LEGRAND / 2018 Registration document

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

INTERNAL CONTROL AND RISK MANAGEMENT RISK FACTORS AND CONTROL MECHANISMS IN PLACE

In addition, the deployment of internal control helps strengthen and harmonize processes related to the implementation and operation of information systems, as well as system and network protection and access arrangements.

The very nature of data processing activities, in an environment that is subject to frequent change in terms of the scope of Group activity and the information systems used, makes IT risk management a process of continuous improvement.

3.6 – RISK FACTORS AND CONTROL MECHANISMS IN PLACE

At the date of this registration document, the risks described below are those identified by the Group as possibly having a material impact on its business, image, financial position, results or ability to achieve its objectives. Other risks that are not identified, that are emerging or that appear non-material at the same date, may also have an adverse effect on the Group. All the identified risks and threats are analyzed on a regular basis as part of the risk management process outlined in section 3.3 of this registration document. The table below summarizes the key risks and associated control systems, organized into four categories: strategic risks, operational risks, reputational risks and financial risks.

In each of the four categories, risks are ranked according to criticality (a combination of the estimated impact and the probability of occurrence) assessed during the risk mapping exercise. Criticality is therefore a measure of gross risk, before taking into account risk mitigation arrangements. The criticality of risks is assessed according to four levels (minor, moderate, material, critical). Only risks assessed as “critical”, “material” or “moderate” are detailed in this chapter. Certain risks whose impact is assessed as moderate are detailed in Chapter 3 of this document, in accordance with extra-financial performance reporting obligations.

Risk factors

Structural risk reduction criteria and main systems in place

Criticality

Reference

Strategic risks

3.6.1

W Chief Digital Officer and digital acceleration program W Eliot program W Dedicated “Innovation & Systems” team and cross-functional innovations program W Innovation and R&D W Strategic partnerships W Increasing product value-added through innovation and marketing efforts. W Monthly analysis of the price effect in each country (on sales and operating margin) W Pricing teams in regions W Dedicated acquisitions team W Rigorous due diligence and selection process W Contractual clauses W A proven integration process based on multidisciplinary expertise

Disruptive technology and digital transformation

Material

3.6.1.1

Risks related to pricing power

Material

3.6.1.2

Risks related to external growth

Material

3.6.1.3

W Standardization department W Correspondent network W Standardization committee

Changes in product standards and regulations

Moderate

3.6.1.4

60

LEGRAND

REGISTRATION DOCUMENT 2018