SOLOCAL_Registration Document_2017

FINANCIAL STATEMENTS 6.2 Annual financial statements for the financial years ended 31 December 2016 and 2017

risk management software: with specific modules for risks, l security, crisis management, business continuity plans (BCP) and auditing. The Business Solutions division (which manages the information systems) and the technical department of the Products division are largely responsible for supervising the Group’s information systems and in particular for ensuring that they will enable the Group to achieve its long-term objectives. They work closely with the Audit, Risks and Internal Control department, which monitors and manages IT risks in terms of reliability, business continuity, legal and regulatory compliance as well as operational objectives. Actions directly linked to controlling risks and security are monitored quarterly via the business unit risk and security correspondents and are reviewed every six months by the Audit, Risks and Internal Control department. 3.1 Organisational framework Like any company, SoLocal Group’s business activities expose it to various risks. The main risks that have been identified are described in chapter 2 – Risk factors of this Registration Document. Risk management is a priority and is conducted both by subsidiaries and the parent company, which compiles information. Risk management serves to: develop a comprehensive, systematic, integrated and flexible l method for identifying, assessing, analysing and managing risks and for promoting risk control; develop risk management best practices; l prevent risks that threaten the Company and mitigate their l consequences. The risk management policy applies to all SoLocal Group entities. SoLocal Group has set up a risk governance system based on a Risk department and a network of business unit correspondents within a department that reports directly to the Chief Executive Officer (the Risk department reports to the General Secretary since 11 November 2017). 3.2 Risk identification and analysis process Certain Group procedures contribute to the identification of risks. In particular, they cover the following elements: a risk assessment and classification method that has been in l place since 2005. This method is based on risk mapping which ranks the main risks to which the Group believes it may be exposed, in terms of their seriousness and likelihood of occurrence, and assesses the level of coverage; risk and security reviews, which are conducted at least annually; l a network of risk correspondents who oversee the operational l implementation of the risk and security policy and which is supervised by a dedicated governance unit; a risk and security management information system that l includes the description and monitoring of risk-management actions. This system also includes risk and security management dashboards, a crisis management process and business continuity plans (BCP). 3 Risk monitoring and management

2.2 Senior management’s responsibility and commitment

SoLocal Group has set up a risk management policy that includes a guidance memo outlining the commitments of senior management. This policy is reviewed twice yearly with the Group’s subsidiaries and departments. The updating of risks and the monitoring of associated actions are consolidated, then presented to the Executive Committee of the senior management at least once a year. A business unit risk correspondent is appointed in each Group subsidiary and department. These correspondents are coordinated on the one hand by a Division Manager who, regarding risks, security and internal control, refers directly to a Director who is a member of the Group Executive Committee, and on the other hand by the Audit, Risks and Internal Control department which reports directly to senior management and since 11 November 2017 the General Secretariat. SoLocal Group’s performance depends directly on the skills of its employees and on its ability to manage and adapt its human resources. The Group Human Resources department works in close partnership with the operational departments. It develops, proposes and manages human resources, so as to help with the implementation of the Company’s strategy. In order to better respond to the needs of employees and managers, the Group HR department is divided into four sub-divisions: HR Operations, HR Development, Compensation & Benefits, personnel management and the division responsible for employee relations. The role of the HR Operations division is to provide HR support to the managers of the divisions and departments within its remit and manage their employees. In addition to a thorough understanding of the Group’s business activities, this division must also understand how each division or department is organised and what its objectives are. The role of the HR Development division is to define HR policies and improve processes. It deploys the Group’s HR policy and resources to the HR Operations division and to regional and local HR managers in particular, providing them with the tools and advice they need to do the best job they can. Since SoLocal Group is determined to make quality of life in the workplace a priority in the context of helping employees to learn new working methods and adapt to changes in their jobs, the focus since 2015 has been on taking action in response to specific situations that employees have encountered during the transformation of the Group. These actions are described in detail in chapter 8 of the Registration Document. 2.4 Information systems SoLocal Group’s various information systems are composed of: business activity software: e.g. for creating and storing digital l content and dedicated website tools; business management software: e.g. accounting and financial l applications; communication software: messaging systems, collaborative l tools (Intranet), etc.; 2.3 Human resources and skills management policy

1

2

3

4

5

6

7

8

217

2017 Registration Document SOLOCAL