Derichebourg // 2020-2021 Universal Registration Document

2

Risk factors and internal control Risk factors

Risk factors 2.1

Risk analysis and monitoring process 2.1.1 Methodology for establishing and validating 2.1.1.1 the Group’s risk mapping A mapping of the Company’s general risks was prepared during the 2018 fiscal year, and was updated in September 2021. It will be updated at regular intervals by Internal Control and the Group’s Chief Financial Officer, in collaboration with the operational and functional risk-bearing departments. The risk map for 2021-2022 was presented to General Management, which validated the main risks and the implementation of the associated action plans. This mapping is also presented to the Audit Committee and the Board of Directors.

Criticality matrix used 2.1.1.2 A criticality matrix is used as part of the risk mapping in order to rank and prioritize the risks to be addressed. Two parameters are used to assess the various risks: the risk probability; the impact (financial, reputational, legal).

VERY LOW (1)

LOW (2)

MEDIUM (3)

HIGH (4)

VERY HIGH (5)

Once every five years

One-two times a year

Once a quarter

Once a month

At least once a week

RISK PROBABILITY

LOW

SUBSTANTIAL

HIGH

VERY HIGH

€100 k to €500 k

€500 k to €3 million

€3 million to €10 million

> €10 million

FINANCIAL IMPACT

Financial/ environmental scandal

Unfavorable public information

Loss of shareholder confidence

Loss of credibility in respect of the authorities

REPUTATIONAL IMPACT

Financial penalty and sanction against legal/natural person (manager)

Commercial litigation with major partners

External investigations

Criminal risk

LEGAL IMPACT

DERICHEBOURG 2020/2021 Universal Registration Document 40