AXWAY_REGISTRATION_DOCUMENT_2017

CONSOLIDATED FINANCIAL STATEMENTS AXWAY GROUP AND ITS BUSINESS ACTIVITIES Report of the Board of Directors on corporate governance and internal control CORPORATE GOVERNANCE CORPORATE RESPONSIBILITY

2017 ANNUAL FINANCIAL STATEMENTS

CAPITAL AND AXWAY SOFTWARE STOCK

INFORMATIONS ADMINISTRATIVES ETbJURIDIQUES

COMBINED GENERAL MEETING OFb6bJUNEb2018

control, assist and provide training. Its regular meetings are adjusted according to the different perspectives considered: ● a weekly basis for a monthly horizon: this meeting gives priority to operational monitoring of the activity, and makes it possible to ensure the monitoring of forecasts, execution, and production; in the area of sales, it treats major contracts on a priority basis; it is also the body which deals with alerts and risks, in particular operational or client-related; ● a monthly basis for an annual horizon: in addition to the issues handled on a weekly basis, additional emphasis is placed on economic indicators: previous month’s results, review of annual forecasts, budget monitoring,Ǿetc.; ● an annual basis for the multi-year timeframe: the budgetary approach falls within the framework of the strategic plan. The Company steering system is backed by a reporting system developed by the IT Department in collaboration with the operating divisions and Functional Departments. The Company’s risk identification and management process aims to anticipate or address risks as quickly possible to favor attainment of its objectives. All staff members, both employees and management, are active participants in this process. The operation of the risk management process is under the supervision of Executive Management, which receives information on risks from operational, functional and audit staff. The risk factors identified through this system are listed in ChapterǾ1, SectionǾ13 (“Risk factors”) of this Registration Document. c. Risk identification and management process Standardized steering meetings taking place at all levels across all activities are an essential tool for the identification and management of risks. They ensure identification of operating and functional risks so that they can be handled at the most appropriate level of the organization. Operational risks associated with business activities, which are classified as “alerts” in Axway’s in-house lexicon when they are significant for the entity that identifies them, are handled immediately or are included in the weekly review carried out at each of the three levels of the organization with the aim of implementing an appropriate action plan as quickly as possible. The organization and definition of responsibilities generally allows for decisions to be taken swiftly, addressing concerns Operational risk identification, analysis and management

at the level of action, accompanied if necessary by approval from the next reporting level. When a decision is required at the Company level, the procedures for the handling of risks (person in charge, time limit granted for the implementation of action plans) are usually determined by the Executive Committee (ExCom) during its meetings, in keeping with Axway’s strategic objectives. The Company’s functional divisions responsible for the definition and proper application of policies relating in particular to Human Resources, financing, legal aspects and IT systems, report on a monthly basis to Executive Management on any newly identified risks, the assessment of their possible consequences and the procedures for prevention or remediation put in place or planned. Risk map A risk map was created, with the involvement of the Executive Committee (ExCom) in particular; it is updated regularly and examined by the Executive Management and the Audit Committee. This map covers all the Company’s business areas (the “Audit Universe”). For each area and issue identified, we assess the associated risks, depending on their potential impact and the probability of occurrence. The issues and risks covered are consistent with the “Risk factors” described in ChapterǾ1 SectionǾ13 and are in line with the challenges identified under “Strategy and activities” of this Registration Document. The risk map is also used to create an annual internal audit plan to focus resources on the areas and risks that are strategic for the Company. d. Control activities Control activities take place throughout the Company, at all levels and in all functions. They include controls aimed at prevention and detection, manual and electronic controls, as well as supervisory controls pursuant to applicable delegation rules. The Functional Divisions play a special role in risk management by providing assistance and guidance to operational staff, using a preventive approach to perform the mandatory consultations required, where applicable, by procedures such as those related to contractual and spending commitments or by performing controls on the application of procedures and the results obtained (in particular, controls relating to the quality of data entered into the information system). A specific role is assigned to the Finance Department (Management Audit, Process entity, Risk & Security) and the Legal Department.

98

AXWAY - 2017 REGISTRATION DOCUMENT

www.axway.com