AXWAY_REGISTRATION_DOCUMENT_2017

CONSOLIDATED FINANCIAL STATEMENTS AXWAY GROUP AND ITS BUSINESS ACTIVITIES Report of the Board of Directors on corporate governance and internal control CORPORATE GOVERNANCE CORPORATE RESPONSIBILITY

2017 ANNUAL FINANCIAL STATEMENTS

CAPITAL AND AXWAY SOFTWARE STOCK

INFORMATIONS ADMINISTRATIVES ETbJURIDIQUES

COMBINED GENERAL MEETING OFb6bJUNEb2018

3.4.3 Internal control and risk management procedures implemented by the Company

in the scope of consolidation with the aim of reducing the risk factors to an acceptable level, helping the Company achieve its objectives and providing reasonable assurance on their implementation. In the event of a new acquisition, this company will be fully consolidated, within a reasonable delay, into the global internal control and risk management system. As with any control system, it cannot provide an absolute guarantee that such risks have been totally avoided, eliminated or controlled, or that the Group’s objectives can be achieved. Axway’s system comprises the five components defined by the AMF reference framework: (a.)Ǿorganization (b.)Ǿinternal dissemination of information (c.)Ǿ a risk identification and management process (d.)Ǿcontrol measures (e.)Ǿcontinuous monitoring of the system. Axway’s legal structure is designed to be as simple as possible, involving a single company per country, except for temporary situations resulting from acquisitions. At 31ǾDecember 2017, the Group was composed of 26 active companies. The legal structure is presented under “Simplified Group structure at 31ǾDecember 2017”: ChapterǾ1 SectionǾ7. All Group companies are fully consolidated, with Axway Software holding 100% of the capital of these subsidiaries. The Company thus controls, either directly or indirectly, all subsidiaries within the Group of which it is the parent. There are no ad hoc entities outside of the scope of consolidation. Internal organization The Group’s internal risk management organization consists of the following three levels: ● the Executive Committee (ExCom): Chief Executive Officer, Directors of the Operating Divisions, Directors of the Functional Structures; ● centralized functional structures for the Company as a whole (Human Resources, Finance, IT,Ǿetc.); ● operating divisions focused on a specific aspect of software publishing (Global Solutions, Products & Engineering, Marketing, Sales, Global Customer Service) and Business Units, administrative, regional or national branches of these divisions. a. Organization Organizational framework Legal structure

Legal and regulatory amendments that occurred during the 2017 fiscal year now only require the Company to provide details regarding the internal control system and financial risk management. Nevertheless, the Company deemed it useful to continue providing information about internal controls and general risk management to keep its shareholders better- informed. Internal control and risk management system Axway’s internal control and risk management system is based on the framework and implementation guidelines published by the Autorité des marchés financiers (AMF) in JulyǾ2010, and on the recommendations of the AMF, in particular position- recommendation 2016-05 of OctoberǾ 2016 on periodic information for companies listed on a regulated market. According to the definition of the AMF’s reference framework, internal control is “a system set up by the Company, defined and implemented under its responsibility, which aims to ensure: ● the application of instructions and guidelines determined by Executive Management; ● the proper functioning of the Company’s internal processes, particularly those intended to safeguard its assets; In general, internal control contributes to the control of the Company’s activities, the effectiveness of its operations and the efficient use of its resources. It is also aimed at managing material risks in an appropriate way, whether these risks are operational, financial or compliance-related, and at helping implement the Company’s strategy. With regard to risk management, its aim is to: ● create and preserve the Company’s value, assets and reputation; ● safeguard decision-making and other Company processes in order to promote the achievement of objectives; ● promote the consistency of the actions taken with the Company’s values; ● give Company employees a common vision of the main risks. The risks that the Company faces are described in ChapterǾ1 SectionǾ13 (“Risk factors”). All of the internal control system and risk management procedures described hereunder are implemented in all entities ● the reliability of financial disclosures.” ● compliance with laws and regulations;

96

AXWAY - 2017 REGISTRATION DOCUMENT

www.axway.com