Assystem - 2018 Register document

RISK GOVERNANCE AND MANAGEMENT RISK GOVERNANCE AND MANAGEMENT

2.1 RISK GOVERNANCE AND MANAGEMENT

2.1.1

RISK GOVERNANCE

The overall internal control system forms an integrated framework covering the entire scope of the Group: divisions, business units, legal entities, countries, departments and all business processes. Assystem’s Board of Directors is ultimately responsible for verifying that the internal control system is implemented and works properly. Since it is responsible for initiating and spearheading the Group’s clearly-expressed strategy of deploying an integrated internal control system, Assystem’s management team is the system’s owner. However, all Group players are part-owners in the sense that they are the agents and custodians of the system. The table below summarises the main roles and responsibilities of each category of internal control player.

2.1.1.1 Internal control players and organisation of internal control procedures The Group has a full set of measures in place intended to control and reduce risks that if they were to occur could prevent it from achieving its objectives. These measures take the form of procedures, instructions, supervisory arrangements, authorisations, delegations of responsibility, etc.

2

Internal control player

Internal control roles and responsibilities

• initiates and spearheads the internal control system by relaying clear information and guidelines; • is responsible for verifying that the internal control system is deployed across the Group and ensuring that it works properly; • ensures that the internal control system is in line with the Group’s risk management strategy. • ensures that the Group has a consistent internal control system that is compatible with its overall business strategy and risk profile; • approves the internal control system and is regularly informed of the findings of audits and the recommendations implemented; • consults the executive management team in order to form an opinion on the construction and effectiveness of the internal control system; • ensures the effective functioning of the risk management process related to the preparation of financial information. • steers the Group’s business strategy and sets the targets for consolidated entities, allocates the resources necessary for their achievement and tracks performance based on those targets; • works in conjunction with the Quality Department to ensure that client projects are performed to the required standards. • plays a key role in internal control due to the cross-disciplinary skills and responsibilities of the financial control, treasury and tax units, relayed by the division – and country-level finance managers.

Board of Directors

Audit Committee

Group executive management team

Finance Department

• plays a key role in internal control and alerts the executive management team where necessary.

Legal Affairs & Compliance Department

• is responsible for deploying the internal control system within the scope of its remit (i.e. its BU, legal entity, country or department) and ensuring that it works properly; • ensures that the internal control system is aligned with the structure, strategy and organisation of its scope of remit.

Operations management

• are actively involved in implementing the internal control system; • carry out work and operations in compliance with the established internal control system; • inform management of any malfunctions and help determine remedial measures.

Operations and support staff

2.1.1.2 Internal control objectives The Group’s internal control system aims to provide appropriate and reasonable assurance of: ● compliance with the applicable legislation and regulations; ● the proper functioning of internal processes, such as those used to safeguard the Group’s business and assets; and ● the application of instructions and guidelines stipulated by the Board of Directors. More generally, it helps the Group manage its business activities and ensure the effectiveness of its operations and processes and the efficient use of its resources. In line with the above, the internal control system has five main objectives which can be summarised as follows: ● the reliability of financial information;

The overall system also involves the participation of external players, including the Statutory Auditors. It is not part of the legal engagement of the Statutory Auditors to assume ownership of the internal control and risk management systems. Their responsibility is to review these systems and to issue an independent opinion on their suitability. Each year the Statutory Auditors perform a Group audit as part of their legal engagement to certify the consolidated financial statements and the separate financial statements of Group companies. In compliance with French commercial law, the certification of Assystem’s consolidated and parent company financial statements is carried out by two Statutory Auditors, who jointly examine all the financial statements, the methods used for their preparation and specific internal control procedures related to the preparation of accounting and financial information.

19

ASSYSTEM

REGISTRATION DOCUMENT 2018