2021 Universal Registration Document

3 CORPORATE GOVERNANCE

Organisation and operation of governance

update of the internal audit charter, − with regard to knowledge of the business: •

Its meeting on the annual financial statements is held at least twenty-four hours before that of the Board of Directors. Prior to that, two preparatory sessions are held to address issues of methodology or specific points on the preparation and presentation of the financial statements as well as risk exposure, including social and environmental risks. The main items of business in 2021, dealt with either at the Company’s initiative or at the request of the Committee, were as follows: with regard to monitoring the procedure for preparing p accounting and financial information and financial policy: review of cash-generating units and asset impairment testing • for 2020, approval of the financial statements for the year ended • 31 December 2020, monitoring of the accounting and financial consequences of • the public health crisis, recognition in the Company’s accounts of the consequences of • the cyberattack, presentation by the Statutory Auditors of the results of the • statutory audit, interim reviews and the accounting options adopted, review of the 2021 interim financial statements, • the Group’s credit lines (amount of guaranteed credit lines, • maturity, monitoring of covenants), off-balance sheet commitments and guarantees given under • the delegated authority of the Board of Directors, organisation, priorities and specific projects for the Finance • department in 2021 and 2022, priorities and procedures in relation to the green taxonomy, • objectives and terms of investor relationships; • with regard to knowledge of the business, monitoring the p effectiveness of internal control and risk management procedures: with regard to the Internal Control Department: • review of the organisation and work by the department in − charge of internal control and risk management, three risk mapping exercises (overall exercise, mapping of the − risk of corruption and influence peddling and mapping of risk relating to CSR risks – duty of vigilance), review of the presentation of risk exposure, including social and − environmental risks, for the draft 2020 Universal Registration Document, further detailed work on the presentation of the Company’s risk − management policy, an update on insurance cover, − an update on the rollout of Group rules; − significant changes in the Company’s legal environment, − with regard to the Internal Audit Department: • organisation of the internal audit function and the work − programme for 2021, findings of internal audit reports, − the “audit universe” (terminology used for the Group’s key − processes), checks on the exhaustiveness of the internal audit function’s − coverage of the Group, follow-up on implementation of recommendations from − internal and external audit assignments,

presentation of the Infrastructure & Cloud Services business, − Presentation of cyber risks and steps taken to manage them − (two separate meetings), with regard to the management of the statutory audit of the p financial statements: statutory audit engagement (scope, work schedule, fees for the • past year, budget), the independence of the Statutory Auditors, • prior authorisation for services other than the certification of • the accounts, with regard to the Committee’s own organisation and activities: p overview of the Audit Committee’s activities in 2020, • key priorities for 2021, • the annual work schedule, • review of the Committee’s operating charter, • committee self-assessment. • The Independent Directors sitting on the Committee heard the Statutory Auditors, with no members of management in attendance. The same was true of the Director of Internal Audit. Minutes are prepared after every meeting and are then approved at the beginning of the following meeting. When requests by the Audit Committee cannot be satisfied immediately, they are subject to a formal follow-up procedure in order to ensure that they are addressed in full at the meetings scheduled throughout the year. Thirteen specific requests were formulated using this approach in 2021 and were, or will be, added to the meeting agendas established on the basis of the Committee’s annual work plan. The Nomination, Governance, Ethics and Corporate b. Responsibility Committee The Board’s internal rules and regulations and an operating charter govern the composition and functioning of the Nomination, Governance, Ethics and Corporate Responsibility Committee. The operating charter has been reviewed at regular intervals by the Committee and was approved by the Board of Directors on 25 February 2021. Its current members are: Kathleen Clark Bracco, permanent representative of Sopra GMT – p Chairwoman; Éric Hayat; p Noëlle Lenoir (Independent Director); p Pierre Pasquier; p Jean-Luc Placet (Independent Director); p Jean-François Sammarcelli (Independent Director); p Jessica Scale (Independent Director). p The Chairman of the Board of Directors sits on the Nomination, Governance, Ethics and Corporate Responsibility Committee. The Committee hears the Chief Executive Officer on the items of business as necessary. The Committee has no decision-making powers of its own, but rather submits its findings and recommendations to the Board of Directors in support of the Board’s decisions. In the performance of its duties, the Committee may: receive any internal documentation necessary for its purposes; p hear any person affiliated with or external to the Company; p where applicable, retain the services of independent experts at p the Company’s expense to assist it.

77

SOPRA STERIA UNIVERSAL REGISTRATION DOCUMENT 2021