Sopra Steria // 2022 CONVENING NOTICE
2 SOPRA STERIA GROUP PRESENTATION’S Risk Management
Risk Management
Participants in internal control and risk management
Board of Directors Audit Committee
Executive Management
3rd line of control
External Audit
Internal Audit Department
1st line of control
2nd line of control
Functional management
Operational management All entities All geographies All activities
Internal Control Department
Identification of the Group’s main risks
The most significant risks specific to Sopra Steria are set out below by category and in decreasing order of criticality (based on the crossover between probability of occurrence and the estimated extent of their impact), taking account of mitigation measures implemented. This presentation of residual risks is not intended to show all Sopra Steria’s risks.
The table below shows the results of this assessment in terms of residual materiality on a scale of three levels, from least material ( • ) to most material ( ••• ).
Category/Risk
Residual materiality
Risks related to strategy and external factors
•••
• Adaptation of services to digital transformation, innovation • Significant reduction in client/vertical activity • Acquisitions • Attacks on reputation
The internal control system and risk management policies implemented by the Group aim to lower the probability of occurrence of these main risk factors and their potential impact on the Group. Each of these risk management policies is laid down in detail in the “Risk factors and internal control chapter” of Sopra Steria’s 2021 Universal Registration Document.
•• •• ••
Risks related to operational activities
••• •••
• Cyberattacks, systems security, data protection • Extreme events and response to major crises • Marketing and execution of managed/operated projects and services
••
Risks related to human resources
•••
• Attracting and retaining employees – DPEF * • Development of skills and managerial practices – DPEF *
••
Risks related to regulatory requirements
•
• Compliance with regulations – DPEF *
It should be noted that the Group is not directly exposed to Ukraine, Belarus or Russia, with the exception of a small non-trading entity in the latter country, which is currently being closed.
* DPEF (Statement of Non-Financial Performance) This risk also relates to concerns addressed by the regulatory changes set out in Articles L. 225-102-1 III and R. 225-105 of the French Commercial Code, which cover the Company’s Statement of Non-Financial Performance
See Chapter 2 for more information of Sopra Steria’s 2021 Universal Registration Document
76
SOPRA STERIA NOTICE OF MEETING 2022
Made with FlippingBook flipbook maker