WORLDLINE_REGISTRATION_DOCUMENT_2017

F

Risk Factors [GRI 102-15] and [GRI 102-11] Riskmanagement activities

F.5

Riskmanagement activities

In addition to managing the risk embedded in each process, dedicated activities are also deployed for a transversal management of risks.

Enterprise riskmanagement (ERM)

F.5.1

A risk mapping is revised each year under the sponsorship of general management. The selected methodology involves the managers of the Group TOP 200 through workshops and questionnaires, to collect their perception of the main risks, their relative importance (inherent risk) and mitigation effectiveness (residual risk). This assessment covers potential risks related to: External (stakeholders, natural disasters, country crisis, cyber ● attacks, market environment); The organization & business development (ability to ● innovate, organization alignment, market positioning); Services and Product delivery (, people, System ● performance, Delivery); and

The information used for decision making (financial and ● operational). This recurring process, allows identifying evolutions from one year to another. Improvement plans for the main residual risks are designed at local and Group level, with assigned owners and milestones/timelines for follow-up and completion. Results are shared with general management and Group Executive Committee, to ensure that appropriate measures are deployed to manage the main risks, and presented to the Audit Committee of the Board of Directors. In parallel, other dedicated Risk Mappings are performed within departments such as in Legal and Compliance, Security, Corporate Social Responsibility.

Business risk assessment andmanagement

F.5.2

Regarding business risk assessment and management, the Group has deployed the approach developed by Atos, based on the following specific processes.

Evaluates, both qualitatively and quantitatively, the ● significance and materiality of any such exposures; Ensures that appropriate and cost-effective risk control or ● risk mitigation measures are initiated to reduce the likelihood and impact of negative outcomes on the project; and Manages residual exposure through a combination of ● external risk transfer instruments and internal contingency reserves in order to optimize the use of exposed capital. All operational projects are monitored on a monthly basis at different levels (from country to Group level) according to their size and risk exposure, using the Rainbow Delivery Dashboard, providing status on financial, delivery and technology, customer, legal, human resources and supplier KPI’s. Bids are also monitored on a constant basis at different level (from country, Divisions, to Group level) according to their size, using review forms specific to bid phases (Pursuit, Strategy, solution, offer, contract…) to balance sales and risks while ensuring the re-use of experience/best practices and the adherence to Atos standards.

F.5.2.1

Business riskmanagement system

Atos Rainbow™ is a set of procedures and tools developed by Atos and implemented by the Group that provides a formal and standard approach to bid execution and contract monitoring. The Group operates a risk management system that facilitates the analysis (by identification and assessment) and treatment (by control and financing) of business risks throughout the life cycle of a project. This process is integrated with the control and approval process when entering into new contracts. The objective is to ensure that the Group only bids for projects that can be delivered effectively and to provide an early warning system for any project that encounters problems or diverges from its original targets. Specifically, the risk management process: Identifies potential exposures, including technical, legal and ● financial risks that could have an impact during the life cycle of the project;

280

Worldline 2017 Registration Document