Worldline - 2020 Universal Registration Document

F

RISK ANALYSIS Internal Control

Internal control system players F.4.2

Group Internal Control The Internal Audit department consists of a central team at Group level. The team operates in accordance to the same consistent methodology and approach. In addition, single points of contacts are foreseen for regulated entities. This includes the definition of processes, tools and methodologies for Internal Control, the ownership of the Group Control Framework (Book of Internal Controls) and driving the monitoring of Internal Control activities. Group Internal Control relies on local Internal Control Process Coordinators in managerial units. Internal Audit The Internal Audit department consists of a central team at Group level. The team operates in accordance to the same consistent methodology and approach. In addition, single points of contacts are foreseen for regulated entities. The Audit Committee receives regular reports on the execution of the audit plan, the mission objectives and the results and recommendations resulting therefrom. Internal Audit remains in contact with the statutory auditors to ensure effective coordination between internal and external audit. In 2020, the Internal Audit department of Worldline maintained/renewed the French Institute for Internal Audit’s (IFACI) certification. This accreditation attests to the quality of the Internal Audit (IA) function, the level of compliance with international standards and IA’s degree of control over key challenges.

The main bodies involved in the implementation of internal control procedures are as follows:

Board of Directors supported by Audit Committee

The Board of Directors prepares governance rules detailing the Board’s role supported by its Committees. Those Committees enlighten the Board as to the quality of the internal control system. The Audit Committee, in particular, is informed of the content and the implementation of internal control procedures used to ensure the reliability and accuracy of financial information and operations and stays informed about the proper implementation of the Internal Control System. General management and Management Committees General management is responsible for the management of the Group’s business and focuses on strategic aspects to develop the Group as well as the operational management. Management Committees, at different levels, are responsible for implementing and monitoring the internal control system within their respective areas of responsibility. Audit, Risk and Compliance (ARC) Committee The Audit, Risks and Compliance Committee has been setup under the supervision of Group Internal Audit, in order to strengthen the local supervision of Internal Control topics. Its purpose is to share the main audit conclusions with local management, and to review action plans related to identified weaknesses or potential risks.

Components of the internal control system F.4.3

Organization/control F.4.3.1 environment

Business Lines) and functional management (Support Functions). This matrix structure allows a view from different angles on operations. In order to ensure efficient and effective management control from the country level to general management level, a formal policy sets out the authorization of officers of subsidiaries to incur legal commitments on behalf of the Group with clients, suppliers and other third parties. The delegation of authority guidelines are being rolled-out under the supervision of the Group Legal & Compliance department. The Group Human Resource management relies on the Global Capability Model (GCM) which is a standard for categorizing jobs by experience and expertise across the Group. It provides an overview of the wide variety of positions in the organization as well as on the different levels of experience and expertise required in each position.

The control environment refers to the internal culture, the control consciousness, the management style, integrity, ethics, organization, assignment of authority and responsibility, competencies, systems and policies (methods, procedures and practices) that contribute to the implementation of a context favorable to the control of the risks. It represents the ground layer of the internal control system. The main components are presented hereafter. The Code of Ethics defines acceptable behavior (leading by example, tone at the top), in line with Worldline’s commitment to corporate social responsibility. The Company is based on a matrix organization that combines operations (Regional Business Units (Geographies)/Global

354

Universal Registration Document 2020