Step 1, 2) are managed in line with the Group
- Financial losses Quarterly
IMPACT
Pension & Benefits Directives. Annual
- Errors in financials 2. Twice per year, CFO (or designee)
- Financial losses should ensure that pensions and
REQUIREMENTS post-employment benefit plans are
•T
he Human Resources (HR) department • Employee data in the local system is correctly valued within the due date
should have an updated information / maintained up to date. Changes are and according to the requirement
checklist (of applicable local labor laws timely updated in the employee files / and scope communicated in the
and regulation). Annual assessment master data upon notification. (Step 2) Group Accounting, Reporting and
should be performed to ensure Consolidation pension instructions.
compliance. Any identified gaps are • Actions related to any non compliance
are recorded and followed up quarterly CFO (or designee) should provide a
reported, and followed up for timely
action. In case of non-compliance with to ensure they are timely closed. (Step 3) sign-off for the actuarial results, at
the local regulation, a risk analysis least annually, in the Group actuary
Link to: Human Resources Policy
is performed and communicated to tool (RA tool) and ensure that inputs
the Finance, Legal and Compliance and outputs are correct and proper
departments to determine the potential accounting entries are booked. A
needs for provisions, disclosures or reconciliation of the actuarial data
actions to achieve compliance. (Step 1)
is performed by CFO (or designee),
with the support of the Group actuary,
between the Group actuary tool and
the consolidation tool. Half year

28 Employee pension
and benefit plans Expenditure
REQUIREMENTS
The Group Pension & Benefits Directive information related to benefit plans
defines the scope and objective together together with actuarial report. The CFO
with the rules for managing the plans. (or designee) should review and sign-
Group Accounting, Reporting and off the results and accounting entries.
Consolidation (ARC) issues detailed CFO (or designee) should have control
instructions for reporting of post- over inputs (mainly employee data),
employment defined benefits plan. and then outputs (analytic review of
(Step 1, 2) the main parameter and final results) in
addition to the control performed over
•S
ection 4.1 of the Directive sets the the assets valuation.
rules for design of pension plans and
other post-employment benefits which • The Group oversees the management
should be in accordance with the local of its pension plans through the Pension
regulations and market practices. and Benefits Governance Team (PBGT).
This interdisciplinary team including
•A
pproval rules to be followed for finance, human resources and legal
defined in section 4 for each activity specialists acts as a center of expertise
(e.g. closing and freezing pension in all issues relating to pension and
plans, de-risking liability management, other post employment benefits and
de-risking investment strategy, makes recommendations to Group
employer funding contribution etc.). management. The Sponsor (local
•R
eporting for post-employment company) has to inform the Pension
defined benefit plans should follow and Benefits Governance Team of any
the process as per instructions from project of new plans or amendment of
Group Accounting, Reporting and current plans and request approval as
Consolidation. Actuarial methods and per Group Delegated Authorities (GDA).
assumptions to be used should be Link to: Group Delegated Authorities,
aligned with the instructions. Human Resources Policy, Finance Policy,
•R
eporting should be updated in AON Pension and Benefits Directive, HARP
tool - RA (Risk Analyzer) as per the 4.5.2.5 Post Employment Benefits and
instructions for the relevant plans. AON tool RA (Risk Analyzer) User Guide
The local actuary should upload the

29 Management of supplier
EXPENDITURE
master data
Ensure only authorized
• A supplier master data management name or bank statement. Any other
personnel create, modify and 1. Changes to supplier master data are process that defines roles, mechanism for supporting documents
delete financially relevant performed by an authorized user responsibilities and rules is in place and for bank changes must be approved
and based on an approved request. reviewed when required. (Step 1, 3) by the Group Internal Control with
vendor data
the agreement of Group Treasury
Quarterly review and sign-off by the • Duplicate check is performed before and Group Compliance. A check is
manager responsible for changes to a new record is created. Duplicate performed to confirm that all required
RISK supplier master data for a minimum records are not permitted. Each entity information and documents are
- Failure in vendor masterfile should formally define its mandatory
25 random samples to ensure such complete. (Step 1)
maintenance: error, fraud, and critical fields in SAP/Local ERP,
duplicate, etc. (Step 1, 2, 3)
changes were based on approved
in line with the legal and business • Quarterly, a master data change report
-U nauthorized access, disclosure, requests and performed by an
requirements. The list should include is run of all creations and modifications
modification, damage or loss of authorized user. Quarterly as minimum legal name, bank details, to ensure that all the transactions were
data (Step 1, 3) 2. Annually the master data quality incoterms, reconciliation account performed by authorized users based
check is performed and duplicate, (General Ledger) and control data on approved requests and documents.
IMPACT
(Goods Receipt-based invoice (Step 1)
- Compliance inconsistent and inactive supplier
verification).Other fields can be locally
- Financial losses accounts are blocked/deactivated. added above the minimum. (Step 1) • If any exceptions are found, they are
- Fraud No exceptions are permitted. Annual documented and reported immediately
• The addition of a new supplier requires for investigation. Corrective action is
3. Quarterly verification and sign-off by
appropriate supporting documentation. documented and tracked. All exceptions
the responsible manager to ensure A check is performed to confirm that all are closed in a timely manner (locally
only users from MDM function have required information and documents defined). (Step 1)
access to change supplier master data. are complete. (Step 1)
Quarterly •S
upplier records are to be reviewed
• For existing vendors, changes to bank on an annual basis for data quality
account details must only be done post (duplicate check, tax code check, bank
execution of the callback process using account check, mismatch in the supplier
the registered contact information and bank account country and inactive
in the master data. The call must be suppliers for more than 18 months) and
documented with a post confirmation are deactivated or blocked for payment
via email. The changes are supported and purchase with the exception of
by appropriate approval based on Solutions & Products’ suppliers (warranty
supporting documentation. In addition program). Suppliers identified as part
to the supplier request for change, of the procurement supplier reduction
any one of the following supporting strategies are to be deactivated and
documentation are accepted: RIB; flagged for deletion. (Step 2)
IBAN; bank letter of confirmation,
cancelled cheque with printed vendor Link to: Procurement Policy

30 Supplier qualification
EXPENDITURE
and claim management
Screen and qualify suppliers
• There are clear rules based on of the supplier); Technical (goods
before their addition to the 1. Screening of potential suppliers by purchasing categories to identify and services as defined by category
supplier master data and Procurement (or designee) based on vendors that are required to go through teams) and Management & Tracking
the criteria required by Procurement, a qualification process. Qualification to on-going performance evaluation
manage supplier performance
is performed in line with the Code of linked to a Claim Management and
Sustainability, and Compliance
Business Conduct for Suppliers, Data Consequence Management processes.
including Sanctions and Third Party Universal Numbering System (DUNS) (Step 1, 2)
RISK Due Diligence, must occur prior to requirements, and certification such
- I neffective or unethical vendor • In case of poor supplier performance or
entering into a transaction or adding as International Organization for
selection process (incl. TPDD repeated unsolved claims, the Category
process) (Step 1, 2, 3)
a supplier in the supplier master Standardization (ISOs). (Step 1)
Manager agrees with the supplier on a
-T ransaction with sanctioned data or approved supplier list. Upon
• All service suppliers that represent the corrective action plan; if this corrective
parties (Step 1) Request company to a government agency, action plan is not followed or not
IMPACT 2. Review of supplier performance official or owned-enterprise to be efficient, the supplier is blacklisted.
by Procurement must occur for screened compliant with the Third Party (Step 2)
- Compliance
critical and strategic criteria Due Diligence Directive (TPDD) before
- Reputational damages • During the ongoing qualifications,
inclusion in the supplier master data.
- Financial losses (including suppliers with high ESG (Step 1) supplier performance is periodically
- Fraud impact). Suppliers not meeting assessed for at least critical and
the requirements are flagged as • Before adding a new supplier in strategic criteria (including suppliers
“disqualified” or “conditionally countries designated as having a with high Environmental, social,
sanctions risk (Legal & Compliance and governance (ESG) impact) and
approved” until action plans are
intranet portal/sanctions), obtain a any supplier that does not meet
completed, or the supplier is sanctions screen (or exemption) from the requirements must be flagged
blacklisted if there are ongoing local or regional compliance. Sanctioned as disqualified and consequent
issues. Annual entities or individuals cannot be added management applied (ex. replacement).
3. Supplier qualification must be to the supplier master data. Sanctions (Step 2, 3)
and Export Controls Directive. (Step 1)
updated at least on annual basis Link to: Code of Business Conduct
for critical and strategic suppliers • Supplier qualification should include for Suppliers, Procurement Policy,
(including suppliers with high ESG the following criteria: Health and Safety, Third Party Due Diligence Directive,
impact). Annual Human Rights and Labor, Bribery and Sanctions and Export Controls Directive,
Corruption, Environment, Climate and Sustainable Procurement Directive,
Nature (as defined in the Sustainable Shipping Directive, Sustainable
Procurement Management Standard Procurement Management Standard
and the Sustainable Procurement and Legal & Compliance intranet portal/
Directive, Commercial (financial health sanctions

31 Three-way match, two-way match
EXPENDITURE
and direct vendor invoices
Reconcile purchase orders,
Purchases using purchase orders: • An exception report (exception to
receipts and invoices 1. Approval in the system by the (Step 1, 2, 3) three-way and two-way match) is
(three-way match) or approve designated approver according to the • Purchasing instruments (purchase distributed regularly for verification and
delegation of authority of all purchase resolution. Only when the exceptions
two-way match or vendor request, purchase orders, framework
orders or contracts) are approved are cleared and properly explained can
direct invoices to clear invoices requisitions or purchase orders
according to country, regional and the payment be made. If discrepancies
for payment (depending on system design). exceed a defined threshold, payment
Group delegations of authority
Upon change requires approval as per delegation of
(involving legal and financial
2. Verification and correction of departments when required) prior to authority. (Step 2, 3)
RISK exceptions by the designated entering into a commitment with the
-F raudulent or incorrect purchase Purchases using vendor direct invoices
responsible (business or supplier. (Step 1) (if applicable) with locally defined
order (Step 1, 2, 3, 4)
- Lack of control (quality and procurement) to the three-way match • Supplier invoices are only cleared for criteria: (Step 4)
quantity) of goods and services report and approval according to the payment after the system automatically • Any vendor direct invoices (SAP FI
received (Step 3) local delegation of authority if the matches the purchase order, receipts invoices) which qualify for payment
exception is above the locally defined and the supplier invoice (three-way without a PO are entered into the
IMPACT match) or purchase order and an system and are sent into a workflow
threshold. Upon change
- Errors in financials approved invoice (two-way match). immediately for review and approval
- Financial losses 3. Approval by the requisitioner or other (Step 1, 2, 3) according to local delegation of
- Fraud designated approver per the local authority (DoA). Vendor direct invoices
delegation of authority of any two- • Discrepancies between the invoice, are discouraged and must be limited.
purchase order (PO) and receipt are Once the responsible employee reviews
way match invoices to confirm that
formally identified and the system the invoice to confirm the amount, that
the amount and workflow are correct blocks the payment process if the the goods or services were received
and goods or services are received. discrepancy exceeds the locally defined and approved, the invoice is cleared for
Upon change threshold. (Defined thresholds must payment.
4. Approval by the designated approver be documented and approved by local
delegation of authority (DoA). (Step 2) Link to: Procurement Policy
per the local delegation of authority
in the system of any vendor direct
invoices to confirm that the amount
and workflow are correct and goods
or services are received. Upon change

32 Payment
EXPENDITURE
processing
Approve payments/cash
• Payments / cash disbursements are Strategic Social Investments, Sponsorship
disbursements in accordance approved according to the local and Group and Donations Directive. (Step 1)
1. Approval according to the Group
with local and Group policies Treasury Directive, Group Delegated
Delegated Authorities and related Authorities (GDA) and local delegation of • All business trips require appropriate
and directives directives, and local delegation of authorization and controls, to be adhered by
authority prior to actual payment. (Step 1)
authority of all payments and cash both the line managers and employees. The
disbursements prior to payment. • Payments related to transactions that local travel policies shall include an approval
RISK did not go through the purchase order system and process in accordance with
-U nauthorized or erroneous Upon Request
(PO) or Direct Invoice (FI) process are Travel and Events policy. (Step 1)
processing of supplier payments 2. Expenditures falling in the Gift, authorized on the basis of appropriate
(Step 1, 2, 3) Hospitalities, Strategic Social supporting documents and according to • Incorrect payments: A process must be
- Corruption and bribery (Step 1, 2) local delegation of authority (DoA) prior in place to prevent incorrect payments
Investments, Sponsorship and (e.g. use of a report to check duplicate
-T ransaction with sanctioned parties to actual payment. Following are the
(Step 1)
Donations, entertainment and payments, stamping invoices as paid when
acceptable list of supporting documents
- Money Laundering (Step 1) travel and expense categories are the payment is issued or other automatic
for manual payment requests: Invoice
identified through the accounting including IBAN / Bank details, Agreement/ system control). (Step 1)
IMPACT system. Payment carried out contract including IBAN / Bank details, •P
ayments made as marketing gifts,
- Compliance
in contradiction to the Gifts, Official document of the local authorities hospitalities, entertainments and travels for
- Errors in financials Hospitality, Entertainment and including IBAN / Bank details, Official online third parties above the threshold defined
Travel or Sponsorship and Donations registry of Bank detail / IBAN verifiers by countries, and for public officials, have
- Financial losses
Directives are rejected. (e.g. tax office, or companies registry). been approved according to rules defined
- Fraud
Where they exist, countries will comply in Gifts, Hospitality, Entertainment and
Upon Request
with local regulations. Bank details must be Travel (GHET) Directive. No reimbursement
3. Monthly review and approval by the authenticated based on a trustworthy and for cash payments made as GHET is made.
designated finance person of the independent (other than the one provided (Step 1, 2)
accounts payable subledger accounts by the requestor) source of information •C
ountry CEOs’ expenses are to be
and the aging report to examine (two-factor authentication). (Step 1) controlled and approved by the Country
unusual balances and take corrective • The payment process ensures that distinct CFO. If not approved directly in the ERP, the
actions. Monthly persons are in charge of the following tasks: offline (email) approval has to be attached in
1) approval for payment (persons signing the local approval system. (Step 2)
the check or issuing payment by bank • In connection with the month-end
transfer) and 2) accounting (preparation closing, the accounts payable subledger
of bank journal entries). Disbursements is reviewed to examine unusual balances
should be processed by a member of staff (e.g. old balance, debit amount, incorrect
independent from the receipt or matching currency rate etc.). Debit balances within
of invoice process. (Step 1) the Accounts Payable (A/P) subledger are
reviewed and justification is checked for
• Payments to suppliers that represent the (e.g. credit notes, advance payments). The
company to government agencies, officials follow-up actions are described and are
or owned-enterprises have been approved monitored in the following month. (Step 3)
under the Third Party Due Diligence
Directive (TPDD) before payment can be Link to: Group Delegated Authorities,
made. (Step 1) Travel and Events Policy, Third Party
Due Diligence Directive, Treasury
• Sponsorship and donation payments or Directive, Strategic Social Investment,
any payment made directly or indirectly Sponsorship and Donations Directive,
to public official without expecting any Gifts, Hospitality, Entertainment and
consideration in return must be reviewed Travel (GHET) Directive, Capex Directive
by Compliance and authorized according and HARP 3.2.1.2.25 Other Cost Center
to local delegation of authority (DoA), the Expenses
Group Delegated Authorities (GDA) and the

33 Accrual for expenditures
EXPENDITURE
not invoiced
Ensure that all accruals for
• There should be a process to review • For direct purchases (FI Invoice), the
expenditures are properly 1. All goods receipts (GR) and services open purchase orders to detect responsible department should inform
recorded in financial statements receipt (SR) should be recorded unrecorded goods and services the accounting department before
before the month end by the received. Open purchase orders for month-end for the invoice not received
in the correct period
responsible locations. Purchasing which the delivery date has passed / recorded. The accounting department
should be monitored and purchase reviews the invoices that are missing
manager (or designated) should orders with open quantities that are no to determine which expenses should
RISK verify that there are no unrecorded longer needed are closed. (Step 1) be accrued for proper cut-off. The
- I naccurate or fraudulent recording goods receipts or service receipt completeness of the accrual of rendered
of expenditure and accruals • All goods receipts or services rendered
(Step 1, 2, 3)
at the month end for the goods and services and received goods is then
(meeting all specifications e.g. quantity,
services received as per the Purchase validated through a comparison of
quality) and the corresponding vendor costs to budget, where applicable,
IMPACT Order. Monthly invoices should be timely recorded in and by reviewing open purchase and
2. Goods Receipt and Invoice Receipt the system. If the goods or services are service orders (if complete review is not
account (or equivalent system received but the invoice is missing, an possible, certain thresholds based on
account) should be cleared monthly accrual is created in the application. The budget can be defined locally). (Step 3)
accrual is reviewed for reasonableness
(ongoing) before month end closing
on a monthly basis by the Purchasing • Follow-up: Old accrual entries which
by the designated person (business Manager. (Step 1) were not offset by the system are
or procurement). Monthly followed up monthly and cleared by the
• In SAP GR IR clearing account is an Purchasing Manager. Any adjustment
3. Accruals are booked monthly by the intermediary clearing account for goods
accounting function for all purchases related to current month accrual is
and invoices in transit. It represents posted by the Accounting personnel
and expenses with pending invoices. Goods Receipt and Invoice Receipt (GR/ and reviewed by the appropriate
Any adjustment to the accruals needs IR) Account. It’s a balance sheet account Financial responsible. (Step 3)
to be approved by the appropriate therefore will have a balance at the end
Financial responsible. Monthly of the period. Goods Receipt and Invoice Link to: Finance Policy
Receipt differences should be reconciled
by identifying the difference in the
account (missing corresponding invoice
or goods receipt). The Goods Receipt
and Invoice Receipt ageing should also
be reviewed to ensure items are timely
cleared. (Step 2)

Inventory

34 Physical stock take of spare
INVENTORY
parts and materials, and
volume reconciliations
Perform physical stock take of
Regular physical stock takes of spare 4. Roles and Responsibilities
spare parts at least annually 1. Physical verification of spare parts is parts and materials are organized by -T
he site manager (or designated
and materials at least monthly conducted annually (or by rotation the plant team with participation of the person) validates and communicates the
throughout the year) with counts finance team and performed according
to ensure that the records stocktake planning to all stakeholders.
to defined procedures. Any other He is responsible, as per local DoA, of the
reflect the correct descriptions, documented and discrepancy, if any,
approach due to business restrictions or review and approval of the stock-take
quantities, and values approved and adjusted according to particularities must be agreed in advance and of the proposed adjustments.
defined requirements. Annual and approved by Group Internal Control.
-T
he functional manager (based on
2. Physical verification of materials is stock nature) is primarily responsible
RISK SPARE PARTS (Step 1)
conducted monthly with appropriate for the organization and performance
- I naccurate or fraudulent recording 1. Preparation of physical inventory
measuring equipments and method of the stock-take. He is responsible
and tracking of inventory - The plant procedure for stock-taking
(Step 1, 2, 3, 4) by stock owners with counts to sign-off stock-take results and
documented and discrepancy, if any, which describes scope, objective, proposes adjustments in case of physical
- Inappropriate physical storage resources and timeline is available and
protection and lack of organization approved, adjusted and documented differences to the site manager.
applied.
for inventories (Step 1, 2, 3, 4) according to defined requirements. - The financial controller (or independent
- Inefficient spare parts - The scope of inventory stock count designee when necessary) ensures the
Any discrepancy over 5% for
management (Step 1, 2, 3, 4) includes capitalized spare parts, parts reliability of the work done, including
materials need to be investigated with zero/ minimum values (e.g.
- Unreliable production data and on-the-field independent observation
and documented with justifications. obsolete parts written-off but still in as part of the count team. He/ she
reconciliation process (Step 3)
Finance function participates in the plant) and off-site inventories. is also responsible for the inventory
IMPACT the physical verification process as It excludes consigned stocks for reconciliation along with the functional
- Errors in financials observer at least half-yearly. Monthly customers and suppliers. manager and when necessary, records
- Financial losses - Movement of parts are stopped or adjustments to the financial statements
- Fraud 3. An end-of-month production
controlled during the stocktaking according to defined delegation of
data reconciliation is performed authority (DoA).
(reception, issue, return etc.).
by the Production manager (or
delegated person) as per the defined 2. Stocktake 5. Follow-up on stocktaking results
requirements. Finance/controlling - Stocktaking is made under adequate - A double count is performed in case of
verifies the stock reconciliation supervision. quantity discrepancies for above 5%
process locally performed in the discrepancy per material (specify by
- Count sheets to be used for the stock-
business line)
plant and when necessary, applies take do not show the quantity recorded
adjustments to the financial in the system (blind count). - Codification, description and label of
statements according to defined stocks are checked and updated if
- Stocktaking process identifies items
needed.
delegation of authority. Monthly that exist but are not recorded and
items that are recorded but do not exist - Stock taking results are reconciled with
4. Annual independent full stock take (i.e. floor to listing and listing to floor). the data from the inventory ledger
of materials (measurements made by by independent people (not those in
- Obsolete items are identified during the
dedicated and skillful team of non- charge of inventory management).
stocktaking.
stock owner, e.g. 3rd party service, - This reconciliation is reviewed by the
other functions within the company) 3. Frequency warehouse manager and the finance
is performed with differences The stock take of spare parts is to be controller.
identified, approved and adjusted. performed at least yearly. In case full -A
fter reconciliation and approval,
Annual scope stocktake of spare parts is not adjustment entries are recorded in ledgers.
performed at the year end, monthly or
- Discrepancies are analyzed to identify
quarterly cycle counts are organized and
their sources and implement corrective
ensure that all spare parts were included
actions.
in the yearly stocktake process.

34 Physical stock take of spare
parts and materials, and
volume reconciliations
REQUIREMENTS REQUIREMENTS
MATERIALS (Step 2, 4) - Bulk density in loose and compact form - Plant Managers and Manufacturing people (not those in charge of material
Materials include raw material, fuel, of all bulk materials should be measured Directors or Business Line Manager, as stock take).
semi-finished and finished goods and agreed. Each stock loose or per local DoA, are responsible to review - Discrepancy(ies) between the measured
compacted will use the corresponding and approve production and stock physical stock and stock information in
1. Preparation of physical inventory density. Bulk densities must be adjustment proposals. the data system (ERP) for all physical
-T
here is a layout map to show the scope determined at least annually. - Financial controller (or independent stocks and before proceeding adjustment
of the stock take. Off-site stocks are - Prior to the verification, production designee when necessary) ensures of production inputs, reliability of the
included. manager and mining engineer should reliability of the work done. Finance/ information system, accuracy of stock
-T
he stock take planning is validated by certify the geometrical shape and the Controlling participates on the stock take and output of the manufacturing
the plant manager and communicated zero levels of all the major heaps. measurement monthly. Finance/ lines for the month must be analyzed first.
to all stakeholders. Controlling (or independent designee A double count is performed in case of
- For all bulk materials, the total stock
-M
ovement of goods are stopped or taken into account should include the when necessary) must participate on quantity discrepancies above 5%.
controlled during the stocktaking ‘live’ and ‘dead’ stocks. the field as part of the count team at No adjustments to be made in data
(reception, issue, return, etc). least half yearly. The Financial controller system (TIS / SAP / JDE) without the
4. Frequency is overall responsible for the compliance approvals as per local DoA. The same
-D
ate and time of measurements have to
- The raw materials, semi finished and and reliability of the stock reconciliation users should not be allowed to make
be recorded.
finished goods stock take is performed process locally performed in the adjustment in the production tools (e.g
-C
alculating formula should be plant and when necessary, records TIS for cement sites) and ERP (e.g SAP,
established and declared. by Production monthly. At least once
per year, the stock take should be adjustments to the financial statements JDE) inventory modules.
- All the measured figures must be performed by an independent expert according to defined delegation of - Discrepancies are analyzed to identify
reconciled from the time and date of the (eg. 3rd party surveyor or other functions authority (DoA). their sources and implement corrective
measurements to the end of the month when necessary). Third party survey and preventive actions. Any discrepancy
at 24h00. 6. Monthly stock reconciliation (Step 3)
is mandatory if 1) there is local legal over 5% for semi-finished and finished
requirement 2) business has challenge to - An end-of-month production data goods need to be investigated and
2. Stock take reconciliation is performed by Production
ensure adequate physical inventory due documented with justifications.
- Stocktaking is made under adequate to lack of skills/tools/internal resources. manager (or delegated person).
supervision. - Dead stock. For all products, the
- Stock reconciliation is done between total stock taken into account in the
-C
ount sheets to be used for the stock 5. Roles and responsibilities all semi-finished / finished goods stock production data report includes the
take do not show the quantity recorded - Production (stock owner) is primarily measured values, products delivered, live stock (movable automatically with
in the system. responsible for the inventory planning materials received, and production / permanent equipment) and the dead
- Stocktaking process identify materials that and organization of the stock take consumption figures for the current stock (non movable automatically). The
exist but are not recorded and materials to ensure completeness of stock month. Reconciliations should be value of the dead stock is agreed upon
that are recorded but do not exist (i.e. floor take locations as well as to provide performed on a dry basis for semi-finished between the production manager and
to listing and listing to floor). competencies, methodology and tools and finished goods, on a wet basis for the the financial controller.
- Obsolete materials are identified during for the stocktake team. other materials (raw materials).
- Zero and Full stock. For bulk products, it
the stocktaking. - Production (stock owner) is also - The following parameters cannot be is recommended to reach at least once a
responsible to measure bulk density, adjusted and must be considered as year a physical zero stock level in order
3. Specific matters calorific value and moisture content at fixed: Semi-finished and finished goods to perform a consistency check between
-M
easuring methods and instruments reception and final usage. tonnages (Shipments, deliveries and theoretical stock and physical stock.
must be optimized at the maximum to - Production team performs the stock physical measures of stocks), total When a full-stock or zero-stock level is
ensure the reliability of the measures. take and signs the stock take report. operating hours for the month for reached, discrepancy between book and
-R
egular calibration of the dosing The Production Manager (or designated each semi-finished and finished goods physical stock must be adjusted.
equipments and weighing devices person) and Quarry Managers are manufacturing equipment.
according to defined schedule. responsible to measure physical - All material physical quantities from stock Link to: Finance Policy, HARP 3.1.1.1.6
materials stocks and to propose take inventory are cross-checked with Inventories and HARP 3.2.1.2.30
-M
ake all the bulk material heaps to
adjustment of the production figures stock information in the data system Inventory Movements Finished Products
regular geometrical shapes as much as
possible and when needed. differences (physical vs.TIS/SAP/JDE). (TIS and other systems) by independent

35 Inventory
valuation IT
Record the proper value
of inventory by identifying 1. Approval of inventory costing
and providing provision for and valuation according to local
obsolete or slow-moving items delegation of authority (DoA).
Quarterly
RISK 2. Half yearly, for hard close events,
- I naccurate or fraudulent recording approval by CFO (or designee) of
and tracking of inventory provisions for obsolescence and
(Step 1, 2) slow moving parts and write-offs
- Inaccurate or fraudulent closing according to HARP. Half year
assumptions and estimates)
(Step 1, 2)
IMPACT
- Financial losses
- Fraud
REQUIREMENTS
•T
he valuation of each type of inventory once per year at Year End (or Hard
is reviewed for consistency with Group Close November). (Step 1)
Accounting rules. Inventory costs • Inventory provisions (obsolescence and
include purchasing costs, conversion slow moving spare parts) and write-
costs and other costs incurred in offs are estimated according to Holcim
bringing the inventories to their present Accounting and Reporting Principles
location and condition (excluding (HARP), based on appropriate
storage costs). (Step 1) supporting documents and applied
•P
urchased products are valued consistently from one year to another.
at purchase price less any price They are approved according to the
deductions such as trade discounts and delegation of authority. (Step 2)
rebates. Expenses directly related to the • Review for obsolescence for slow
acquisition (insurance, import duties, moving parts and related provisions
transport and handling costs etc.) are and write-offs are performed half yearly
included in the value of the inventory. during hard close events. (Step 2)
(Step 1)
• The inventories of raw materials and
• Inventory of own produced finished kiln fuels (coal, petcoke, oil, etc.) with
and intermediate products are no movements of more than 3 months
valued based on actual cost of goods must be valued at the lower of costs
produced including depreciation and and net realizable value per location
certain distribution costs (transport to site. (Step 2)
terminals, warehousing, bagging, etc.).
Standard costing can be used during Link to: Group Delegated Authorities,
the year. At year-end, inventories must Finance Policy, HARP Accounting for
be restated to actual cost. Standard value adjustment for different types of
cost should be updated at a minimum inventory and HARP 3.1.1.1.6 Inventories

36 Management of access
37 Review of IT user access rights
IT
to IT systems to production IT systems
Management of access to IT users have appropriate
IT systems is in place to 1. Access to the IT systems will only access as per their job role and 1. IT performs a half yearly review of all
prevent unauthorized access, be granted, changed or terminated authorization IT user access rights and permissions
disclosure, modification, based upon a correctly authorized for accounts within the production
damage or loss of data access request as per defined systems. Half year
RISK
procedure. Upon Request - Unauthorized access, disclosure, 2. Actions are proposed (lock, disable,
2. In the case of terminations, upon modification, damage or loss of remove user accounts) if access
RISK data (Step 1, 2, 3)
-U
nauthorized access, disclosure, receipt of notification from HR/ rights are inappropriate. Access
modification, damage or loss of business, IT to terminate all user IMPACT changes performed are documented
data (Step 1, 2) access in a timely manner (3 working - Operational disruption and appropriately retained.
days for a power user, such as an - Fraud Upon Request
IMPACT
administrator role, and 5 working 3. Dormant account reviews are
- Fraud days for a regular user). performed periodically for all IT users
Upon Request (e.g. user not logged-in for 30/60/90
days) and actions taken. Half year
Note: Information Technology (IT) production IT systems). Access review
Note: Information Technology (IT) these IDs (renewable). Based on the
Systems refers collectively to Business of Business users access to IT systems is
Systems refers collectively to Business type of ID and associated risks the
Applications and IT Infrastructure covered under MCS12 and therefore not
Applications and IT Infrastructure sponsor may choose to further limit this
(Operating System, Database, Network, in the scope of this control. (Step 1, 2, 3)
(Operating System, Database, Network, expiry to a shorter period (e.g. three
interfaces)
interfaces) months). Expiration may be set up at • An IT user cannot review their own
Google / Active Directory level where • This control must cover the review access. The review confirms that access
Granting/Changing Access: (Step 1) not supported by the application. of all Information Technology (IT) is in line with the IT users role and
• A formal user access request form function users (e.g. OS, DB & Network responsibilities. (Step 1)
should be filled out for every new or Termination: (Step 2)
administrators, AD administrators,
change request to Holcim information • The scope of this controls starts from application support team from IT and Link to: Information Technology Policy,
systems and the corresponding the time Human Resources or Business all other IT users who have access to Information Systems User Directive and
approver has to approve it ensuring notifies IT a request for termination Annex 09: IT Controls
compliance with segregation of duties of user. The control for business
(SoD) rules. notification to IT is under MCS25. IT to
• Human Resources should confirm the revoke access within defined timeline
identity of all internal users and the upon Human Resources / business
Holcim sponsor for external users. notification
•E
xternal User IDs and temporary Link to: Information Technology Policy,
Holcim employees must have a defined Information Systems User Directive and
expiration date up to 12 months for Annex 09: IT Controls

38 Security configuration settings
39 Data backup, storage
IT
and batch job management and restoration process
PRIMARY OBJECTIVE PRIMARY OBJECTIVE CONTROL & FREQUENCY
CONTROL & FREQUENCY
Security configuration settings Data backup, storage and
are reviewed to provide restoration process is 1. Backup is performed as per the
1. Once a year, the security
reasonable technical assurance configuration settings of IT systems implemented to minimize loss schedule (daily, weekly, monthly
to prevent any unauthorized are reviewed to verify whether of data etc.). Backup logs are monitored
the settings are appropriate routinely to verify success /
access to IT systems. Batch
and enforced according to the completeness. Errors, if any, are
jobs are monitored to ensure RISK reported as incidents and resolved.
data integrity defined security requirements for - Business disruption due to IT/OT
applications, Operating Systems and Daily
unavailability (Step 1, 2, 3)
Database. Access to identified critical 2. When external media is used, backup
transactions is restricted to users as IMPACT is stored offsite and media labeling
RISK
- Successful cyber attack (IT/OT) needed. Annual procedures are defined and followed.
- Financial loss
(Step 1) When online data replication (e.g.
-D ata leakage of sensitive
2. Access to batch job scheduling
is appropriately restricted to SAN) is setup, data is protected
information (incl. non compliance
authorized users and reviewed half against corruption (ensuring that
with GDPR) (Step 1)
-U nauthorized access, disclosure, yearly. Half year corrupted production data may not
modification, damage or loss of be synced in realtime to the backup).
3. Every month the batch jobs and Upon Request
data (Step 2, 3)
interfaces are monitored and
processing errors are timely 3. Restoration tests are performed at
IMPACT
corrected. Monthly least annually. Failures, if any, are
- Fraud investigated and resolved. Annual
Note: Information Technology (IT) third parties) Business or IT should The IS_S04 IT Infrastructure and Backup strategy should be designed
Systems refers collectively to Business obtain independent audit report (e.g. Operations Standard defines the taking into consideration that risk of data
Applications and IT Infrastructure ISAE 3402) from the service provider IT Backup requirements. The local loss and data corruption is minimized
(Operating System, Database, Network, at least annually to verify and follow backup and restore procedures should (e.g. controls to prevent backup data
interfaces) up on any IT internal control deficiency document: corruption). The restoration should be
reported. (Step 1) achievable within the business agreed
•M
inimum Security Baseline • Scheduling
recovery and restoration time objective.
requirements are defined in - Annex • Critical batch jobs (different from end • Backup rotation (Steps 1, 2, 3)
09.01: Holcim Minimum Baseline user scheduled background jobs) are
• Retention times
Security Standard approved by the identified (e.g. interfaces between Link to: Information Technology Policy,
Group IT Security responsible. (Step 1) Enterprise Resource Planning (ERP) • Testing of restoration process Information Systems User Directive and
and other critical systems to ensure • Evidence that backup are performed Annex 09: IT Controls
• ITSC Security officer is responsible failures, if any are timely corrected to
to obtain the IT system configuration • Evidence of tests performed regarding
ensure data integrity). Access to such
settings and review them to ensure the restoration procedure
scheduled jobs is restricted. (Step 2, 3)
they are as defined (or stricter) in the
Security configuration Baseline. (Step 1) Link to: Information Technology Policy,
Information Systems User Directive and
•F
or IT systems not managed by Holcim Annex 09: IT Controls
(e.g. Cloud hosted and managed by

40 Managing changes
IT
to IT systems
Prevent unauthorized changes
Note: Information Technology (IT) • The change approval board (CAB)
in IT systems Systems refers collectively to Business verifies all changes before providing
1. There is verification that the requester
Applications and IT Infrastructure release approval. Changes should not be
is authorized to request changes to
(Operating System, Database, Network, moved to production without approval.
RISK the relevant IT systems. Upon Request interfaces) (Step 4)
-U
nauthorized changes to the IT 2. There is a verification that the
systems (Step 1, 2, 3, 4, 5, 6) • Changes to IT systems should be • Developers should not have change
requester has followed defined requested only by authorized approvers access to production system. The
IMPACT procedure for requesting changes (application super users, business changes in production environment
- Operational disruption and that the requests are approved as process owners) to ensure that only should be moved by administrators
- Financial loss required. Upon Request valid changes for business needs are (BASIS for SAP ERP). (Step 5)
requested. (Step 1)
3. User Acceptance Test is performed • Post change monitoring is performed
(there may be additional tests for • To request changes a defined procedure to ensure there changes were correctly
the Unit and Integration Test, if is followed where the approvals are implemented. (Step 6)
required). Results of User Acceptance captured and recorded. (Step 2)
Link to: Information Technology Policy,
Test record who performed the User • User Acceptance Test (UAT) should Information Systems User Directive and
Acceptance Test and when. not be performed by the developer / Annex 09: IT Controls
Upon Request change responsible to ensure
segregation. User Acceptance Test is
4. There is a verification on the release
generally performed by the application
authorization (ensures evidence super users or business / function
of who authorized the release and approved testers. (Step 3)
when). Upon Request
5. There is verification that segregation
of duties is maintained especially that
the developer does not move their
own changes into the production
environment. Upon Request
6. There is a verification on the existence
of test and log evidence to support
the assertion of secure movement
of changes into production (where
changes are applied directly
on production systems e.g. a
configuration or security setting
change, it is reviewed and confirmed
for correctness). Upon Request

Accounting and
Consolidation

41 Compliance with accounting
42 Reconciliation of general
ACCOUNTING & CONSOLIDATION

and reporting standards ledger accounts
Implement and comply with Reconcile and review balance
all Holcim Accounting and sheet accounts and CFO sign- 1. Communication and monitoring by
1. Confirmation by the CFO of
Reporting Principles (HARP) compliance to HARP and IFRS off of the trial balance and the CFO (or designee) of a monthly
through financial certification. non-consolidated financial closing checklist. Monthly
RISK Any deficiencies identified in a statements 2. Approval by the CFO (or designee)
-N
on-adherence to accounting sustainability review conducted by of income statements, balance sheet
and reporting requirements and the STAP team are remediated per accounts, cash flow at least quarterly.
standards (Step 1) RISK
the agreed timeline. Annual Quarterly
- Inaccurate or fraudulent closing
IMPACT entries (incl. judgemental 3. Approval by the designated financial
- Errors in financials assumptions and estimates) person of subledger to general
(Step 1, 2, 3) ledger (GL) reconciliations and trial
- Non-adherence to accounting
balance monthly. Monthly
standards (Step 1, 2, 3)
REQUIREMENTS
IMPACT
• The Company’s Chief Financial Officer • Regular Holcim Accounting and - Errors in financials
is responsible for ensuring that Holcim Reporting Principles (HARP)
Accounting and Reporting Principles Compliance Reviews (cf. 7.4.4 HARP
(HARP) are sustained in the Company Sustainability Review) are conducted
including updating the internal by the Standards and Accounting
policies for the Holcim Accounting and Principles team. Any deficiencies
Reporting Principles change releases. identified must be monitored and
Adherence to Group standards is remedied by the CFO (or designee).
included in the annual certification (Step 1)
letter. (Step 1)
• The Holcim Accounting and Reporting
•T
he Holcim Accounting and Reporting Principles Manual includes International
Principles and rules must be Financial Reporting Standards (IFRS)
implemented in the Enterprise Resource elements that are relevant for Group
Planning (ERP) systems ( SAP, JDE, reporting purposes. In the case
etc.) of all Holcim Group companies. where local circumstances dictate
This implementation is certified by that a specific International Financial
the Group Standards and Accounting Reporting Standards, which is not
Principles (STAP) team who conducts a documented in the HARP Manual,
detailed review. (Step 1) is applied, it is the responsibility of
the Company’s CFOs to ensure that
• Each Holcim Group company must have the International Financial Reporting
an appointed responsible for Holcim Standards is followed (in addition to
Accounting and Reporting Principles HARP). (Step 1)
(HARPist). The CFO is responsible
to appoint the HARPist, who is an Link to: Finance Policy, HARP Manual
integrated member of the HARPist and HARP 7.4.4 HARP Sustainability
Virtual Organization - an extension of Review
the Standards and Accounting Principles
(STAP) Team. HARPist must be recorded
in the Company List. (Step 1)

42 Reconciliation of general
43 Reconciliation

ledger accounts of bank accounts

All bank accounts are
•T
he CFO (or designee) prepares and Any differences are documented,
communicates a closing checklist or investigated and cleared (all reconciled to the general 1. Monthly bank statements are
other document of key activities that corrections made to the subledger). ledger regularly, signed by obtained from the banks and
must be performed during a close, The reconciliation is approved by the reconciliations with the general
the CFO, and adjustments are
including who performs the task and the designated finance person. (Step 3)
deadline, which is monitored. (Step 1) recorded immediately ledger (GL) are performed by the
• For leases under the scope of finance responsible. Required
• The CFO (or designee) performs International Financial Reporting adjusting entries are booked and all
an analytical review of the income Standards 16 (IFRS 16), lease payments RISK unreconciled items are followed up
statement, balance sheet and statement must be reconciled between SAP - Inaccurate or fraudulent closing for closure within 90 days. The CFO
of cash flows to look for variances Flexible Real Estate Management (RE- entries (incl. judgemental
exceeding the locally defined thresholds FX) and the local vendor accounting (or designee) approves the monthly
assumptions and estimates) (Step 1)
(% and amount in local currency) in in the Enterprise Resource Planning - Non-adherence to accounting reconciliation. Monthly
comparison to the prior year and to (ERP) system. Right of use assets and and reporting requirements and
forecast or budget. All significant the Lease Liability account should be standards (Step 1)
deviations are explained in writing and all reconciled with the sub-ledger (the detail
errors are corrected prior to final closing. by contract), by comparing fixed asset IMPACT
Significant deviations discovered in the ledger and general ledger (GL). (Step 3) - Errors in financials
review are disclosed in writing. Once - Financial losses
completed, the CFO (or designee) • After all closing journal entries have - Fraud
approves the income statement, been booked and the subledger to
balance sheet and statement of cash general ledger reconciliations have been
flows in the Group Reporting Unit’s finalized a trial balance, the listing of the REQUIREMENTS
reporting package. (Step 2) general ledger balances by account on
the last day of the month, is analyzed • A proper segregation of duties (SoDs) is bank reconciliations (even for inactive
•T
he system automatically posts and reviewed. Possible errors in the in place between reconciliation, booking or dormant accounts) at each month-
subledger entries to the general ledger trial balance, which are noticed as part and approval activity. The person who end closing are reviewed and approved
and blocks posting of manual entries of the review, are corrected before the performs the bank reconciliations by the CFO (or designee). (Step 1)
directly to the general ledger. Any final closing. Significant deviations are must not have access to recording of
adjustments should be made directly to disclosed in writing. Once completed, transactions in the accounting system • Local banking regulation over clearance
the subledger. (Step 3) the trial balance is approved by the or to process cash disbursements or of bank transactions to be taken into
designated finance person. (Step 3) receipts. (Step 1) consideration for quick identification of
•T
he subledger is reconciled to the unreconciled items. (Step 1)
general ledger monthly to ensure the Link to: Finance Policy and Lease • At least monthly, all bank statements
total balance per the subledger agrees Directive are reconciled to the general ledger •A
ll reconciling differences should
with the total per the general ledger. account timely. The accounts be identified, explained and, when
denominated in foreign exchange rates applicable, appropriate action for
(FOREX) are recalculated according resolution formalized. Any necessary
to the month-end rate and the impact journal entries to resolve the differences
is recorded in the general ledger. The should be posted no later than 90 days
bank statement, the general ledger (GL) after the reconciliation is done. The bank
balance and the related journal entries should be contacted concerning any
are attached in the bank reconciliation. bank errors which should also be resolved
Reconciling items (identified differences within 90 days. The usage of suspense
between the book and bank balances) accounts are not allowed. (Step 1)
are followed up timely and are aged. Link to: Finance Policy, Treasury
Any adjustments required to the general Directive and HARP 3.1.1.1.2 Cash and
ledger are recorded before closing. All Cash Equivalents

44 Reconciliation of

intercompany balances
All intracompany and
• Each intercompany transaction Implementation of standardized
intercompany balances are 1. Signed contract documented between different legal entities Intercompany Settlement Process
reconciled with the partner to and filed for all intercompany must have a signed contract. Each (Netting):
ensure accuracy of the general transactions. Upon Request intercompany invoice must include • The Netting process and tool
relevant details for the goods or (Coprocess) covers standardized
ledger and proper elimination 2. Review and approval by the
services provided based on a signed settlement processes comprising
upon consolidation designated financial person of the contract. (Step 1)
intercompany and intracompany intercompany invoices. There are
• All balance sheet and income exceptions clearly defined in the
accounts each month, including a
RISK statement intracompany and Netting Scope and Principles which
confirmation with each partner (or reflect limitations of the process and
- I naccurate or fraudulent closing intercompany accounts are formally
documentation that balances agree accounting specificities for certain
entries (incl. judgemental reconciled with each partner unit
in Reco-Live). Monthly GRUs. (Step 3)
considering the criterias defined
(Step 1, 2, 3) 3. All applicable intercompany invoices in HARP 7.3.3, including other
-N on-adherence to accounting • Every Group Reporting Unit (GRU)
are set to be settled through the companies of the Holcim Group. must assess readiness (systems, effort
and reporting requirements and netting tool within the defined Reconciling items must be identified
standards (Step 1, 2, 3) and efficiency) to integrate within
agreed timing. (GRU’s in scope). and corrected before the end of the a standardized netting process and
IMPACT Upon Change close. Any FX difference (between the update their assessment once per
- Errors in financials spot rate and the AV rate) on the cash three years. The subsequent decision
- Financial losses flow with a Group partner needs to to integrate the new GRU must be
be communicated and documented approved by the Group Head of
to Corporate Reporting before the Treasury and the netting process
publication of the consolidated owner. (Step 3)
package. The reconciliations should
be reviewed and approved by the Link to: Finance Policy, Recharges
designated finance person. This to Corporate Directive, HARP 7.3.3
ensures that intercompany balances Reconciliation Policy, HARP 7.3.3.2
are fully eliminated in consolidation. Reconciliation process, HARP 4.11.2
(Step 2) Accounting Treatment for Invoicing
of Services within Holcim – other than
Industrial Franchise Fee (IFF), HARP
4.11.3 Accounting Treatment for Group
Charges - Administrative Support Fee
(ASF) and MCS 44.03 General Netting
Scope & Principles Definition

45 Manual journal
46 Impairment of goodwill,

entries intangible assets
PRIMARY OBJECTIVE
and tangible assets
CONTROL & FREQUENCY
Manual journal entries are
properly supported, reviewed
1. Ensure that all manual journal entries are
and approved by appropriate approved as per country delegation of Perform an impairment test for
personnel authority by the designated finance person, goodwill, intangible assets and 1. Approval by the Group CFO of the
together with supporting documentation tangible assets to ensure that goodwill impairment test template
prior to posting. Upon change their recorded values are not assumptions and Mid-Term Plan
RISK
- Inaccurate or fraudulent closing 2. Quarterly verification and sign-off by greater than their recoverable (MTP) cash flow data together with
entries (incl. judgemental the responsible manager to ensure only amount other additional data used for the
assumptions and estimates) approved users from accounting function estimate of value in use. (Group
(Step 1, 2, 3) have access to post manual journal entries. Level) Annual
- Non-adherence to accounting Quarterly approval by the countries of a RISK
2. At least annually, approval by
and reporting requirements and - Inaccurate or fraudulent closing
list of approved persons who can request the Country CFO (or designee)
standards (Step 1, 2, 3) entries (incl. judgemental
manual journal entries to the business assumptions and estimates) of the impairment tests for other
IMPACT service centers. Quarterly (Step 1, 2, 3) intangible assets with indefinite
- Errors in financials - Non-adherence to accounting lives and tangible assets annually
- Financial losses
3. Monthly verification and sign-off by the
CFO (or designee) of the analytical review and reporting requirements and or if a triggering event occurs and,
- Fraud standards (Step 1, 2, 3)
report. Monthly if an impairment exists, review of
IMPACT the impairment loss and possible
- Errors in financials adjustment to the carrying value and
useful life (if applicable). Annual
REQUIREMENTS
3. Notification of impairment issues by
Manual journal entries are considered • All manual journal entries are required to the Country CFO (or designee) to
high-risk transactions; therefore they have adequate supporting information / the Group Corporate Reporting team
must be kept to a minimum. documentation, appropriate business by using the goodwill impairment
Scope: Manual Journal Entries (MJEs) are rationale, recorded within the right template at all times as they occur
Journal Entries posted by a user/person and period, with the right amount. If the entry
is performed at a service center, these
and before the end of May and
are not system triggered /automatic entries November. Half year
in the Enterprise Resource Planning (ERP) information/documentation have to be
application (e.g. accounts payable (AP) or provided to them in order for the posting to
accounts receivable (AR) ledger posting). take place. (Step 1)
Manual Journal Entries are prepared by • Only users in the accounting function are
individuals to capture economic activities allowed to have access to post manual
outside of sub-ledgers, i.e. directly in the journal entries. (Step 2)
general ledger. When Manual Journal Entries • The CFO (or designee) performs a monthly
(MJEs) are used, proper process review and analytical review of manual journal entries
approval is in place as detailed below. posted (including all required reversals).
• Proper Segregation of Duties (SoD) lies This includes statistics on the number of
between Manual Journal Entries requester, entries, nature/type and amount of journal
approver, and those posting the entries. entries to detect any unusual activity as
(Step 1) part of the review. Countries define locally
• Manual journal entries should be posted the thresholds and unusual items for the
in the system after they are reviewed and review. The reviewer is a person other than
approved. All Manual Journal Entries require someone who is posting the entries. (Step 3)
approval before posting. Additionally, Link to: Finance Policy and Annex 14: SAP
entries relating to valuation adjustments MJE’s Regional scope
should be approved by the CFO. (Step 1)

46 Impairment of goodwill,
47 Transactions

intangible assets in a foreign currency
and tangible assets
REQUIREMENTS Identify, record and revalue
all transactions in a foreign 1. Approval by either IT service centers
Cash Generating Unit: (Step 1) PPE (Property Plant & Equipment): (Step 3)
currency and recognize foreign (ITSCs), CFO (or designee) that
•A
s from January 1, 2019 a Cash- • Group companies shall use the goodwill currency gains/losses the correct Group communicated
Generating Unit (CGU) for goodwill impairment template at all times
exchange rates were entered into the
impairment testing from country or when assessing Property, Plant and
regional cluster level to operating Equipment (PPE) for impairment. Enterprise Resource Planning (ERP)
RISK system daily or at least monthly.
segment level. This emphasizes the • All designated assets are assessed at - Inaccurate or fraudulent closing
level of responsibility of regional least annually to determine if there
Monthly
Management with focus on segment is any indication of impairment. If 2. Analytical review of the foreign
performance. The Group’s cash- indicators are present, a formal estimate
generating units continue to be defined
(Step 1, 2) currency gain or loss in the general
of the recoverable amount of the asset - Non-adherence to accounting ledger to ensure all foreign currency
on the basis of the geographical must be calculated. The review needs to and reporting requirements and transactions were properly revalued
markets, normally country- or region- be documented and must be formally standards (Step 2)
related. For the purpose of Goodwill approved by the appropriate finance using the month end rate. Monthly
- Improper management of foreign
impairment testing, the Group’s cash- person. exchange risk (Step 1)
generating units are aggregated into
an operating segment, which is the • If it is determined that there is an IMPACT
level reviewed by the Group CEO (i.e. impairment, the impairment loss must - Errors in financials
chief operating decision maker). The be recognized immediately to the
operating segments on which goodwill extent that the carrying value is greater
will be tested for impairment would be than the recoverable amount.
as follows:
-N orth America; Europe; Middle East • If there is an indication that an asset REQUIREMENTS
Africa; Latin America; Asia Pacific and may be impaired, the remaining useful
life of the asset should be reviewed • Daily exchange rates published by the currency of the transaction so the
Solutions and Products.
and adjusted, if needed, even if no central banks are usually used to record Enterprise Resource Planning (ERP)
Goodwill Guidance: (Step 1) impairment loss is recognized. receivables and liabilities relating system can automatically revalue the
to the foreign currency transaction transaction until settlement). (Step 2)
• Consequently, all goodwill is tested for • Group Corporate Reporting should be (settlements, recognized gains/
impairment by Corporate Reporting in notified if any impairment issues arise • Where a transaction is not settled in the
losses). The exchange rate used in the
Zug, Switzerland and not by a Group before the end of May and November. same reporting period as that in which it
Enterprise Resource Planning (ERP)
Reporting Unit. The Group goodwill occurred, it must be revalued using the
system on the last day of the month is
impairment test template will be used Sustainability: (Step 3) closing rate of the reporting currency.
the official rate calculated and defined
to test for impairment. The cash flows • An impairment might be required if Any resulting gain or loss must be
by the Group and communicated to
contained in the Mid-Term Plan form a tangible asset becomes obsolete, recognized in the income statement as a
all countries. Exception (i.e. utilization
the basis of the test with additional is replaced earlier than expected, foreign currency gain or loss. If recorded
of daily rates from central bank for the
information required. The calculations or cannot be used anymore as a in the system in the currency of the
last day of the month, instead of the
and assumptions must be validated and result of newly introduced stringent transaction (foreign currency), this will
rates communicated by the Group)
approved by the Group CFO. environmental measures. be done automatically by the Enterprise
must be approved by Group Corporate
Reporting based on appropriate impact Resource Planning (ERP) system. If not,
Other intangibles with indefinite lives: Link to: Group Delegated Authorities,
analysis performed on a bi-yearly basis. this must be done manually. (Step 2)
(Step 2) Finance Policy, HARP 4.4.3 Impairment
(Step 1) Link to: Finance Policy, Treasury
• At least annually or if a triggering of Assets and Annual ARC impairment
event occurs, a test of impairment of model and impairment testing guidelines • A foreign currency transaction is one Directive, Foreign Exchange (FX) &
an intangible asset with an indefinite that requires settlement, either payment Interest Rate (IR) Risk Management
useful life (or an intangible asset not or receipt, in a foreign currency. Such Directive, HARP 3.2.4.4 Foreign
yet available for use) is completed by transactions are identified and recorded Exchange Losses (Gains) and HARP 4.7.1
comparing its carrying amount with its in the general ledger as a foreign Accounting for the Effects of Changes in
recoverable amount. currency transaction (denominated in Foreign Exchange Rates

48 Management of legal structure

and consolidation hierarchy
Ensure a complete and correct
• The creation of any new legal entity system and Legal Entity Management
scope of consolidation by 1. New legal entity and/or any changes must be in accordance with the Group Tool (Umbrella) to take place whenever
proper reporting and disclosure in the structure of legal entity must Delegated Authorities. The Group a change occurs, or at least bi-yearly.
be updated in the Umbrella tool Reporting Unit (GRU) CEO is responsible (Step 1, 2)
of the legal ownership rights
within 3 days of incorporation or to ensure that all legal entities without •O
n a monthly basis, before the start
any limitation of scope, materiality or of the country consolidation, the
change. The Group Reporting Unit percentage of participation with direct
RISK CEO and CFO verifies the legal entity consolidation hierarchy is reviewed
or indirect control are documented by the local reporting team to verify
-N
on-adherence to accounting structure and signs off the Legal in the Legal Entity Management Tool the completeness and correctness
Entity Management Tool (Umbrella) (Umbrella). Sign off by the CEO and CFO of the SAP- Financial Consolidation
standards (Step 1, 2)
-A
bsence of control and information half yearly according to confirming completeness and accuracy (SAP-FC) set-up of the legal entities,
Group Accounting, Reporting and of reported information performed the consolidation methods and the
supervision over remote or small
Consolidation (ARC) / Group Legal during the May and November hard close legal ownership percentages. In case
entities (Step 1, 2)
events. (Step 1) of changes and/or doubts, alignment
Instructions (Hard Close May and
IMPACT • All information in Legal Entity with legal is required and the Group
November). Half year
Management Tool (Umbrella) is Consolidations team needs to be
2. Approval by the designated finance updated within 3 days after any change informed accordingly. If the transaction
person of the consolidation hierarchy, occurs. (Step 1) meets the threshold for a change in
percentage of ownership and method • All information in Legal Entity structure (CIS), it should be reflected
of consolidation to ensure correct Management Tool (Umbrella) is in the SAP- Financial Consolidation
accounting and reporting treatment compulsory and must be uploaded as (SAP-FC) package. (Step 2)
and reconciliation with Umbrella defined by the Umbrella rules (User Link to: Group Delegated Authorities,
before the start of the country guide section 11). (Step 1) Finance Policy, Treasury Directive
consolidation. Monthly • Reconciliation over the agreed and Legal Entity Management Tool
consolidation hierarchy, with SAP- (Umbrella) User Guide
Financial Consolidation (SAP-FC)
49 Consolidation
50 Statutory financial

of financial statements statements
Review of the reporting Statutory financial statements
package, including equity 1. Review and approval by the CFO are reconciled to Group 1. Review and sign-off by the CFO (or
and consolidation entries, (or designee) of the reconciliation financial statements, reviewed designee) on 1) the reconciliation
and approval of the reporting of local equity (general ledger) and signed off by the CFO and between the Group reporting
package and supporting and local chart of accounts to the statutory audits are completed package and the statutory financial
schedules before submission to reporting package (SAP-FC). by April 30th statements and all adjustments made,
Half Year 2) the statutory financial statements,
the Group
2. Review and sign-off by the CFO including related disclosures and 3)
RISK the reconciliation between the Group
(or designee) of the SAP- Financial
RISK - Non-adherence to accounting reporting package and the statutory
Consolidation (SAP-FC) reporting and reporting requirements and
-N on-adherence to accounting package before submission as per the financial statements is uploaded in
and reporting requirements and standards (Step 1, 2, 3)
requirements. Monthly - Inaccurate or fraudulent closing
Umbrella. Annual
standards (Step 1, 2)
- I naccurate or fraudulent closing entries (incl. judgemental 2. Audit qualifications on the local
entries (incl. judgemental assumptions and estimates) financial statements, if any, must be
assumptions and estimates) (Step 1, 2) reported to the Group ARC together
(Step 1, 2) IMPACT with the signed statutory audit reports
IMPACT - Errors in financials of a calendar year by April 30th of the
- Errors in financials following year. Any exceptions must be
approved by the Group Head of ARC
before the April 30th deadline. Annual
REQUIREMENTS
3. All listed companies must receive
• A review is performed to ensure the • A reconciliation of local equity (general formal approval by the Group Head
amounts reported in the group reporting ledger) to the Group consolidation of ARC and Group CFO before any
package in SAP- Financial Consolidation accounts (SAP- Financial Consolidation)
external publication of press releases
(SAP-FC) are correct and complete. is performed twice a year (mid year and
The mapping between the local chart of year end), approved by the CFO (or including statutory accounts.
accounts and the consolidation package, designee) and uploaded in Umbrella. Upon Change
if applicable, is formalized and any Differences are explained, documented
change is authorized by the designated and recorded. (Step 1)
finance person. (Step 1)
• The country reporting package
• When a country performs a sub- is reviewed and approved by the
consolidation, the consolidated reporting appropriate finance person Country
package is reviewed for the completeness CFO (or designee) before being
and correctness of the consolidation, submitted to the Group. The CFO (or
where applicable, including: (Step 1) designee) formally signs off on the
- Eliminations, taking into consideration financial statements to confirm that
any non-controlling interest calculation they have been reviewed, that the
amounts reported are correct and that
- Accounting for any deconsolidation, all relevant information for disclosure
acquisition, merger or transfer. purposes has been included in the
- Conversion to the reporting appendices. (Step 2)
currency and related currency
translation adjustment are reviewed Link to: Finance Policy, ARC Permanent
for reasonableness using the rates Instructions 2024 and Legal Entity
published by the Group (and used in Management Tool (Umbrella) User Guide
SAP- Financial Consolidation).
50 Statutory financial
statements Tax
REQUIREMENTS
Audit fees negotiation and all additional analyzed and the organization and
audit related fees for all Group Companies process is improved for the next year.
and change of auditor at country level (Step 2)
approvals are managed according to • For both the statutory and group audits,
Group Delegated Authorities (GDA) and a mandatory audit firm rotation is to
Approval of audit, audit-related and non- take place every 10 years the latest
audit services Directive. (more frequent intervals may be applied
• A reconciliation between the financial by the management). A previously
statements per the Group reporting appointed audit firm, after its rotation,
package and the statutory financial cannot be re-elected for a period of at
statements must be performed to ensure least 3 years. Additionally, key audit
amounts are correct and complete. partners must rotate every 7 years the
(Step 1) latest. A previously appointed key audit
• A reconciliation by flow of the equity partner, after his/her rotation, cannot
between the Group reporting package be re-elected, irrespectively of the audit
and the statutory financial statements firm in which he / she might work for.
must be provided in Umbrella once If local regulations of each country of
the statutory financial statements incorporation, dictate a more frequent
are signed by the auditors based on a mandatory rotation of audit firms or
comprehensive template. (Step 1) key audit partners and / or a longer
waiting period for re-election, then local
• Any adjustments made to the SAP- regulations supersede this guidance and
Financial Consolidation (SAP-FC) the more frequent rotation periods and/
financial reporting package (financial or the longer waiting periods should be
statements) to comply with the applied locally. Refer to the Approval
regulations of the statutory financial of audit, audit-related and non-audit
statements (e.g. International Financial services Directive. (Step 2)
Reporting Standards (IFRS) to a local
Generally Accepted Accounting • All listed companies, at least 7 days
Principles (GAAP) must be documented before the release of the statutory
and approved by the CFO (or designee). accounts, must (1) Provide a
(Step 1) reconciliation of the equity as well as the
main indicators of the P&L to the Group
• The CFO (or designee) formally signs off Head of ARC and the Region CFO. This
on the statutory financial statements to must be reviewed and confirmed by the
confirm that they have been reviewed Group Head of ARC and the Region CFO
and the amounts reported, including all (2) Obtain formal approval by Group
relevant disclosures, are correct. (Step 1) Head of ARC and Group CFO before any
• All statutory audits of a calendar year external publication of press releases
must be completed by April 30 of including financial reporting. (Step 3)
the following year. Any exceptions
must be approved by the Group Link to: Group Delegated Authorities,
Head of Accounting, Reporting and Finance Policy, Approval of audit,
Consolidation (ARC). Exceptions audit-related and non-audit services
must be granted before the April Directive, ARC Permanent Instructions
30th deadline, otherwise the MCS is 2024 and Legal Entity Management Tool
not adequate. The CFO (or designee) (Umbrella) User Guide
ensures that root cause of delays are
51 Tax risk assessment
52 Tax filings
TAX
and reporting and payments
Track, monitor and reduce Any exceptions to timely tax
tax risks and ensure they are 1. Quarterly review and approval by filings and payments must be 1. Local tax responsible and CFO
properly reflected in financial the Country CFO (or designee) of approved by the Group Head (or designee) to implement a tax
statements and disclosures the provisions reported and the full of Tax calendar with all tax filing and
list of uncertain tax position as per payment due dates. Annual
the requirement, at the country/ 2. Approval of the calendar by the
RISK Group Reporting Unit level, and RISK
-L ack of proper tax risk monitoring - Statutory filings and payments not local tax responsible to ensure that
confirmation they agree to the all filings and payment are made
and reporting (Step 1, 2) performed timely (Step 1, 2, 3)
-P oor management of tax cases amounts in the financial statements. - Poor management of tax cases on time. If an extension is needed,
(Step 1, 2) Quarterly (Step 1, 2) the local tax responsible obtains
- I naccurate or fraudulent closing 2. Review and approval of tax risks, at approval from the Group Head of Tax.
entries (incl. judgemental IMPACT
the consolidated Group level, by the - Errors in financials Annual
Group Head of Tax every quarter to - Financial losses 3. Identification and timely disclosure of
(Step 1, 2)
ensure all required information is reportable cross border transactions
IMPACT reported, complete and updated with as per local requirements.
- Errors in financials the latest assumptions. (Group level)
- Financial losses Upon request
Quarterly
At least quarterly, the Country CFO (or Based on this information: • A tax calendar, including filing and • Following local rules, the identification
designee) keeps track of and reviews payment due dates for all taxes, and timely disclosure of reportable
the status of all uncertain tax positions, • Provisions must be adjusted accordingly is formally set up by the local tax cross border transactions to tax
including: (Step 1) • Contingencies must be disclosed responsible and CFO (or designee). authorities, when/where applicable.
(Step 1) (Step 3)
•T
he estimated maximum risk and This detailed information is reported
estimated loss, to Group Tax using the format and tool • A process is in place to monitor filings Link to: Group Delegated Authorities,
communicated by Group Tax with all and payments so they are made on time. Finance Policy, Tax Reporting Directive
• The classification as not probable, Entities should be compliant with local and European Mandatory Disclosure
probable and virtually certain, balances reconciled to SAP- Financial
Consolidation (SAP-FC). (Step 2) rules for timely filing and payment of tax Regime Directive
•T
he amount of the provisions recorded liabilities. Any extension request for filing
in the financial statements. Link to: Group Delegated Authorities, or payment of taxes shall be approved
Finance Policy, Tax Reporting Directive by Group Head of Tax. (Step 2)
and HARP 7.3.4.04 Tax Risk Reporting
53 Deferred and current
54 Transfer
TAX
income tax calculations pricing
The deferred and income All tax and legal rules regarding
tax calculations and related 1. Review by the local tax responsible intercompany transfer prices 1. Confirmation by Group Tax and
documentation are prepared and approval by the CFO (or and documentation are Regional Heads of Tax on the
in accordance with the Group designee) of all income tax and complied with; where required, methodology used for intercompany
consolidation instructions, deferred tax calculations and related transactions are reviewed by transactions. (Regional and Group
documentation at least quarterly. level) Annual
tax policies, directives and Group Tax. Any exceptions are
Quarterly 2. Approval by the Group Head of Tax on
guidance and in line with local discussed with Group Tax and
tax regulations approved by the Group Head any exception to the Group Transfer
Pricing Directive. (Group level) Annual
of Tax
3. Review and analysis by the local tax
RISK responsible and approval by the
- Inaccurate or fraudulent closing RISK CFO (or designee) to check that the
entries (incl. judgemental - Lack of proper tax risk monitoring
assumptions and estimates) (Step 1)
practice of the entity is in compliance
and reporting (Step 1, 2, 3, 4) with the Group Transfer Pricing
-L ack of proper tax risk monitoring - Statutory filings and payments not
and reporting (Step 1) performed timely (Step 4)
Directive. Annual
IMPACT 4. Maintenance and filing, as applicable,
IMPACT
- Errors in financials by the local tax responsible of
- Financial losses - Financial losses transfer pricing documentation in
accordance with local requirements
and the Group Transfer Pricing
REQUIREMENTS Directive. Annual
A quarterly review of the deferred and • Reconciliation with amounts booked in
current income tax calculations and the consolidation package
related documentation is performed by REQUIREMENTS
the local tax responsible and CFO (or • Tax rate reconciliation (prepared,
designee) and includes: (Step 1) documented, and validated)
• The Transfer Pricing team with Group compliance with the Group Transfer
• Recoverability of deferred tax assets is Tax together with the Regional Heads of Pricing Directive. Risk analysis is
•A
ppropriate representation on
justified by supporting evidence Tax are accountable and responsible for communicated to the finance and legal
outstanding audits
analyzing, advising and confirming the departments to define potential needs for
• Compliance with requirements of tax • Account reconciliation ending transfer pricing methodology used in all provisions or disclosures in accordance
rulings balances are verified to ensure all intercompany transactions. (Step 1) with the Minimum Control Standards
accounts requiring reconciliation are (MCS) on Tax Risks. (Step 3)
•E
nacted tax rate changes identified and ending balances on the • Any and all intercompany transactions
reconciliations are correct. must comply with the arm’s-length • Transfer Pricing documentation is
•T
ax Risks Provisions/Uncertain Tax principle as also required by local laws and maintained and filed by the local tax
Positions (UTPs) and exposures Link to: Group Delegated Authorities, regulation. (Step 1) responsible. It shall be prepared with the
including analysis of changes and Finance Policy, Tax Reporting Directive, assistance of the Transfer Pricing team
or expirations, quantification, and HARP 3.1.1.2.7 Deferred Tax Assets, • Any exceptions to the Group Transfer in accordance with the Group Transfer
probability assessment HARP 3.1.2.2.3 Deferred Income Taxes Pricing Directive should be discussed with Pricing Directive. (Step 4)
and HARP 3.2.6 Income Taxes Group Tax to evaluate the risk and has to
•D
ocumented analysis of any temporary be formally approved by the Group Head Link to: Group Delegated Authorities,
differences between the tax basis of of Tax. (Step 2) Finance Policy, Trading Policy, Direct
an asset or a liability and its carrying Tax Directive, Transfer Pricing Directive,
amount per the Statement of Financial • The practice of the entity is regularly Intellectual Property Directive and
Position and proofs of all deferred tax analyzed by the local tax responsible Recharges to Corporate Directive
balances and the CFO (or designee) to check
55 Non-income (indirect)
taxes Treasury
Non-income tax returns and
related account reconciliations 1. Review and approval of all Value Added
are prepared, reviewed and Tax (VAT) and indirect tax returns by
approved in line with the locally the CFO (or designee). Upon request
required frequency and local 2. Review and approval by the local
tax requirements tax responsible of the reconciliation
of current month activity per the tax
calculation with the amount in the
RISK financial statements. Monthly
- Statutory filings and payments not
performed timely (Step 1, 2, 3, 4) 3. Review by accounting responsible and
-L ack of proper tax risk monitoring approval by the local tax responsible
and reporting (Step 2) of reconciliations of all Value Added
-P oor management of tax cases Tax (VAT) accrual and recoverable
(Step 2) accounts monthly. Monthly
IMPACT 4. Review and approval by the local tax
- Errors in financials responsible of unusual activity in the
- Financial losses
Value Added Tax (VAT) reconciliations
including Value Added Tax (VAT)
litigations in progress. Monthly
REQUIREMENTS
•V
alue Added Tax (VAT) and indirect • The reconciliations for various Value
tax returns are prepared, reviewed and Added Tax (VAT) accrual and Value
approved in line with local required Added Tax (VAT) recoverable accounts
frequency and local tax requirements. are performed by local accounting
(Step 1) responsible. The local accounting
responsible contacts the local tax
•T
he reconciliation (base revenue, responsible if they notice any unusual
sales, others used to calculate Value payments during the reconciliation
Added Tax (VAT) or sales taxes with process. (Step 3)
the recorded revenue, sales, others in
Profit/Loss) summarizes current month • Value Added Tax (VAT) payments are
sales activity to produce the monthly made from multipurpose cash accounts.
accrual needed. Any reconciling The reconciliations for the cash
items noted during the reconciliation accounts used to make Value Added
will be evaluated to determine a Tax (VAT) payments are performed
potential impact on the tax return. The by the local accounting responsible as
reconciliation summarizes information part of their cash account reconciliation
based on current monthly accruals, process. Any unusual Value Added
quarterly accruals or annual accruals, Tax (VAT) payments during the
based on the jurisdiction. Miscellaneous reconciliation process shall be reported
issues (missed payments, audit issues, to the local tax responsible. (Step 4)
etc.) are also noted and tracked on the
reconciliation. (Step 2) Link to: Finance Policy
56 Bank relations
TREASURY
Bank relationship management
• Bank relations, including fees, approved • Local reconciliation over approved bank
– including all openings bank 1. Obtain Group Treasury approval for as per Group Delegated Authorities accounts list with Enterprise Resource
accounts – are managed and any bank accounts that are opened (GDA), when applicable, and Group Planning (ERP) system and Legal Entity
and notification of closing bank Treasury Directive. (Step 1, 2) Management Tool (Umbrella) to take
approved by Group Treasury
place whenever a change occurs, or
in compliance with Treasury accounts to Group Treasury. • Any opening of bank accounts shall at least quarterly. Ensure Legal Entity
Directive requirements. All Upon Request be approved by Group Treasury i/o Management Tool (Umbrella) is up-to-
Corporate Finance and Treasury (CFT). date. (Step 3, 4)
signatory guidelines in the 2. Obtain Group Treasury approval for
Any closing shall be notified to Group
Holcim Treasury Directive must transaction with any counterparty not Treasury and updated in Legal Entity • A process is in place to: (Step 4)
in the “Bank List” prior to initiating Management Tool (Umbrella). (Step 1)
be in place - Ensure only joint signatory rights are
transactions within approved limits. allowed for any transaction with a
Monitoring of the credit exposure • Information to the banks, including
legal and compliance-related questions, bank and each signatory has sufficient
RISK within the concentration limit needs to be provided in compliance seniority to become an authorized
-U nauthorized commitment or published by Group Treasury. with Group Treasury Directive. (Step 1) signatory. Implement authorization
relationship with bank Upon Request limits for individual roles appropriate
(Step 1, 2, 3, 4, 5) • In order to limit credit exposure and to the size of the organization.
- Transaction with sanctioned 3. Annual approval of a list of all bank concentration on any counterparty, - Ensure immediate removal of signatory
parties (Step 2) accounts and optimization plan by the Group will only do business with rights for employees no longer
local CFO (or designee) based on authorized counterparties within involved in the payment process and
IMPACT Treasury Directive including inactive concentration limits and guidelines
- Compliance inform the bank immediately in case of
bank account analysis and timely described on the official Holcim Bank signatory changes.
- Financial losses List. Within the Bank List, Relationship
- Fraud closing when applicable. Annual - Obtain from the banks the list of
Banks should be considered over Niche
4. Quarterly verification by the local Banks, unless Niche Banks offer a clear authorized signatures to confirm
CFO (or designee) of the list of all advantage.(Step 2) it is up to date and consistent with
delegation of authority (at least once
open bank accounts reconciled
• Business relationships with a bank not a year)
with Legal Entity Management Tool listed on the Bank List are subject to
(Umbrella) and local Treasury/ • Cash and deposit limit must be
written approval by the Group Head monitored. Any counterparty limit
accounting system. At least, of Treasury. Any counterparty risk breach with non-relationship or non-
yearly confirmation of authorized with non-relationship or non-niche niche banks shall be immediately
signatories obtained from banks banks must be under the limit defined reported with appropriate corrective
to ensure it is consistent with the through the approval process by Group actions to the Head Group Treasury.
Treasury. Request for approval (RfA)
delegation of authority (DoA). Corrective actions are implemented
procedure and form includes sanctions within the time frame agreed with group
Quarterly screening as per the Group Treasury Treasury. (Step 5)
5. Identified counterparty risk exposure Directive. (Step 2)
breaches must be reported to the Link to: Group Delegated Authorities,
• The Country CFO (or designee) reviews Finance Policy, Treasury Directive,
Head Group Treasury and corrective yearly the list of active and inactive Sanctions and Export Controls Directive,
actions implemented within the bank accounts and ensures that the Counterparty Risk Management:
agreed time frame. Upon Change number of banks and bank accounts is Concentration limit applicable to
optimized to increase visibility on cash countries, Holcim Bank List 2023-2024
and reduce risks and costs. If it is not and Legal Entity Management Tool
optimized, a plan is set up for closing (Umbrella) User Guide
accounts by a specific deadline. (Step 3)
57 Cash transactions
TREASURY
are not permitted
without the Group approval
Cash transactions are not
Cash transactions can create Validate with Region Head of Finance
permitted without exceptional 1. If applicable, obtain Group Head opportunities for fraud, money laundering and obtain Group Head of Treasury and
approval by the Group of Treasury and Group Chief and the funding of bribes. For this reason, Group Chief Compliance Officer approval
the general rule is that cash transactions for any exception to the requirements
Compliance Officer approval for cash
are not permitted. If Group Head of listed above, and inform Group CFO. If
transactions. Set up by the CFO (or Treasury and Group Chief Compliance exceptions are approved, countries must
RISK
-U nsecured payment means & cash
designee) a local procedure with Officer approval is not formally granted, implement a local procedure to: (Step 1, 2)
transactions (Step 1, 2) an approval process in line with cash transactions are to be ceased. The • Safeguard the process to issue and
- Corruption and bribery (Step 1) the Holcim Group defined rules, following rules applies: (Step 1, 2) collect cash.
-T ransaction with sanctioned controls and thresholds to safeguard • Maximum petty cash limit per site • Track, record and support with
parties (Step 1) and minimize cash and check allowed is CHF 500. A petty cash is a appropriate documentation all
- Money laundering (Step 1) transactions. Upon Request small amount of cash kept on site to approved cash and check transactions.
pay for minor expenses, such as office
IMPACT 2. Monthly review and approval supplies or reimbursements. • Maintain segregation of duties between
- Compliance by the CFO (or designee) of the the person responsible for physical
- Financial losses • Supplier payments in cash are not custody of cash/ checkbook and the
reconciliation of the checking and
- Fraud allowed. bank and cash disbursement authorized
petty cash accounts. Monthly
• No cash collections are accepted from signatories. Restrict access to check
customers. books/cash and to the safe to only
• Usage of checks is strongly discouraged designated persons so as to ensure
and should be avoided. If used, only segregation of duties.
crossed checks are accepted (to be • An independent person who is not
deposited to a bank account) for either responsible for the physical custody of
supplier payment or customer receipt. checks shall physically verify unused
• Cash transactions to buy or sell foreign checks on hand and reconcile with the
currencies at Exchange offices (Bureau checkbook register on a quarterly basis.
de change) beside banks are strictly Random inventory counting has to be
prohibited. Countries which need to performed several times a year by an
conduct such transactions must get independent person.
approval from the Group Head of • Perform regularly (at least monthly) a
Treasury. reconciliation of checks and petty cash
• Holcim countries which have been to the books including petty cash used
granted Group Head of Treasury for employee advances. Investigate
and Group Chief Compliance Officer any variances, within the same period
approval for cash transactions must and confirm they are approved by the
perform restricted party screening on appropriate person before booking.
the third party (customer/supplier) Link to: Finance Policy, Treasury
in line with the Sanctions and Export Directive, Sanctions and Export Controls
Control Guidance. Directive and Sanctions and Export
Controls Resource Center
58 Secure payment
TREASURY
means
Payments are secured to avoid
For bank transfers: execution). Emails should be marked
errors and safeguard assets 1. All users with access to SAP-BCM as confidential and attachments are
An inventory of all banks should be
and/or bank portals are approved password protected. Passwords must
maintained with a list of users with bank
by the CFO (or designee) as per the portal and or SAP Bank Communication be communicated in a separate email.
RISK local DoA requiring dual approval for (Step 1)
Manager (SAP-BCM) access (managed
-U
nsecured payment means & cash payments. In case of Business Service by country or business service center) • Critical users: Quarterly, a list of all
transactions (Step 1, 2, 3, 4, 5, 6)
Centre users, the BSC Head approval to ensure controls are applied. Access to electronic banking users is obtained
-U
nauthorized access, disclosure,
is required. Upon Request any bank system including but not limited from the bank portal or banks. Users
modification, damage or loss of
to SAP Bank Communication Manager with payment approval access to SAP
data (Step 1, 2, 3, 4, 5) 2. Quarterly review of critical users with and bank portal is strictly controlled. BCM transaction is obtained for review
IMPACT payment authorization, payment of SAP BCM access. Banks Payment
• Each user has a unique ID and password,
- Financial losses proposal upload, and administrator user access, for accessing the bank authorization access is restricted to
- Fraud access by the CFO (or designee) for portals or SAP Bank Communication treasury operations / cash and banking
the country users or BSC Head (or Manager. (Step 1) teams. The review of users access to
designee) for the BSC users. Access SAP BCM and bank portals is performed
• At least two authorized signatories according to the users job role to
is revoked within 3 business days approve bank payments. (Step 1) ensure there is no unauthorized or
for any inadequacy identified from • No modification of data (payment files conflicting access. Users with access to
the access review or for dormant generated from a system) is possible other processes in Enterprise Resource
users over 90 days with no valid along the whole process (e.g. supplier Planning (ERP) system (Master Data
justification. Quarterly bank data, amount to be paid, payroll Management - MDM / Order to Cash
file etc.). Electronic transfers are coded / - O2C / Procure to Pay - P2P / Hire to
3. Yearly review of non-critical users, encrypted by the system for security. Retire - H2R) cannot have access on the
view only access to bank balances, Manual upload of payment files in bank portal or SAP BCM for payment
bank statements or bank monitor, banking platforms is not allowed. (Step 1) approval. Reviewer should not review
by the CFO (or designee) for the • Banks systematically send a confirmation their own access. (Step 2)
country users or BSC Head (or ensuring that the electronic file was • Non-critical users: Yearly, for users with
designee) for the BSC users. Access is received without communication errors view only access to bank balances, bank
revoked within one (1) month for any (a negative or positive check or the statements or bank monitor, a list of all
inadequacy identified from the access possibility to verify). (Step 1) users is obtained from the bank portal
review or for dormant users over 90 • To minimize fraud risks, treasurers or banks and a review is performed to
on a daily basis reconcile bank and ensure only authorized users have the
days with no valid justification. Yearly
intercompany accounts and refrain from display access according to the user job
4. Changes to Business Partners master communicating any details regarding role. Reviewer should not review their
data are performed by an authorized the payment process to external parties own access. (Step 3)
user and based on an approved other than banks. (Step 1) • Dormant users over 90 days should be
request. Upon Request • Manual transfers (i.e. email requests or reviewed. Users who no longer need
paper based such as letter or fax) must access must be revoked in 3 business
5. Quarterly verification and sign-off by days for critical users and one month
the CFO (or designee) to ensure only be strictly limited and the bank must
call back the treasurer (or designee) for non critical users and for others a
users from dedicated functions (with no justification / explanation should be
(different from the one issuing the
conflicting roles) have access to change payment) once the manual transfer is documented as part of the review.
Business Partner data. Quarterly received (to reconfirm before payment (Step 2, 3)
6. At a minimum, annual validation by
the Treasurer (or designee) of all
active direct debits with the relevant
counterparties (banks). Any direct
debit not required is notified to the
banks for cancellation. Annual
58 Secure payment
59 Financial instruments,
TREASURY
means borrowings, commitments
and working capital schemes
REQUIREMENTS
Business Partner master data: (Step 4, 5) Direct Debit (DD): (Step 6)
•E
ntities that use Treasury management • Usage for vendor payment with All financial instruments,
applications or any other payment direct debit is not permitted unless borrowings, commitments and
platforms, where banks are setup it is a mandatory requirement by the 1. Approval according to local
working capital schemes are delegation of authority and Group
as master data (referred to as authorities (i.e. tax related payments).
Business Partners), a master data Any exception to the rule has to be authorized in accordance with Treasury Directive of any new
management process that defines roles, approved by the local CFO and must the Group Treasury Directive. financial instruments, borrowings,
responsibilities and rules for Business follow all rules defined in the Treasury Outstanding positions are commitments and working capital
Partner data management is in place Directive.
reconciled with counterparty schemes. Upon Request
and reviewed when required to ensure • Treasurer (or designee) will ensure such
only authorized personnel create, direct debit payments are executed statements 2. Sign-off by the CFO (or designee)
modify and delete financially relevant based on the agreements approved by of the list of all outstanding financial
Business Partner data based on the the CFO. instruments, commitments and
required supporting documents (SSI, RISK working capital schemes. Quarterly
RIB, IBAN, etc.) and bank confirmation • Inventory of the direct debit contracts - Inability to maintain an adequate
when required. Changes to bank signed has to be available for Treasury cash flow and liquidity position to 3. Countries trading in derivatives
information in the treasury applications whenever applicable. Treasurer pay obligations (Step 2, 3, 4) locally due to regulatory reasons,
or any other payment platforms must (or designee) will ensure regular - Non-adherence to accounting must have it reviewed by Treasurer
only be done post execution of the confirmation (on a yearly basis and reporting requirements and
minimum) of the inventory with the (or designee) to reconcile
Call Back Process using the registered standards (Step 1, 2, 3, 4)
relevant counterparties (banks). the outstanding positions to
contact information on file. The call - Poor debt management or
must be documented with a post excessive debt (Step 1, 2, 3, 4)
counterparty statements. Quarterly
Link to: Finance Policy and Treasury
confirmation via email. Directive - Unauthorized transactions/ 4. Group Head of Treasury approval
contracts made on behalf of is granted for any cash pool limit
Holcim (Step 1) increase (Cash pool participants
IMPACT and all entities in scope). Cash pool
- Financial losses breaches are reported to the Head
- Errors in financials Group Treasury and corrective
actions implemented within the
agreed time frame. Upon Change
59 Financial instruments,
60 Forex, interest rate,
TREASURY
borrowings, commitments commodities risks
and working capital schemes monitoring and hedging
Exposure to foreign exchange,
•F
inancial instruments, borrowings, • Countries trading in derivatives
commitments (e.g. trade finance locally due to regulatory reasons must interest and commodity risks 1. Monthly sign off and notification
facilities, surety bonds, guarantees quarterly reconcile the counterparties are regularly reported and to Group treasury of the exposure
lines…) and working capital schemes statements with the outstanding
hedged according to the Group in foreign currency and potential
(e.g. supply chain financing, factoring, positions. Fair values are those
off balance sheet inventory financing) indicated by Group Treasury. (Step 3) Treasury Directive foreign exchange or interest rate
and related disbursements can only exposure that may need to be
be entered into after having been • Cash pool limits are approved by hedged by Group Treasury. Monthly
approved by appropriate personnel Group Treasury. Cash pool drawings RISK
must remain within approved limits. - Improper management of foreign 2. Review and approval by the CFO
in accordance with local and Group
Any potential cash pool limit breach exchange (Step 1, 2) (or designee) of the consumption
Delegated Authorities and Group
Treasury Directive. The Treasury shall be immediately reported to the - Improper management of interest forecast and hedge ratio used to
Manager (or designated person) keeps Head Group Treasury and remediated rates risk (Step 1, 2) hedge energy price exposure on a
track of all disbursements related to with appropriate corrective actions. - Increase in energy costs quarterly basis and notification to the
the repayment of borrowings and Corrective actions are implemented (incl. AFR) (Step 1, 2) Energy desk if there is any change in
ensures that both the repayments and within the time frame agreed with
Group Treasury. (Step 4) IMPACT the underlying index used to procure
the related borrowings are properly the commodity. Quarterly
- Financial losses
recorded, including the recognition of Link to: Group Delegated Authorities,
current and non-current portions of the Finance Policy, Treasury Directive, HARP
liabilities. (Step 1) 4.9.2.1 What is a Financial Instrument,
•F
inancing contracts have to be in HARP 3.1.5 Commitments, Contingencies
and Guarantees, HARP 3.1.2.1.13 Supply
REQUIREMENTS
line with the Holcim guide on loan
documentation; any exception must Chain Financing (SCF), HARP 3.1.1.1.11.
• Exposure to foreign exchange, interest are denominated in their functional
be approved by Group Treasury. No Description for Factoring of Trade
risks are regularly reported and hedged currency whenever possible. Foreign
financial covenants are accepted. Receivables reporting (Off / on balance
according to the Group Treasury exchange leasing is not allowed. Foreign
Obtain Group Treasury approval for any sheet reporting), HARP 3.1.1.1.10
Directive and Foreign Exchange exchange exposure must be identified
financial contract not in line with the Off-balance Sheet Inventory Financing
& Interest Rate Risk Management and mitigated by natural hedging as
Holcim guide on loan documentation. Arrangement, HARP 3.1.1.1.2 Cash and
Directive. (Step 1) much as possible. (Step 2)
(Step 1, 2) Cash Equivalents, HARP 3.1.1.1.4 Short-
Term Financial Receivables, HARP • Foreign exchange, (FX), risks must • Exposure to commodity price risk is
• The list of all financial instruments, 3.1.2.1.02 Liabilities From Short-Term be mitigated by natural hedging as regularly followed up, hedged and
borrowings, commitments and working Financing, HARP 3.1.1.2.3 Long-Term much as possible. If not possible, reported according to the Financial Risk
capital schemes must be supported by Financial Receivables, HARP 3.1.2.2.2 it must be identified and managed Directive for Energy. (Step 2)
adequate documentation and signed Long-Term Financing Liabilities, HARP to the maximum extent possible in
off by the CFO (or designee) as well as 4.9.6.1 Credit Lines and Examples for cooperation with Group Treasury and in Link to: Group Delegated Authorities,
reported as per the reporting guidelines. Illustration Purposes, HARP Treasury accordance with the Group Delegated Finance Policy, Treasury Directive,
(Step 3) Information Management: 7.3.4.3.2 Authorities (GDA). (Step 1) Foreign Exchange (FX) & Interest Rate
Column Descriptions, 7.3.4.3.3 Row (IR) Risk Management Directive and
• Third party and intercompany financing Descriptions and HARP 7.3.4.3.4 Credit • Speculation is strictly forbidden. Financial Risk for Energy Directive
shall be renewed at least six months Line Column Descriptions Country financings and deposits
prior to maturity or earlier if required.
(Step 3)
Sustainability
61 Environmental
SUSTAINAABILITY
impact
Monitor and manage air
• All plants must have an environmental People must be aligned to commitments
emissions, water and waste 1. G
roup monitoring and reporting management system in place to ensure recorded in CEM Plant Development
to identify and address the requirements for air emissions (incl. that all environmental impacts and risks Plans (PDP) and other environmental
are effectively managed and mitigated. roadmaps where applicable. (Step 1)
environmental risks CO2), waste, water management
Environment related permits (e.g. • Water and Waste must be managed
and people are followed and an general environmental, emissions, water
annual management review to verify preferring reuse and recycling to
discharge, waste management) to be discharge and disposal, as per the the
RISK
compliance with Group policies, reviewed annually to ensure compliance. Circular Economy Policy, the Health,
-A ir emissions (e.g. dust, Nox, Sox)
exceeding authorized standards
directives and local regulations (Step 1) Safety and Environment (HSE) Internally
(Step 1) is conducted and action plans are Generated Waste standard and the
• Environmental impacts have to be
-E xcessive waste deposits and soil documented by Plant Manager, systematically identified according to Health, Safety and Environment Water
or water contamination (Step 1) and approved by the Country CEO. the following steps: (Step 1) Management Standard. (Step1)
- Failure in quarry rehabilitation and Annual • All countries and operating plants must
-Identify environmental aspects of
biodiversity management (Step 1) report at least yearly environmental data
activities, products and services over
-F ailure in water management (e.g. and KPIs in the Sustainable Reporting
which plants have control and/or
liquid effluents with detrimental Campaign according to Holcim
influence.
impact on water resources) (Step 1) Environmental Reporting guidelines.
-D eviation from CO2 reduction -Assess the risks linked to the identified (Step 1)
standards (incl. internal Group environmental aspects that may have a
significant impact. • Group Reporting Units (GRU) must report
targets) (Step 1)
monthly Sustainability KPIs according
-Maintain an up-to-date catalogue of to Group ARC instructions. Inaccuracy
IMPACT
significant environmental impacts or incompleteness of the KPIs in SAP-FC
during normal and abnormal operations. must be disclosed in the financial
- Financial losses • Environmental impacts must be certification package. Sustainable
systematically managed to sustain Development indicators reported
and further improve environmental to the Group are based on validated
performance, while controlling data source, calculation method,
environmental risks not only of our own and are reviewed for reasonableness
operations, but including the supply and validated by country sustainable
chain. Progress must be monitored, development senior management on a
evaluated and documented as required half yearly basis. (Step 1)
by the local regulations, or at least on an
annual basis. (Step 1) Link to: Health, Safety & Environmental
Policy, Nature Policy, Climate Policy,
• For Cement plants, install and operate Circular Economy Policy, Quarry
a continuous emission monitoring Rehabilitation and Biodiversity
equipment for dust, nitrogen oxides Directive, Sustainable Procurement
(NOX) sulfur dioxide (SO2), Volatile Directive, Health, Safety & Environment
Organic Compounds (VOC), carbon Internally Generated Waste Standard,
monoxide (CO) as per the Holcim Health, Safety & Environment Water
Emission Monitoring and Reporting Management Standard, Holcim Emission
standard. (Step 1) Monitoring and Reporting Standards
• Performance improvements on CO2 and Holcim Environmental Reporting
emissions, Water, Circular Economy and Guidelines
62 Social impact: human rights
SUSTAINAABILITY
and stakeholders
Implement the Human Rights
All Group Reporting Units (GRUs) must •S
takeholder Engagement: every
Approach to identify, monitor 1. Human rights assessment is ensure that the following 6 elements of site must have a Stakeholder Map
and remediate human rights- performed as per the Human Rights the Human Rights Approach are in place and a Human Rights & Stakeholder
Directive and approved by the entity according to Human Rights and Social Engagement Action Plan managed
related risks and impacts in our
Policy and Human Rights Directive: at local level and updated at least
operations, supply chain and CEO within a timetable agreed with
annually. The Group Sustainability will
the Group Sustainability. Annual • Identify human rights risks and impacts:
with our business partners approve the submitted Stakeholder
2. Human Rights & Stakeholder a lead designated by the CEO conducts Map and a Human Rights & Stakeholder
at least every 3 years a human rights Engagement Action Plan as per defined
Engagement Action Plans, including assessment based on their risk level
RISK human rights-related grievances, Group schedule. In cement plants and
- I nfringement of human rights covering our own operations, suppliers, grinding units, a Community Advisory
complaints and follow-up actions business partners and communities.
standards (Step 1, 2, 3) Panel (CAP) must be in place. (Step 3)
- Improper or insufficient
are reviewed and validated by the (Step 1)
stakeholders management (impact Local Executive Committee at least •M
onitor and communicate: results of the
• Address adverse impacts: all human rights assessments, an up-to-
& value creation) (Step 4, 5) annually and signed off by the entity assessments (impact or self) must result
- I neffective or unethical vendor CEO. Annual date version of the implementation
in a Human Rights and Stakeholder of the Human Rights and Stakeholder
selection process (incl. TPDD Engagement Action Plan that must be
3. Human Rights & Stakeholder Engagement Action Plans and other
process) (Step 1, 2, 3) reviewed at least annually. Major risks
-U nauthorized transactions/ Engagement Action Plan and other key performance indicators (KPIs)
or impacts must be immediately added defined by Group Sustainability must be
contracts made on behalf of KPIs are submitted by the GRU via
to the Action Plan, addressed by local reported via the Group reporting system
Holcim (Step 5) the Group reporting tool. Annual ExCo and reported to the relevant Group
- Corruption and Bribery (Step 5) annually. (Step 4)
4. A Stakeholder Engagement & Human function(s). (Step 1)
IMPACT Rights Action Plan is deployed for all •S
ocial initiatives are managed based
• Grievance and remedy: a clear site- on the local context and as per Group
- Compliance operational sites and the stakeholder level mechanism (phone number, email Delegated Authorities. (Step 5)
- Reputational damages mapping exists and are updated address, etc.) for internal and external
- Operational disruption every year. Annual stakeholders to raise issues related to Link to: Group Delegated Authorities,
- Financial losses our operations exists and is managed Human Rights and Social Policy, Human
5. Social investments, inclusive business
by a function appointed by the entity Rights Directive, Strategic Social
and donations are approved and ExCo. A record of all human rights- Investment, Sponsorship and Donations
documented according to Group related complaints must be kept and Directive and Sustainable Procurement
guidelines and Group Delegated related follow-up actions are added in Directive
Authorities. Upon Request the Human Rights and Stakeholders
Engagement Action Plan. (Step 2)
Operational
Technology (OT)
63 OT security baseline
OPERATIONAL TECHNOLOGY (OT)

controls for cement plants
and grinding stations
Reduce the risk of cyber attack
Note: Operational Technology (OT) • The logical access management
on the cement plant 1. OT roles and responsibilities per plant, Systems refers collectively to Cement requirements in terms of user lifecycle,
OT systems region and global level are assigned. Plant Industrial Applications and OT authentication and authorization as per
OT plant responsible and users are Infrastructure (Hardware, Operating section 3, including the management
trained. Annual System, Database, Network, Interfaces) of all remote access connections to or
RISK from the company networks. (Step 4)
2. OT asset Inventory is quarterly • Plant management responsibilities for
-S
uccessful cyber attack (IT/OT)
(Step 1, 2, 3, 4, 5, 6, 7)
reviewed and maintained in each plant. compliance (section 10); the personnel • All capable network enabled endpoints
Upgrade / replacement plans are having a logical and a physical access in the OT network zone (servers,
-B
usiness disruption due to IT/OT
defined in consultation with and in line to an OT endpoints must attend the workstations) should be protected
unavailability (Steps 3, 5, 6, 7)
regular OT cybersecurity training against malicious code with network
-U
nauthorized access, disclosure, with the corporate strategy. Quarterly
while OT users should have general anti-malware technologies (section 5.2).
modification, damage or loss of 3. Secure network architecture is awareness training (section 7); basic (Step 5)
data or the OT system
designed segregating IT and OT basic OT Cyber Incident Response Roles &
(Step 1, 2, 3, 4, 5, 6, 7) • Documented backup procedure needs
-L
ack of industrial asset
network zones (PCS, Industrial, Lab & Responsibilities defined (section 6.2).
(Step 1) to be in place for each critical OT system
maintenance (Step 1, 2, 6, 7) DMZ) by using firewalls.Traffic flows
(section 5.5). (Step 6)
between zones are controlled as per • OT asset inventory requirements
IMPACT section 2.4. Wireless networks are • OT equipment must be in locations
(section 6.3), patch management
- Operational disruption fulfilling physical and environment
restricted, unless hardened and secured requirements (section 5.3), and the
- Reputational damages security requirements (section 4).
- Financial Losses as per section 2.3. Upon Change upgrade/replacement strategy (section
5.4). (Step 2) OT servers must be located in server
- Fraud 4. Access is granted on need basis upon rooms meeting OT Server Room
request being approved by plant • The firewalls are installed and Requirements. (Step 7)
manager or delegated person. Access configured to effectively control and
limit all the data traffic flows between IT Link to: Cement Plant IT/OT Security
rights are reviewed quarterly. Remote
and the OT zones as per Cement Plant Group Standard and Minimal Control
access connections from external Standards for Operational Technology
IT/OT Security Group Standard - IT/OT
networks must not connect directly (OT)
network security requirements (sections
to PCS, Industrial and Lab zones, but 2.1, 2.2, 2.3 and 2.4). (Step 3)
through DMZ zone or above. Technical
measures are in place to authenticate,
authorize, and monitor the remote
access sessions. Upon request
5. Annual verification that the technical
measures are in place to prevent
malicious code (anti-malware, anti-
virus solutions). They are deployed on
all the OT equipment connected to the
OT networks. They are strictly following
the guidance principles. Annual
6. Backup & Restore procedures for OT
each critical systems must be defined
and documented including the need for
offsite storage of backup. Upon Change
7. Verify that OT equipments are placed
in locations fulfilling physical and
environment security requirements as
per Section 4 of the standard. Annual
Acronyms
Accounting, Reporting and Group Insurance and Risk Personally identifiable
Consolidation (ARC) Financing (GIRF) information (PII)
Anti-Bribery and Corruption Group Level Material Risks Property Damage /
(ABC) (GLMRs) Business Interruption
(PDBI)
Biodiversity Indicator and Group Reporting Unit
Reporting System (BIRS) (GRU) Property, Plant and
Equipment (PPE)
Board of Directors (BoD) Group Risk Insurance Tool
(GRIT) Resilience and Governance
Business Resilience Team
(RaG)
(BRT) Group Treasury i/o
Corporate Finance and Request for Proposal (RfP)
Business Service Centers
Treasury (CFT)
(BSCs) Risk with zero conflicts
Holcim Accounting and (RWZC)
Capital expenditures
Reporting Principles
(CAPEX) SAP Bank Communication
(HARP)
Manager (SAP-BCM)
Cash-Generating Unit
Health, Safety and
(CGU) SAP Flexible Real Estate
Environment (HSE)
Management (RE-FX)
Change in structure (CIS)
Health, Safety &
SAP Governance, Risk, and
Conflict of Interests (COI) Environment Improvement
Compliance (SAP-GRC)
Plan (HSEIP)
Construction in Progress
SAP- Financial
(CIP) Information Technology (IT)
Consolidation (SAP-FC)
Country Chief Executive Information Technology
Security & Resilience
Officer (CCEO) Service Centers (ITSCs)
Management System
Country Security International Financial (SRMS)
Representative (CSR) Reporting Standards (IFRS)
Security Incident
Data Universal Numbering International Organization Notification Tool (SINT)
System (DUNS) for Standardization (ISOs)
Security Services with
Delegation of authority Key Performance Indicators Integrity (SSI)
(DoA) (KPIs)
Segregation of Duties (SoD)
Direct Debit (DD) Legal Entity Management
Senior Leaders Group (SLG)
Tool (Umbrella)
Directors & Officers (D&O)
Sites Mapping Application
Manual Journal Entries
Enterprise Resource (SMA
(MJEs)
Planning (ERP)
Terrorist & Organised Crime
Mid-Term Plan (MTP)
Environmental, social, and (TOC)
governance (ESG) Minimum Control Standards
Third Party Due Diligence
(MCS)
Expected Credit Loss Model (TPDD)
(ECL) Operating expenses
Third Party Liability (TPL)
(OPEX)
Foreign Exchange
Uncertain Tax Positions
(FOREX or FX) Operational Technology
(UTPs)
(OT)
Generally Accepted
Value Added Tax (VAT)
Accounting Principles Pension and Benefits
(GAAP) Governance Team (PBGT)
Group Delegated People on Board (POB)
Authorities (GDA)
132 HOLCIM • MINIMUM CONTROL STANDARDS

Holcim Ltd.
Group Internal Control
Grafenauweg 10
6300 Zug
Group.Internal-Control@holcim.com
www.holcim.com

MCS Booklet 2024

Uploaded by

Copyright:

Available Formats

MCS Booklet 2024

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MCS Booklet 2024

Uploaded by

Copyright:

Available Formats

MINIMUM CONTROL

As a global leader in our industry, Holcim adheres to the highest of

At the same time, we ensure our license to operate towards government

Minimum Control Standards are the capstone of our Corporate Governance

These minimum control standards are mandatory throughout our

It is crucial that we engage them in the Minimum Control Standards

Group Internal Control

GOVERNANCE AND COMPLIANCE 11

02 Compliance with Fair Competition laws and requirements 14 H ● ●

03 Related party transactions and conflict of interests 15 H ● ● ●

04 Board of Directors secretarial requirements 17 ●

05 Health, Safety & Environment 18 ● ● ●

07 Mitigation of business risks - Security 20 ● ● ● ●

08 Mitigation of business risks - Group insurance 22 ●

09 Mitigation of business risks - Business Resilience System 24 ● ● ●

11 Personal data protection 28 H ● ●

12 Segregation of duties and user access review 30 ● ●

13 Delegation of authorities and approval workflows 32 ● ● ●

15 Review of contracts by Finance 35 ● ●

16 Management of titles, licenses and permits 38 H ● ● ●

17 Quarry reserves and provisions for restoration and rehabilitation 40 ● ● ●

18 Classification and depreciation of fixed assets 42 ●

19 Physical verification of fixed assets 44 ● ● ●

20 Management of customer and material master data 46 H ● ● ●

22 Control of customer credit limits 50 H ● ●

23 Matching of sales orders, shipments and invoices 51 ● ● ●

24 Accounts receivable valuation 53 ● ● ●

27 Compliance with payroll and local labor laws 60 ● ●

28 Employee pension and benefit plans 61 ● ●

29 Management of supplier master data 64 H ● ●

30 Supplier qualification and claim management 66 H ● ● ●

31 Three-way match, two-way match and direct vendor invoices 68 ● ● ●

33 Accruals for expenditures not invoiced 72 ●

36 Management of access to IT systems 82 ● ●

37 Review of IT user access rights to production IT systems 83 ● ●

38 Security configuration settings and batch job management 84 ● ●

39 Data backup, storage and restoration process 85 ● ●

40 Managing changes to IT systems 86 ● ●

ACCOUNTING AND CONSOLIDATION 89

41 Compliance with accounting and reporting standards 90 ● ●

42 Reconciliation of general ledger accounts 91 ●

43 Reconciliation of bank accounts 93 ● ● ●

44 Reconciliation of intercompany balances 94 ● ●

45 Manual journal entries 96 ● ● ●

46 Impairment of goodwill, intangible assets and tangible assets 97 ●

47 Transactions in a foreign currency 99 ●

48 Management of legal structure and consolidation hierarchy 100 ●

49 Consolidation of financial statements 102 ●

50 Statutory financial statements 103 ●

51 Tax risk assessment and reporting 106 ● ●

52 Tax filings and payments 107 ● ●

53 Deferred and current income tax calculations 108 ● ●

54 Transfer pricing 109 ● ●

55 Non-income (indirect) taxes 110 ● ●

56 Bank relations 112 H ● ●

58 Secure payment means 116 ● ●

59 Financial instruments, borrowings, commitments and working capital schemes 119 ● ●

60 Forex, interest rate, commodities risks monitoring and hedging 121 ●

61 Environmental impact 124 ● ● ●

62 Social impact: human rights and stakeholders 126 H ● ● ●

• The organization’s commitment to

• Minimum implementation requirements: • Audit, Assurance and Performance:

provisions for restoration • Reserves for cement production sites