DERICHEBOURG - Universal registration document 2019-2020

3

Group management report Risk factors

operationsto be more efficient; p resourcesto be optimized; p the identificationof risks that could prevent strategic and operating p objectivesfrombeing achieved; control and monitoringinitiativesto be implemented. p The Group's internal control functionhas a key role. In particular,it lays down processes,formalizesproceduresand monitorscorrectiveactions. It harmonizesthe operatingand managerialpracticesof subsidiaries. It helps to improve performance in close cooperation with operating units. Lastly, it is in tune with the organization's challenges so that it can anticipatethe risk-relatedrequirementsof the businesses. General controlenvironment The Group is comprised of a headquarters, the Derichebourgholding company,and two operatingdivisions: EnvironmentalServices (which includes the real estate companies); p Businessservices. p The headquartersof the Group’s EnvironmentalServices business also contains the Group’s General Managementand the central operations departments. Each of the Group’s divisions has its specific business, internal-control and risk-managementconcerns. The division heads are responsible for conducting business in accordance with the objectives set by the CEO of the Group and DeputyCEO, which are under their control. A delegation of powers system has been put in place to ensure operationalefficiency.Each companydelegatesauthority in compliance with common guidelines. Subsidiaries are responsible for the day-to-day management of operations, except for the following activities,which are managedcentrally: investment decisions that are considered strategic due to their p natureor amount; financingand cash-managementpolicy; p insurancepolicy; p managementof executivesand wage policy; p the commonIT network. p Business systems are a significant factor in the general control environment.Procedures,most of which are written, describe recurrent businessproceduresin the informationsystems. An Investment Committee was set up on February 14, 2020. It comprises the executivemanagement,the Heads of the two operating divisions, the Group Finance Department and the General Secretariat. Its role is to give a prior ruling on any investmentor restructuringplan, whatever its amount and form (sale/acquisition/company incorporations/purchases/saleof businesses, JVs, real estate sales and all non-standardcontracts in terms of their amount, type or duration.

This committee decides on all investment applications/ restructuring in the light of the followingobjectiveassessmentcriteria:

strategicobjective; p legal structure; p plannedinvestmentamount; p project profitability(businessplan); p workingcapital requirements. p

Control activities Control activities are based on the implementationof a set of policies and proceduresdefined at the headquarterslevel, at the two divisions and at the companiesthat are a part thereof. The goal of these actions is to provide proper control of the risks likely to affect the accomplishment of the Company’s goals. Control procedures are set up and overseen primarily by the managers and employees of the subsidiaries, taking into account the Group’s requirementsand the specificitiesof each line of business. When a control procedure is designed, the goal is that a risk identified does not materializein the Company’sbusiness. Other control activities monitor the activity after it occurs in order to verify that the designedcontrolswere effective,particularlyinformation requests. Informationand communications The Company’sgoal is to allowoperationaland functionalmanagersto have access to relevant informationthat is circulatedquickly enough to enable them to performtheir responsibilitiesefficiently. Together with the relevant functional departments, the Information Systems Department(“DSI”) defines the informationsystems necessary to properly manage operations and support the Group’s strategic objectives. DSI analyzes and manages the risks related to its systems in order to ensure the availability, integrity and confidentiality of information, in accordancewith legal and contractualrequirements. Oversight of internalcontrols Certain functional managers at headquartersuse networks of experts, who can conduct control actions within each departmentand transfer know-howfromone entity to another. Description ofinternal control procedures 3.3.3.3 put in place Main organizational procedures andinternal control In order to meet its operationaland financial objectives, the Group has structuredits internal control utilizingthe followingorganization. The Group is composed of a listed holding company that controls parent-holding companies, which in turn oversee the Group’s operationalbusinesses.

DERICHEBOURG p 2019/2020 Universal Registration Document 110