INTEGRATED PRESENTATION OF SOPRA STERIA RISK MANAGEMENT
Participants in internal control and risk management
Board of Directors / Audit Committee
1st line of control
2nd line of control
3rd line of control
Operational management All entities All geographies All business activities
Operational management Financial Industrial Human Resources Legal Sustainable Development & Corporate Responsibility Internal Control
Identification of the Group’s main risks
The most significant risks specific to Sopra Steria are set out below by category and in decreasing order of criticality (based on the crossover between probability of occurrence and the estimated extent of their impact), taking account of mitigation measures implemented. This presentation of net risks is not intended to show all Sopra Steria’s risks.
The table below shows the results of this assessment in terms of net importance on a scale of three levels, from least important (+) to most important (+++).
Risks related to strategy and external factors
• Adaptation of services to digital transformation, innovation • Significant reduction in client/vertical activity • Acquisitions • Attacks on reputation
The internal control system and risk management policies implemented by the Group aim to lower the probability of occurrence of these main risk factors and their potential impact on the Group. Each of these risk management policies is laid down in detail in the “Risk factors and internal control chapter” of this document.
++ ++ ++
Risks related to operational activities
• Cyberattacks, systems security, data protection • Extreme events and response to major crises • Marketing and execution of managed/operated projects and services
Risks related to human resources
• Development of skills and managerial practises - SNFP * • Attracting and retaining employees - SNFP *
Risks related to regulatory requirements
• Compliance with regulations - SNFP *
* SNFP This risk also relates to concerns addressed by the regulatory changes set out in Articles L. 225-102-1 III and R. 225-105 of the French Commercial Code, which cover the Company’s Statement of Non-Financial Performance