Sopra Steria - 2020 Universal registration document

2 RISK FACTORS AND INTERNAL CONTROL Internal control and risk management

)$$!( The Group’s management applications and office automation software are designed to standardise the documents produced by the Group. The production tools used or developed by the Group allow for the industrialisation of project delivery and of managed or operated services by improving the quality of deliverables. They incorporate the processes that make up the Group’s production methodology. Code of Ethics, anti-corruption Code of conduct and a. code of conduct for stock market transactions The aims of the Group’s Code of Ethics, which is based on its core values, are to ensure compliance with international treaties, laws and regulations in force in all countries where it operates, and to reaffirm the Group’s ethical principles. This Code of Ethics is supplemented by a code of conduct for stock market transactions whose main aim is to reiterate and clarify the rules regarding sensitive information, insider information and the management of securities. Furthermore, the anti-corruption code of conduct sets out the rules and behaviours to be adopted to prevent corruption and influence peddling. For more details on the anti-corruption code of conduct, see Section 5 "Ethics and compliance" in Chapter 4, “Corporate responsibility” of this Universal Registration Document, pages 132 to 136. Group rules, policies and procedures b. A framework of rules including Group internal control rules and delegations of authority (decision-making levels) is in force across the Group to provide a common foundation for all processes. These rules apply to all employees and all entities as soon as possible when integrating acquisitions. These general rules are adapted to the Group’s various entities, and continue to be supplemented when necessary at Group level ( ' ' " ,$' $' '$*% '*! (

through the formal documentation of procedures, always with a focus on the continuous improvement of internal control and so as to better manage the risks identified in the course of the Group’s risk mapping exercises. The rules and procedures cover 10 areas corresponding to Group processes: governance and steering, trade, production, human resources, internal and accounting management, information system and infrastructures, purchasing, communications and marketing, legal and insurance, and corporate responsibility. These Group rules and procedures are then further detailed to take into account local regulatory constraints across all of the Group’s geographical operations. These rules and procedures are available on the Group’s intranet. They are reinforced through the Group’s various training and communications initiatives. On the production front, Sopra Steria’s Quality System defines all the production, management and quality assurance processes required to successfully manage projects. The primary goal is to contribute effectively to the delivery of high quality IT systems that meet clients’ needs in line with time and budget constraints. This methodology defines project management practices and processes suited to various environments and at different levels of management and supervision, as well as software engineering practices and processes. The basic principles of the Quality System are described in a Quality Manual supplemented by procedural guides and operating manuals. UK, Scandinavia and CIMPA apply mechanisms that are similar but rely on specific methods geared to the primary characteristics of their activities. In order to further strengthen these aspects, the Group continued in 2020 with the rollout of its Delivery Rule Book at all entities. This is a set of 30 essential and mandatory rules covering the production cycle from end to end, from pre-sales to the end of service production. The Group’s rules and procedures are regularly updated and supplemented to best reflect the Group’s organisation and manage the identified risks.

45

SOPRA STERIA UNIVERSAL REGISTRATION DOCUMENT 2020