LEGRAND_REGISTRATION_DOCUMENT_2017

INTERNAL CONTROL AND RISK MANAGEMENT

Risk management system

3.3 – RISK MANAGEMENT SYSTEM

3.3.1 – Definition and purposes of risk management

Risk management is considered as a business management leverage tool, and has the following objectives, namely to: W ensure the safety of the Group’s employees; W preserve the value, assets and reputation of the Group; W secure the Group’s decision-making and procedures to encourage achievement of its objectives and thus the creation of value for all stakeholders; W ensure that the initiatives undertaken are consistent with Group values; and W rally Group employees around a shared vision where major risks are concerned, and to raise their awareness both of the risks inherent in their activity and of newly emerging risks.

A risk represents the possibility of an event occurring that might have adverse effects on people, resources, the environment, the Group’s objectives or its reputation. A risk is also the possibility of missing a strategic or other opportunity. Risk management is a dynamic system that enables managers to identify, analyze and deal with the main risks regarding the Company’s strategic objectives, in order to keep them at an acceptable level. It seeks to be comprehensive, so as to cover all of the Group’s activities, processes and assets.

03

3.3.2 – Risk management procedure

3) Dealing with risk: the measures applied to deal with risk comprise the reduction, transfer, or acceptance of a risk. Action plans are defined and the owners of the risks identified within the functional departments, with the help of the Group’s Risk Manager. The Risk Committee validates the procedure for dealing with the main risks and monitors the progress of the action plans. The risk management process is supported by a specific tool enabling documentation of the methodology, closer involvement of the players, and facilitation of its leadership and reporting. Governance is provided by semi-annual meetings of the Risk Committee, chaired by the Group’s General Management and attended by the functional and operational departments. The Audit Committee is also regularly informed of the subjects addressed. The approach to assessing and dealing with risk is the subject of an annual discussion with the Audit Committee, during which a review is made of the major risks, of the risk control mechanisms in place, and of any current action plans. The minutes of the Audit Committee meeting are submitted to the Board of Directors.

The risk management procedure consists of three stages: 1) Risk identification: the risk environment has been jointly determined using data gathered during interviews and workshops with the Group’s senior executives (“top-down” approach), supplemented by contributions from Group subsidiaries and functional departments (“bottom-up” approach),by business experts andby external benchmarking. 2) Assessment of identified risks: risk assessment and classification are carried out by a panel of Group senior executives using a dedicated tool. Risks are assessed and ranked according to the probability of their occurrence and their potential impact on the basis of a homogeneous set of criteria. The risks are then prioritized based on an assessment of how effectively they are controlled. Risk analysis is supported by a regular review of specific indicators (KRI – Key Risk Indicators). These indicators, drawn up on the basis of historic and prospective data, are tracked by the relevant functional departments and fed back to the Group’s Risk Manager in charge of coordinating the process. On the basis of this risk identification and assessment, a risk map is produced, which is submitted to the Risk Committee for approval. Risk factors and risk control systems are detailed in section 3.6 of this chapter.

43

REGISTRATION DOCUMENT 2017 - LEGRAND