Sopra Steria - 2019 Universal registration document

2 RISK FACTORS AND INTERNAL CONTROL Insurance

Insurance 2.

The Group’s insurance policy is closely linked to its risk prevention and management practices, in order to ensure coverage for its major risks. The Group’s Legal Department is responsible for managing its insurance programme. The aim of Sopra Steria Group’s insurance programmes is to provide uniform and adapted coverage of the risks facing the company and its employees for all Group entities at reasonable and optimised terms. The scope and coverage limits of these various insurance programmes are reassessed annually in light of changes in the size of the Group, developments in its business activities as well as changes in the insurance market and based on the results of the most recent risk mapping exercise. All Group companies are insured with leading insurance companies for all major risks that could have a material impact on its operations, business results or financial position. The main insurance programmes in place within the Sopra Steria Group are the following: premises and operations liability and professional indemnity p insurance This programme covers all of the Group’s companies for monetary consequences arising as a result of their civil and

professional liability in connection with their activities, due to bodily injury, material or non-material damage caused to third parties. Overall coverage is limited to €150 million per claim and per year of insurance; cybersecurity insurance p This programme covers all of the Group’s companies for any direct or indirect financial losses, property damage or loss of use, and business interruption losses resulting from a cyberattack; property damage and business interruption insurance p This programme covers all of the Group’s sites for the direct material damage to property they may suffer as well as any consequential losses in the event of reduced business activity or business interruption occasioned by the occurrence of an insured event. Operating losses are insured on the basis of the loss of gross profit. Overall policy coverage (for all types of damages and operating losses) is limited to €100 million per claim and per year of insurance. In addition, Group programmes have been put in place covering in particular: the civil liability of senior executives and company officers; p assistance to employees on assignment, as well as to expatriate p and seconded employees. In accordance with the AMF reference framework, the internal control and risk management system, which is under the responsibility of the Group’s Chief Executive Officer, is designed to provide reasonable assurance regarding the achievement of objectives in the following categories: compliance with laws and regulations; p implementation of instructions, guidelines and rules set forth by p Executive Management; proper functioning of the Company’s internal processes, p particularly those intended to safeguard its assets; quality and reliability of financial and accounting information. p The risk management system is designed to identify, analyse and manage the Company’s main risks. More generally, the Group’s internal control and risk management system contributes to the control of its business activities, the effectiveness of its operations and the efficient use of its resources. This system is updated on a regular basis, in application of a continuous improvement process, in order to best measure the level of risk to which the Group is exposed as well as the effectiveness of the action plans put in place to mitigate risks. Nevertheless, the internal control and risk management system cannot provide an absolute guarantee that the Company’s objectives will be achieved and that all risks will be eliminated.

Internal control and risk management 3.

This section of the report outlines Sopra Steria’s internal control and risk management systems. These systems are based on the reference framework issued by the AMF. A specific subsection addresses the preparation of accounting and financial information. The management control system is one of the fundamental components of internal control at Sopra Steria. It supports the internal dissemination of information as well as the various reporting and risk management procedures, and the implementation of controls.

Objectives and framework 3.1. for the internal control and  risk management system

OBJECTIVES OF THE INTERNAL CONTROL 3.1.1. AND RISK MANAGEMENT SYSTEM In order to address the identified risk factors presented in the preceding chapter, Sopra Steria has adopted a governance approach as well as a set of rules, policies and procedures together constituting its internal control and risk management system.

45

SOPRA STERIA UNIVERSAL REGISTRATION DOCUMENT 2019