Sopra Steria - 2019 Universal registration document

4 CORPORATE RESPONSIBILITY Ethics and compliance

The vigilance plan was prepared by the main departments responsible for the areas covered by the duty of care, discussed with the Group’s Executive Committee and then validated by Executive Management. It was also presented to the Works Council. In addition, as a preliminary step for the preparation of the plan, the results of the Group’s risk mapping exercise for the issues involved were aligned with those of its materiality analysis. The vigilance plan consists of four components, to reflect the measures required by the French duty of care law: a mapping of risks to identify, analyse and prioritise the risks p relating to the duty of care; risk mitigation and prevention plans; p a whistleblowing system for the receipt of reports relating to the p existence of risks or the occurrence of risk events; a system to monitor the measures implemented and assess their p effectiveness. The vigilance plan is reviewed each year, in light of possible developments in risks, the effectiveness of mitigation measures put in place, and developments in the Group’s business and operations. Furthermore, reasonable vigilance measures are implemented gradually for newly acquired companies as part of the integration of these companies within the Group and with respect to its procedures and systems. The mapping of risks relating to the duty of care was built by drawing on the Group’s overall risk mapping exercise as well as the main risks identified during the preparation of the Group’s statement of non-financial performance. The methodology used for the mapping of risks relating to the duty of care is the same as that used for the Group’s overall risk mapping exercise and thus involves consultations with the various departments concerned, with responsibility for the RISK MAPPING EXERCISE 5.6.1.

entire scope of the Group’s operations, namely the Human Resources Department, the Corporate Responsibility and Sustainable Development Department, the Real Estate and Purchasing Department, the Industrial Department, the Information Systems Department, the Legal Department and the Internal Control Department. Given its business activities, Sopra Steria has limited exposure to risks relating to the duty of care. Nevertheless, some of the risks identified were considered as having an impact, although without being regarded as major risks falling within the scope of the duty of care. The risks listed below relating to the duty of care were analysed and prioritised in line with their severity and likelihood of occurrence in the context of the Group’s business activities and those of its main suppliers: Human rights and fundamental freedoms: protection of personal data, p freedom of speech, child labour, forced labour, freedom of assembly and association, failure to respect the rights of local communities; Health and safety: right to health, right to safe and healthy p working conditions (e.g. access to buildings, sanitation, safety and security of business travel), prevention of occupational illnesses, healthcare benefits and workplace prevention measures; Environment: air and soil pollution, depletion of raw materials, p soil erosion and degradation, treatment of polluting waste, GHG emissions, degradation of ecosystems and biodiversity. RISK MITIGATION AND PREVENTION PLANS 5.6.2. The continuous improvement approach adopted in line with the Group’s corporate responsibility policy put in place several years ago focuses on the various issues targeted by the French duty of care law. The cross-reference table below indicates the sections within the statement of non-financial performance included in this document that describe the risk mitigation and prevention plans identified in the mapping of risks relating to the duty of care.

Mitigation plans and preventive measures



Risks relating to the Group’s business activities

Human rights and fundamental freedoms

See Sections 2., 3. and 5., pages 107, 114 and 128 of this chapter See Section 2.1.5., page 111 of this chapter

Health and safety

Environment See Section 4., page 120 of this chapter Risks relating to the business activities of the Group’s suppliers Responsible purchasing See Section 3.4., page 117 of this chapter

WHISTLEBLOWING SYSTEM 5.6.3. The whistleblowing system put in place under the Sapin 2 law on transparency, anti-corruption and the modernisation of economic life also covers the duty of care. This system is accessible to employees of all Group entities. A description of the whistleblowing system and its procedures is provided on the Group’s intranet as well as those of all its subsidiaries. Reports are to be submitted via a specific email address for each entity or at Group level. The system will be expanded in early 2020 to the Group’s external stakeholders and in particular its clients, suppliers and other business partners.



For risks relating to the duty of care, the procedures for the regular assessment of the Group’s business activities and those of its subsidiaries, along with those of its main suppliers, are carried out at the level of the departments concerned. Each department with oversight for issues involving the duty of care is responsible for monitoring the risks identified in the mapping of risks relating to the duty of care. All of these departments are involved in the identification and implementation of reasonable and appropriate vigilance measures for their respective areas of responsibility. They report on their monitoring activities at the Group’s steering committee meetings and twice a year to the Corporate Responsibility and Sustainable Development Committee. The risk mitigation and prevention measures put in place with regard to the duty of care are reviewed as part of the Group’s internal control procedures and are the focus of a consolidated report drawn up each year by the Internal Control Department and presented to Executive Management.



Made with FlippingBook - Online catalogs