Worldline - 2019 Universal Registration Document

F

RISK ANALYSIS Internal Control

The Audit Committee receives regular reports on the execution of the audit plan, the mission objectives and the results and recommendations resulting therefrom. Internal Audit remains in contact with the statutory auditors to ensure effective coordination between internal and external audit.

In 2019, the Internal Audit department of Worldline maintained/renewed the French Institute for Internal Audit’s (IFACI) certification. This accreditation attests to the quality of the Internal Audit (IA) function, the level of compliance with international standards and IA’s degree of control over key challenges.

Components of the internal control system F.5.3

Organization/control environment F.5.3.1 The control environment refers to the internal culture, the control consciousness, the management style, integrity, ethics, organization, assignment of authority and responsibility, competencies, systems and policies (methods, procedures and practices) that contribute to the implementation of a context favorable to the control of the risks. It represents the ground layer of the internal control system. The main components are presented hereafter. The Code of Ethics defines acceptable behavior (leading by example, tone at the top), in line with Worldline’s commitment to corporate social responsibility. The Company is based on a matrix organization that combines operations (Regional Business Units (Geographies)/Global Business Lines) and functional management (Support Functions). This matrix structure allows a view from different angles on operations. In order to ensure efficient and effective management control from the country level to general management level, a formal policy sets out the authorization of officers of subsidiaries to incur legal commitments on behalf of the Group with clients, suppliers and other third parties. The delegation of authority guidelines are being rolled-out under the supervision of the Group Legal & Compliance department. The Group Human Resource management relies on the Global Capability Model (GCM) which is a standard for categorizing jobs by experience and expertise across the Group. It provides an overview of the wide variety of positions in the organization as well as on the different levels of experience and expertise required in each position. A worldwide Performance Management system (My Career) is in use to support individual development and coaching. Moreover, Balanced Score Cards are used to cascade business objectives. Through performance reviews, objectives are set and progress is measured to ensure continuous improvement for every individual in the organization. Through the global quality organization, Worldline has defined and implemented policies and processes for service delivery and support functions. Within the defined processes across the business, performance indicators, roles and responsibilities and internal controls are specified. These are part of and published in the Worldline Management System and contribute to an appropriate control environment.

Information Systems: Group Internal IT department is in place at Group level to provide common internal IT infrastructures and applications for Worldline staff worldwide. It supports functions like Finance (accounting and reporting applications), Human Resources (resourcing tool, global directory), Communication (Group website and intranet) or Procurement. Security and access to these infrastructures and applications as well as their reliability and performance are managed by this department and benefit from the core expertise and resources from the Group. System for risk management F.5.3.2 The Group operates a risk management system that facilitates the analysis and treatment of business risks throughout the life cycle of a product or service. Risk management is embedded in the Group’s decision-making and operating processes and is managed according to the risk management model as described in the risk management chapters of this document Section F.1. Those risk processes allow to identify and analyze main risks that may, as one of the risk mitigating solutions, call for focus and/or implementation of improved internal control. as described in the following Section F.5.3.4 "Control activities". Control activities F.5.3.3 Key control activities of the Group are described in the risk and control matrix: “Book of Internal Controls” (BIC). This document not only covers the financial processes, but also various other areas such as delivery, procurement, human resources and risk and compliance activities (e.g. security, legal, sustainability). The updated Book of Internal Control is released and distributed throughout the Group every year, taking into account new or changed services or processes and related control activities. This document evolves along with the processes evolution and the emerging risks (update at least once a year).

346

Universal Registration Document 2019