Assystem - 2018 Register document

RISK GOVERNANCE AND MANAGEMENT 2 Assystem conducts its business in a constantly-changing environment. The Group is therefore exposed to risks which, if they materialise, could have a significant adverse effect on its business, financial position and/or earnings. This Chapter sets out the risk governance system set up by Assystem as well as the risk factors to which the Group could be exposed, including risks related to the economic environment, operational risks, financial risks, HR risks, risks related to information systems, legal, regulatory and tax risks, industrial and environmental risks and risks related to acquisitions. The Group considers that there are no relevant significant risks to which it is exposed other than those described below. A description of the type and impact of each risk factor is set out below, together with an explanation of the measures taken to reduce those risks. The specific internal control and risk management procedures put in place by the Company related to preparing and processing accounting and financial information are described in Chapter 5 of this Registration Document. The Group’s internal control system comprises a combination of resources, procedures, behavioural standards and actions adapted to the specific features of each Group company and the Group as a whole. This overall system: ● helps the Group manage its business activities and ensure the effectiveness of its operations and the efficient use of its resources; ● is designed to enable the Group to appropriately factor in the significant risks to which it is exposed (operational, financial and compliance-related risks). The purpose of internal control is to ensure: ● compliance with the applicable legislation and regulations;

● the application of instructions and guidelines stipulated by the Board of Directors; ● the smooth functioning of each entity’s internal procedures, in particular those designed to take into account risks encountered in their activity and consequently, to safeguard assets; However, internal control cannot provide an absolute guarantee that Assystem’s internal control objectives will be met, as any internal control system has inherent limitations. These limitations are due to various factors, such as uncertainties in the external environment, the exercise of judgement, or the cost/benefit relationship of setting up new control mechanisms. Assystem’s internal control system concerns all fully consolidated subsidiaries controlled by the Group. The summary information set out below relating to internal control procedures is focused on significant elements that could have an impact on the accounting and financial information published by the Group. The Group has chosen to apply the internal control framework advocated by the AMF in its position-recommendation no. 2016-08 dated 26 October 2016. The internal control procedures in place within the Group, and notably those relating to the preparation and processing of accounting and financial information, are broken down on the basis of the five main components of internal control (see Section 2.1.3 below). The Sections below also describe the procedures in place for identifying, analysing and managing accounting and financial risks. ● the reliability of financial information.

18

ASSYSTEM

REGISTRATION DOCUMENT 2018