CAPGEMINI_REGISTRATION_DOCUMENT_2017

2

CORPORATE GOVERNANCE - RISKS{AND INTERNAL{CONTROL

2.5 Risks and internal control

Suppliers and sub-contractors

Business interruption risk also includes employee travel to countries that are geopolitically unstable or to dangerous regions where there is a risk to their physical integrity. Risk management systems The use of a large number of production sites across the globe reduces business interruption risk by favoring backup solutions. In addition, production systems and services provided by the Group to its subsidiaries are duplicated and covered by back-up plans that are tested periodically. Telecommunications networks used by the Group are duplicated in cases where offshore production resources are deployed. In the event of a breakdown in the preferred (fastest) communications network between Europe and India, service continuity is ensured by tried and tested alternative routes. For example, the Group's Indian subsidiary has set up a Business Continuity Management (BCM) structure to ensure service continuity in line with the Good Practice Guidelines of the Business Continuity Institute (BCI). Where required by specific contracts, a business continuity plan is prepared by selecting appropriate measures according to the criticality of the service. Reviews and simulations are performed to test the efficiency of these plans. Certain entities have heightened security requirements reflecting specific client needs and they are consequently certified ISO 27001 compliant by an independent agency. Capgemini has implemented an audit program of internal and external risks at its operating sites, in partnership with an external consultant, covering environmental, health and safety issues. This program is being roll-out progressively, focusing initially on the Group’s main sites: 19 audits were performed in 2017. Audit recommendations are then monitored by the integrated site management team. With regard to employee security, the Group restricts operations to countries able to offer satisfactory guarantees in terms of individual security. Work on client engagements in certain countries classified as “at risk” is subject to approval by the Group Review Board. Rules and procedures have been drawn up for “at risk” territories in which the Group conducts engagements in order to satisfy the demands of its major clients. Specific contracts have been agreed with organizations specialized in managing these risks to assess independently the risk exposure in each country. Accordingly, some countries are subject to strict travel bans. The risk is reassessed continuously based on the geopolitical position and warning systems are used to inform employees of country risks. Strict approval criteria must be met before employees travel to work in countries where there are no existing Group operations, and even stricter criteria apply in the event that employees are sent to countries considered “at risk”. Every employee required to work abroad receives specific training. Finally, a dedicated worldwide insurance program provides assistance to all employees covering their security, medical emergencies and potential repatriation (see the Insurance section of this chapter).

Risk factors Capgemini business relies in part on products and services provided by suppliers. While alternative solutions exist for most of these products and services, the failure of a supplier to deliver specific technology or expertise could have prejudicial consequences for certain projects. The bankruptcy of a supplier, its takeover by a competitor (and a change in its current service offer/product range), a change in its sales model, such as the use of Cloud Computing for IT services, or a technical (fire or natural event) or human (error/negligence or malicious act) incident could generate additional risks. Finally, the poor management of expenditure incurred with a third party, budget overruns, the use of unapproved suppliers and purchases that do not comply with equipment strategic decisions, can also generate risks. There are no material firm commitments to suppliers other than those disclosed in Note 29. The relative weight of the Group’s main suppliers, as a percentage of total purchase volumes, is as follows: Risk management systems The Group has signed framework agreements and contracts with its suppliers containing clauses similar to those contained in contracts signed with its clients, in a bid to improve the management of contractual risks and acceptance risks. These framework agreements and contracts clearly stipulate obligations with respect to delivery deadlines, service level and operating tests as well as penalties for non-compliance. The Group policy defines in great detail the supplier and sub-contractor selection process and method. Over recent years, the Group has signed strategic partnership contracts with a diversified group of major suppliers in order to preserve its independence and guarantee the sustainability of its services. Furthermore, the Group has signed a certain number of strategic contracts with major and financially sound suppliers. Finally, the related risks represented by smaller suppliers and/or start-ups are analyzed and back-up plans are established in order to remedy the failures, if any. In parallel, Capgemini has implemented a tool allowing for worldwide procurement management and monitoring. This tool, known as GPS (Global Procurement System), is used for the issue and approval of purchase orders. Capgemini has also implemented an external resource management application, known as VMS (Vendor Management System), to manage services provided by sub-contractors. These two procurement tools contain an approval chain that ensures the correct allocation of costs to projects and permits their control and provides specific methods for financial approval. The centralized management of data in these two procurement bases enables us to control and better manage Group expenditure and supplier selection. Suppliers are selected by a specialized team based on rigorous procedures using multiple criteria, several of which concern ethical standards and sustainable development. 2016 2017 Top three suppliers 7% 7% Top ten suppliers 18% 14%

112

REGISTRATION DOCUMENT 2017 — CAPGEMINI