ADP_REGISTRATION_DOCUMENT_2017

ORGANISATION CHART

RISK FACTORS

PERSONS RESPONSIBLE FOR THE REGISTRATION DOCUMENT AND ANNUAL FINANCIAL REPORT

STATUTORY AUDITORS

SELECTED FINANCIAL INFORMATION

INFORMATION ON THE COMPANY

BUSINESS OVERVIEW

REAL ESTATE ASSETS AND FACILITIES

REVIEW OF THE FINANCIAL POSITION AND INCOME

EQUITY AND CASH FLOWS

Description of the risk management and internal control system Cornerstone of the system ◆ Two charters manage the global system within the group. These concern: ◆ risk management and internal control: the charter indicates that the group applies the provisions of the AMF reference framework published in 2007 and updated in July 2010, ◆ internal audit: the charter is based on international standards and the internal audit code of ethics distributed in France by the French Institute for Audit and Internal Control (IFACI) and which constitutes the international reference framework for internal audit. ◆ A risk management guideline describing the methodology is currently being updated and will complete the system; ◆ For Groupe ADP, ethics and compliance are true levers for developing trust with all stakeholders. Groupe ADP has, therefore, set them as governance principles. Carried by Executive Management and designed to guide working behaviour for all employees, they are described in the paragraph of Chapter 4 “Groupe ADP’s ethics commitment”. Risk Management This system aims to provide an overall, fair vision of the group’s major risks and their level of control, in order to anticipate them. A mapping is updated annually to provide the group’s stakeholders with an overall, shared and discussed vision of the risks. It enables the group to identify the major risks and prioritise and deal with them and to monitor the actions identified within this framework. Risks are prioritised according to their critical level, given the existing control measures. Major risks and risks deemed unacceptable 1 are the subject of priority handling. After a review in the Risks and Internal Control Operational Committee (CORCI), the mapping is submitted to the Comex, then presented to the Audit and Risk Committee and the Board of Directors. Business continuity and crisis management Through this approach, Aéroports de Paris aims to better control extreme risks. For this, it is supported by a group Policy on Business Continuity (PGCA). Its aim is to guarantee essential services for the Company’s operations. For each of the critical processes identified, the PGCA indicates the objectives, principles, responsibilities and main procedures. It is reflected in a business continuity plan (PCA) for each of the platforms (Paris-Charles de Gaulle, Paris-Orly and Paris-Le Bourget) and for each of the essential support activities for airport operations (IT systems and human resources). A pandemic plan completes the approach. With regard to crisis management, Aéroports de Paris’ system aims to ensure continuity of the group’s operational control and the quality of its response to sudden, unexpected events. It must contribute to optimally keep the activities at satisfying levels of quality while remaining in compliance with the security and safety obligations. A booklet describing the group’s management continuity and crisis management was formalised in 2017. Crisis exercises are also carried out several times per year to test the system’s effectiveness. Lastly, feedback on experience (REX) carried out after crisis situations contributes to continuously improving the system. The REX policy indicates the analysis methodology to be followed.

Internal control The aim of this permanent system is to contribute to controlling the group’s businesses, the effectiveness of its operations and the efficient use of its resources. To further secure the group’s activities and optimise transversality between entities and operating modes, an internal control deployment plan through cross-entity processes was decided in 2016. In 2017, it led to the formalisation of a mapping of major group processes and the identification of internal control pilots. Work began to strengthen the internal control of five strategic processes. Management systems Certain divisions and subsidiaries write their interventions into their management systems initiatives that constitute, for all or part of their activity, their risk control mechanism. These management systems initiatives which attest to the formalisation of professional practices, the analysis and management of issues related to relevant industry standards, the risks analysis, the compliance with relevant regulation, and the enrolment of all staff into the continuous improvement programme. In 2017, the entities that already had management systems obtained ISO 9001 certification 2015 version, excluding Paris-Orly airport that obtained it in 2018. The certificates of entities certified ISO 14001 are currently being converted to comply with the 2015 version. Aéroports de Paris’ Purchasing Department and Engineering & The internal control and risk management systems are monitored by: ◆ the monitoring of major incidents and incidents due to unacceptable risks; ◆ the Corporate Audit and Internal Control Division; ◆ external structures, such as the Statutory Auditors and other relevant organisations, notably Government services. Major incidents Major incidents or incidents due to unacceptable risks are collected by Aéroports de Paris’ Divisions and wholly-owned subsidiaries. A review of these declared incidents is sent to the Chairman & Chief Executive Officer and Chief Operating Officer semi-annually. Internal audit The system aims to provide, in complete independence, the Company and the group with reasonable assurance over the degree of control over its operations, provide advice on improvements and contribute to creating added value. Certified by IFACI since 2008, the Corporate Audit and Internal Control Division assesses the operation of the risk management and internal control systems. Through its recommendations, it contributes to improving safety and optimising the overall performance of the Company and its subsidiaries. In 2017, an audit on Groupe ADP’s risk management system was conducted. It confirmed that the process complies with AMF guidelines. The annual audit programme is presented to the Comex and examined by the Audit and Risks Committee. Development Divisions were certified ISO 9001. Periodic monitoring of the system

04

1 The Group defines the risks that, whatever their level of criticality, are unacceptable. These are subject to specific monitoring and the different entities are required to be extremely vigilant with regard to them.

15

AÉROPORTS DE PARIS  REGISTRATION DOCUMENT 2017

Made with FlippingBook Online newsletter