GECINA - REFERENCE DOCUMENT 2017

06

RISKS Risks

RISKS 6.1

management policy and the mapping of operating risks, as well as permanent control and compliance oversight within the company. The Internal Audit Department, reporting directly to Executive Management, strengthens the process through the implementation of its audit plan, which is developed on the basis of a risk-based approach and which also takes into account the concerns of Executive Management and the Audit and Risk Committee. As part of risk management, Gecina has defined an appetite for risk that matches the company’s risk profile as defined by Management, in order to conduct its business and achieve its objectives while taking into consideration the strategy and values of the company. In general, the company’s operations must also be conducted in compliance with regulations and the principles defined in the Group’s ethics charter. They must also comply with the company’s CSR commitments. All risk management processes are incorporated in a risk management policy deployed in-house. This policy is closely correlated with the Group’s strategy. For this reason, it is updated at times of significant change in the Group’s strategy. This policy makes it easier to incorporate risk management into the organization’s objectives, culture and operation. It strengthens the ties between the company’s strategy and risk management through a process to identify, analyze and handle risks, primarily on the basis of the risk mapping. The risk management policy clarifies the roles and responsibilities of all stakeholders and tends to strengthen the involvement of each party. This risk management policy can be viewed by all the Group employees on the company’s Intranet. Three lines of control model The corporate governance model is based on three lines of control. This reference model, which reflects the IFACI/AMRAE position, is organized in three lines of control that define the roles and responsibilities of operational management, Group functions, and Internal Audit. It clarifies the issues involved in the risk management system and contributes to their effectiveness by identifying employee contributions to risk control.

6.1.1

GENERAL ORGANIZATION OF RISK

CONTROL Risk management is a dynamic process that is defined and implemented under Executive Management’s responsibility. It consists of a set of resources, behaviors, procedures and actions adapted to the Group’s characteristics in order to maintain risks at an acceptable level for the company. Risk management is integrated in the company’s decision-making and operational processes. It is one of the management and decision-making tools. It gives executives an objective and comprehensive vision of the potential threats to and opportunities for the company so that they can take measured and considered risks, thereby supporting their decisions with regard to the allocation of human and financial resources. In 2016, the Chairman, Executive Management, and all Board members received a training session in risk management. The Board of Directors ensures that the management of the company integrates management of the major risks. Through the work of the Audit and Risk Committee, it ensures that the effectiveness of the internal control and risk management systems is monitored. Executive Management, acting through the Executive Committee, is responsible for implementing and directing the risk management process. The various company departments are responsible for assessing and handling risks, particularly through the use of adequate procedures and controls of the processes for which they are responsible. The functional departments, which are experts in their respective areas, also assist the operating departments in managing their risks by providing resources, tools, analyses and controls. Those functions dedicated to risks assist the various departments in particular in identifying and assessing their risks and in establishing procedures and standards to help control such risks. Risk identification, analysis and management systems are implemented by the Property Risks Department with respect to risks related to the safety and environment of properties. General risks are monitored by the Risks and Compliance Department, attached to the Internal Audit Department. The main tasks of this department are risk management, supervision of the risk

176 GECINA - REFERENCE DOCUMENT 2017

www.gecina.fr