Sopra Steria - 2018 Registration document

DETAILED PRESENTATION OF SOPRA STERIA Risk factors and internal control

in terms of probability of occurrence and the expected magnitude of their adverse impact. They are then ranked by category of risk. Specific mapping exercises for corruption and influence-peddling risks and risks relating to the duty of care have also been taken into account in preparing the overall mapping of risks. The risk mapping was presented to the Board of Directors’ Audit Committee at the same time as the Group insurance programme.

Sopra Steria’s main risk factors are presented below. They are listed initially in order of importance, with regard to their probability of occurrence and the magnitude of their potential adverse impact, in the summary table below. For each risk factor, a description is provided explaining in what ways it can affect Sopra Steria as well as the risk management measures put in place, i.e. policies, procedures and action plans.


Main operating risks

Main risk management measures

Risk related to market developments and the transformation of the business model

p Comprehensive annual strategy review

p Governance of the transformation supervised by the Chairman and the Chief Executive Officer

p Regular follow-up on the implementation of decisions and execution

Risk related to the adaptation of skills *

Recruitment selectivity


p HR policy including the rollout of the DPEPP approach, which stands for Dynamique Prospective Emplois et Parcours Professionnels, or Dynamic Forecasting of Workforce Requirements and Career Development

Training programmes


Risk related to the protection and security of client data

p Security policies and procedures, with an organisational structure led by the Chief Information Security Officer (CISO)

p ISO 27001 certification and GDPR compliance programme p Support provided by the Toulouse security operations centre (SOC)

p Large-scale training and awareness programme

Risk related to project delivery

p Organisation and procedures (including the Quality System) for the pre-sales, production and quality control phases of projects

p Reviews and audits by the Industrial Department

Risk related to continuity of service and information system security Risk related to attracting and retaining talent * Risk related to the loss of a significant client Risk related to activities in high-risk countries

p Policy and procedures for the selection of locations for shared service centres, organisation and planning for continuity of service

p Ambitious recruitment and retention policy

p Policy and strategy for key accounts reviewed annually

p Regular monitoring of the client portfolio by the Key Accounts and Partnerships Department

p Implementation of an export policy and procedure

Risk related to Brexit

p Specific committee formed to monitor the associated risks and propose action plans p Monitoring and management by Finance Departments at entity and Group levels

Risks associated with retirement benefit obligations

Main non-financial risks

Main risk management measures

Risk of breaches of ethics or violations of the law *

p Reinforced ethics and compliance programme, including the implementation of a system for preventing and combating corruption and influence peddling p Internal Control and Risk Management Department set up to coordinate and monitor compliance, internal control and risk management issues in a cross-functional manner p Appointment of Compliance Officers, responsible for compliance issues as well as internal control in each of the entities

* This risk also relates to the anticipated regulatory changes provided for in Articles L. 225-102-1 III and R.225-105 of the French Commercial Code.

Each of these main risks is presented in more detail on the following pages, including information describing the risk as well as the Group’s risk management process.



Made with FlippingBook Learn more on our blog