SOPRA_STERIA_REGISTRATION_DOCUMENT_2017

INTRODUCTION TO SOPRA STERIA Risk management and control

However, Sopra Steria cannot rule out the possibility of further litigation proceedings being initiated as a result of events or facts that are not currently known and the associated risk of which cannot yet be determined and/or quantified. Proceedings of this kind may therefore have a material unfavourable effect on the Group’s net profit or image. 9.2. Insurance The Group’s insurance policy is closely linked to a strategy of preventing and controlling risk. The Group’s insurance management is centralised under a single Corporate Governance & Risk Management Department. The aim of Sopra Steria Group’s insurance programmes is to provide uniform and adapted cover of the risks facing the company and its employees for all Group entities at reasonable and optimised terms. The scope and coverage limits of these various insurance programmes are reassessed annually in light of changes in the size of Sopra Steria Group and changes in its business, the insurance market and the risks incurred. All Group companies are insured with leading insurance companies for all major risks that could have a material impact on its activity, results and assets. The main insurance programmes in place within the Sopra Steria Group are: p operations coverage and professional liability This programme covers all of the Group’s companies for monetary consequences arising as a result of their civil and professional liability in connection with their activities, due to bodily injury, material or non-material damage caused to third parties. Overall coverage is limited to €150 million per claim and per year of insurance; p direct damages and operating losses This programme covers all of the Group’s sites for the direct material losses they may suffer and any resulting operating losses. Operating losses are insured on the basis of the loss of gross profit. Overall policy coverage (for all types of damages and operating losses) is limited to €100 million per claim and per year of insurance. In addition, Group programmes have been put in place covering in particular: p the civil liability of senior executives and company officers; p assistance to employees on assignment, as well as to expatriate employees and employees on loan.

services driven by the emergence of economic or organisational needs of clients as well as rapid technological change. In this constantly evolving environment, key factors that will ensure success are responsiveness and flexibility, local access to clients, expertise on client issues and the ability to take risks and manage projects of strategic importance for major clients. This context requires the Group to implement a highly decentralised operational organisation favouring autonomy and promoting decision- making at the local level. To provide the necessary governance in this decentralised structure, a robust management framework fosters effective dialogue along a short decision chain so that the Executive Committee remains in touch with operations. The main challenges involve the ability to expand the Group’s presence among major clients while improving the quality of delivery and reducing costs, as well as the management of human resources so as to assign the most qualified team members to each role. The preparation of accounting and financial information does not entail any particular complexity, with the exception of accounting for work in progress and associated revenue recognition. Physical assets held by the Group are not material. All Group employees, regardless of their role, are expected to demonstrate good judgement in all circumstances and, in each and every specific instance, to take decisions that best serve the Group and its clients. Rules and procedures must be applied appropriately. This section of the report outlines Sopra Steria’s internal control systems based on the reference framework issued by the AMF. A specific subsection addresses the preparation of accounting and financial information. As set out below, management control (activity management) is one of the fundamental components of the internal control system. Management control draws on and updates a database using standardised models and indicators within an internally managed information system. It serves to communicate information internally as well as to identify and manage risks. The various management control processes are designed to ensure the consistency and timeliness of information to be shared with the relevant stakeholders, as well as facilitating decision-making and monitoring action plans. As stated in the paragraph on control activities, the Industrial Department, Financial Controlling, and the Corporate Governance & Risk Management Department play an important role in this area. The Industrial Department verifies that the Quality System and production methods are fully and adequately applied, thus ensuring the effectiveness of production. Financial controlling ensures that the internal financial control system, a key component in the preparation of accounting and financial information, is working properly. A Corporate Governance & Risk Management Department was set up on 1 January 2017 to coordinate and monitor compliance and risk management issues across the entire Group on a cross-functional basis. Internal Audit is tasked with monitoring and evaluating the internal control system. When auditing Group entities, the first checks carried out are those related to the usage of the management control system and the operating effectiveness of control activities. The internal control systems described in the following paragraphs apply to the parent company and its subsidiaries except in areas where the Group’s main operations are different from its traditional lines of business (United Kingdom/Asia, Scandinavia and CIMPA). In such areas,

9.3. Internal control and risk management

The Group provides a range of business services, primarily based on intellectual services. These markets are highly competitive. Suppliers are assessed by clients based on two key differentiating factors: client confidence in a supplier’s ability to provide quality services and price. The competition faced by the Group is multiform; the Group must compete with the client’s own internal teams, with major multinational groups and with small companies benefiting from specialist technical expertise or a deep-rooted local presence. Despite increasing market consolidation over the last few years, the software and services sector remains fragmented, with the continuous evolution of products and

42

SOPRA STERIA REGISTRATION DOCUMENT 2017