SOPRA_STERIA_REGISTRATION_DOCUMENT_2017

INTRODUCTION TO SOPRA STERIA Risk management and control

9. Risk management and control

The Group performs its activities in a constantly changing environment. It is therefore exposed to risks the occurrence of which may have a negative impact on its business activities, results, financial position, image and outlook. This chapter sets out the main risks to which the Sopra Steria Group is deemed to be exposed. Sopra Steria cannot provide an absolute guarantee that its objectives will be achieved and all risks will be eliminated. Its risk control procedures aim to identify and qualify the risks to which it is exposed, as well as to reduce their likelihood of occurring and their potential impact on the Group. Investors are reminded that the list of risks presented below is not exhaustive and that other risks, not known or not considered likely to occur, on the date when this Registration Document was drawn up, may have an adverse effect on the Group, its business, financial condition, performance or share price.

9.1. Risk factors

Strategic and operating risks

Environmental risks Legal risks

Financial risks

Main risks

p Risks relating to attracting and retaining talent

Foreign exchange risk

p Risks relating to changes in markets, technologies, competition – Digital transformation risks p Project execution risks p Risks relating to continuity of service p Risks relating to systems security and data protection

Other risks p Risks of client dependence p Risks relating to international expansion p Supplier risks

Environmental risks

Compliance risks Tax risk Intellectual property risks Litigation, government, legal or arbitration proceedings

Risks relating to pension schemes and associated liabilities Liquidity risk Interest rate risk Bank counterparty risk Equity risk

9.1.1. RISKS RELATING TO STRATEGY

A new mapping exercise focused on the principal risks was carried out within the Group in 2017. It was led by the Corporate Governance & Risk Management Department together with Executive Committee members. This risk mapping concerns all internal and external risks, as well as financial and extra-financial risks. The process helps to identify the principal risks facing the Group and Group entities as part of a consolidated overview. A principal risk is a risk deemed to have a negative impact on the Group’s ability to achieve its objectives, on its performance and on its image. The assessment of risks allows for each risk to be positioned on a matrix according to two criteria: probability of occurrence and level of impact if it occurs. The risk mapping was also presented to the Board of Directors’ Audit Committee at the same time as the Group insurance programme. Details of the principal risks and the procedures in place to control these risks are provided below. The Group’s risk management and control policy, governance and associated management procedures are described in Section 9.3, “Internal control and risk management”.

9.1.1.1. Risks relating to attracting and retaining talent

Risk description In view of the Group’s ambitions in terms of expansion and growth, as well as the scarcity of certain IT skills and expertise, there may be a risk of facing difficulties in recruiting staff. Furthermore, in light of the transformation of our clients’ businesses, developments in digitisation and artificial intelligence, particular attention will need to be paid to training and adapting employees’ skills to new roles. Difficulties in recruiting staff, increased employee turnover, the inability to train Group employees in client needs and new activities relating to the digital revolution may make it difficult to deliver the Group’s strategy and to fulfil its ambitious recruitment targets to support its growth.

35

SOPRA STERIA REGISTRATION DOCUMENT 2017