Assystem - 2018 Register document

2

RISK GOVERNANCE AND MANAGEMENT RISK GOVERNANCE AND MANAGEMENT

● low to medium probability/low to medium impact: risks requiring that the Board of Directors is regularly informed in order to provide it with reasonable assurance of the proper functioning of controls aimed at mitigating the impact in the event that the risks occur; ● low probability/low impact: non-priority risks requiring that the Board of Directors is periodically informed in order to provide it with reasonable assurance of the proper functioning of controls aimed at containing the risks in this category or completely eliminating them. 2.1.3.1 Control activities in line with objectives In view of the Group’s high degree of decentralisation and its policy of delegating powers and responsibilities, the scope of the controls implemented is defined by each subsidiary’s management team based on the Group’s underlying internal control framework. The main purpose of the controls performed is to reduce the major risks to which the Group is exposed. The principal categories of control activities cover the following areas: ● contract authorisation: the Group has established delegation principles which give the appropriate managers the necessary powers to authorise contracts. The controls performed cover each contract phase: 2.1.3 INTERNAL CONTROL ● contract review: the Legal Affairs & Compliance Department conducts an independent review of major bids, contracts and contract riders before they are submitted or signed. This department is also responsible for updating, where necessary, the General Terms and Conditions of Service, which are appended to client invoices. It also drafts any specific terms and conditions of service when required, adapting them to each country and type of risk concerned; ● time management and billing: each subsidiary verifies the time entered into the applications used for this purpose. The controls carried out ensure that time is correctly allocated to ongoing projects and also trigger client invoicing; ● payments: the Group has introduced a dual signature policy for means of payment. In line with this policy, the Company defines thresholds for the authorisation of subsidiaries’ expenses based on categories of authorised signatories. A secure bank messaging system is used to ensure that the policy is respected. In order to reinforce the supervision and control of certain geographically distanced subsidiaries, the Group Treasury Department receives details of monthly expenses incurred and carries out ex-post controls on these expenses; ● budget and budget adjustments: each subsidiary presents the budget that it has drawn up for the current financial year to the members of ● selection of invitations to tender, ● submission of bids, ● definition of billing rates and pricing, ● contract riders;

the executive management team who approve budgets. The same procedure applies to budget adjustments that are made during the year; ● periodic results and reporting: periodic results are reported every month via the reporting and consolidation application. The Group Finance Department conducts a critical review of these results and obtains any further information that it may require from the relevant subsidiaries. The Group also places particular importance on segregating tasks in order to strengthen the controls undertaken in relation to critical transactions, particularly payments. In small-sized entities, the appropriate segregation of tasks is sometimes difficult to achieve owing to the entity’s organisational structure. In such cases, specific controls are put in place, essentially in the form of increased supervision by management, which conducts an independent review of critical transactions for control and authorisation purposes. 2.1.3.2 Ongoing monitoring of the internal control process Determining the general principles of the internal control system and overseeing the internal control process are two of the primary duties of the Board of Directors, the Audit Committee and the Group’s executive management team. The executive management team is responsible for ensuring that the system is properly implemented across the Group and works in conjunction with the relevant support functions to achieve this objective. 2.1.3.3 2019 action plan The Group has made internal control part of a continuous improvement plan with the aim of enhancing the operational effectiveness of its processes for preparing and processing accounting and financial information. In line with this, the action plan drawn up for 2019 notably includes carrying out a priority review of recently-acquired subsidiaries, covering financial, organisational and operational issues. In 2011 Assystem signed up to the UN Global Compact which sets out ten universal principles covering human rights, labour, the environment and anti-corruption measures. It reaffirmed its pledge to uphold these principles in a letter dated 16 January 2017. 2.1.4.1 Securities Trading Code of Conduct The Board is guided in its work by its Rules of Procedure which define its modus operandi and include a Securities Trading Code of Conduct. The Board regularly reviews its Rules of Procedure in order to ensure that they constantly comply with the applicable laws and regulations. 2.1.4 COMBATING CORRUPTION AND INFLUENCE PEDDLING

24

ASSYSTEM

REGISTRATION DOCUMENT 2018

Made with FlippingBook - Online Brochure Maker