Derichebourg // 2020-2021 Universal Registration Document

2

Risk factors and internal control Internal control

Internal control 2.3

Internal control objectives 2.3.1 The purpose of internal control is to prevent and control risks inherent in the Company’s business and the risk of errors and fraud in the accounting and financial fields, in particular. Control procedures mainly seek to ensure that managerial actions, transactions and staff behavior comply with the guidelines and rules the Company’s governing bodies have set forth to govern the Company’s business as well as the applicable laws and regulations. The purpose of these control procedures is also to ensure that the accounting, financial, legal and economic information provided to the Company’s structures and that may be provided to third parties pursuant to regulatory requirements or as part of the Group’s communication policy, is reliable and faithfully reflects the Company’s business and position. Derichebourg Group’s internal control function The internal control function reports to the General Secretariat. Internal control manages the risk management system put in place by the Group. Its objectives are: asset protection; the reliability of financial information; implementing the instructions and guidelines set by the executive body; compliance with laws and regulations; the proper functioning of internal processes. It enables: the Group’s activities to be managed in the best possible way; operations to be more efficient; resources to be optimized; the identification of risks that could prevent strategic and operating objectives from being achieved; control and monitoring initiatives to be implemented. The Group’s internal control function has a key role. In particular, it lays down processes, formalizes procedures and monitors corrective actions. It harmonizes the operating and managerial practices of subsidiaries. Description of the general organization 2.3.2 of internal control

It helps to improve performance in close cooperation with operating units. Lastly, it is in tune with the organization’s challenges so that it can anticipate the risk-related requirements of the businesses. General control environment The Group is comprised of a headquarters, the Derichebourg holding company, and two operating divisions: Environmental Services (which includes the real estate companies); Multiservices. The headquarters of the Group’s Environmental Services business also contains the Group’s General Management and the central operations departments. Each division has specific business concerns with appropriate risk management. An internal control framework has been defined for the Environmental division and another for the Multiservices division. Control activities Control activities are based on the procedures defined at headquarters level and implemented by the companies of the Group’s two divisions, taking into account the specific nature of each business. These controls are carried out after the event by dedicated personnel within the subsidiaries and by internal control. Oversight of internal controls The internal control roadmap identifying priority procedures is approved by the General Management. It is presented to the Executive Committee and lists 26 key procedures relating to the following processes: Transactions; Finance; HR; Purchases; HSE/QSE; Compliance; Legal; IT. This roadmap includes standard processes and processes specific to the Derichebourg Group’s businesses. It may be reviewed at regular intervals in order to update it with new identified risks.

DERICHEBOURG 2020/2021 Universal Registration Document 47