WORLDLINE_REGISTRATION_DOCUMENT_2017

F

Risk Factors [GRI 102-15] and [GRI 102-11] Internal Control [GRI 102-16] [GRI 102-17] [GRI 102-25] [GRI 102-33] [GRI 102-34] [GRI 103Socioeconomic compliance]

Internal Audit Internal Audit is outsourced to the Atos group in order to function globally in accordance with consistent methodology. The Audit Committee receives regular reports on the execution of the audit plan, the mission objectives and the results and recommendations resulting therefrom. Internal Audit remains in contact with the statutory auditors to ensure effective coordination between internal and external audit.

In 2017, the Internal Audit department of the Atos group obtained the renewal of the French Institute for Internal Audit’s IFACI certification. This accreditation attests to the quality of the Internal Audit (IA) function, the level of compliance with international standards and IA’s degree of control over key challenges.

Components of the internal control system

F.7.3

A – Organization/control environment The organization, competencies, internal policies (methods, procedures and practices) and systems represent the ground layer of the internal control system and the fundamental principles of the Group. The main components are presented hereafter. Matrix organization : The Company runs a matrix organization structure that combines operational management (Regional Business Units (Geographies)/Global Business Lines) and functional management (Sales & Markets and Support Functions). This matrix structure allows a dual view on all operations and therefore enhances the control environment. Responsibilities and powers : The following initiatives aim to frame the assignment of responsibilities: Delegation of Authority: In order to ensure efficient and ● effective management control from the country level to general management level, a formal policy sets out the authorization of officers of subsidiaries to incur legal commitments on behalf of the Group with clients, suppliers and other third parties. The delegation of authority policy approved by the Board of Directors and is being rolled-out under the supervision of the Group Legal & Compliance department; Segregation of Duties: the policy for segregation of duties ● (SOD) defines accountability for implementing and monitoring organizational and technical measures proportionate to the risks of errors or fraud. Tooling has been used to perform automatic assessments of those rules in the main systems. Policies and procedures : The policies and procedures contribute to an appropriate control environment. They are reassembled in the Book of Internal Policies and stored in a common standard. They include, among other, policies and procedures regarding the Code of Ethics, the Protection of Personal Data, Payments and Treasury, Security Rules, the Investment Committee and the Security Policy. The Group also implements whistleblowing policies as part of the practices put in place by the Atos group. The Group participates in the Atos “Business process and rollout management” department, which focuses on creating an Business Process Center of Excellence (BPCOE) in coordination with business process owners and the functions related to Internal Control, Quality, security etc. The BPCOE community, supported by process analysts, is responsible for documenting

existing and targeted business processes, including the supporting organization, KPIs, and internally and externally mandated compliance parameters. Atos Rainbow™: Rainbow is a set of procedures and tools set by Atos group that provides a formal and standard approach to bid management, balancing sales opportunities and risk management for all types of opportunities. Rainbow is the means by which Worldline’s management is involved in controlling and guiding the acquisition of the Group’s contracts. Above specific thresholds Rainbow reviews are performed at general management level; Human Resource management : The Group Human Resource management policy relies on the Global Capability Model (GCM), which is a standard for categorizing jobs by experience and expertise across the Group. A Group Policy on bonus scheme completes this system by setting incentives. Information Systems : Group Business Process and Internal IT department is in place at Group level to provide common internal IT infrastructures and applications for Atos staff worldwide. It supports functions like Finance (accounting and reporting applications), Human Resources (resourcing tool, global directory), Communication (Group website and intranet) or Project Managers (capacity planning and project management). Security and access to these infrastructures and applications as well as their reliability and performance are managed by this department and benefit from the core expertise and resources from the Group. B – Communication of relevant and reliable information Several processes are in place to ensure that relevant and reliable information is provided within the Group. Monthly reviews of operational performance by Global Business Line and Regional Business Units are organized under the responsibility of the Group Chief Financial Officer and in the presence of the relevant members of the Executive Committee. A shared ERP system is deployed across the countries where the Group operates, except for entities recently acquired, enabling easier exchange of operational information. It allows cross border reporting and analysis (cross border project analysis, customer profitability, etc.) as well as business reports through different analytical axes (business line, geographical and market axis).

286

Worldline 2017 Registration Document