Compagnie des Alpes - 2017 Registration Document

3 CORPORATE GOVERNANCE

Internal control and risk management procedures

z the Ethics Charter states the values and principles of the Compagnie des Alpes Group. It serves as a guide for professional behaviour, reviews the basics of investment ethics, explains the risks of conflicts of interest, and defines appropriate behaviour. It is adjusted in line with regulatory developments; z pursuant to Law No. 2016-1691 of 9 December 2016, known as the Sapin II Law, the Group is currently implementing a plan for the prevention of corruption and trading in influence, including an anti-corruption code of conduct and a whistleblowing procedure; z a charter for the use of IT resources. Like the Ethics Charter, it is being gradually applied to all Group employees. Information and communication Each functional or operational department defines the charters, rules and procedures that fall within its area of responsibility. These documents make up the Group Reference Documents, which are made available to all Group employees who are required to apply them. A document management tool, administered by the Audit and Internal Control Department, is accessible through the Group’s Intranet. The entities of the Group are responsible for translating Group rules and procedures, into rules, procedures and operating methods adapted to their organisation, and also for communicating these to all employees concerned. Definition of control measures Since 2013, the CDA Group has embarked on a more detailed formalisation phase of its internal control system, which is gradually being deployed on all of the Group’s processes listed in the process mapping, with a priority given to processes impacting the main income statement lines (sales, purchases, etc.), the production of accounting and financial information, as well as the Group’s priority risks. For each of the processes concerned, the method applied involves drawing up all or some of the following documents: z flow diagram: schematic description of the steps involved in the process. This flow diagram is a standard document at Group level; z internal control benchmark: this guide translates the general internal control targets and describes the controls to be implemented to ensure better control of each of the risks identified, at the level of each step of the process;

z self-assessment questionnaire: this makes it possible to assess the extent to which operating procedures and methods comply with the internal control standard recommended by the Group. All these documents are prepared in collaboration with operational staff, risk experts and the operational departments concerned. Every year, the system is strengthened with the introduction of new processes that are prioritised with the help of Executive Management and the support of the Risk, Insurance and Crisis Management Department. In particular, the system has been enriched with technical standards that are used during cross-referencing between the operational teams of the sites, in order to share best practices and expertise. Since 2013, the gradual addition of new processes to the internal control procedures has strengthened the visibility given to departments as regards risk control for key processes at each Compagnie des Alpes site. A fraud prevention system has been implemented to complete the internal control system. This comprises: z steps to raise awareness amongst employees of financial fraud techniques and how they should act if they encounter attempted fraud: identity theft, protection of sensitive information, etc.; z a system for communicating cases of fraud or attempted fraud by financial managers and operational staff of Group entities. Each notification is analysed and a prevention notice is distributed where necessary. Continuous control and management For all processes with an internal control guide, the Audit and Internal Control Department: z manages the launch of self-assessment campaigns, by sending the questionnaire to the persons responsible for the processes; z analyses the responses and draws up a summary for the whole Group; z proposes action plans and shares best practices. The entities draw up and initiate compliance action plans, which must allow risks to be reduced to an acceptable level for the subsidiary. These entities incorporate relevant controls into their rules and operating procedures and methods. The establishment of action plans is the responsibility of the entity’s management and depends on the entity’s financial and human resources and priorities. Process maturity is reviewed, particularly during internal audit missions, new review campaigns or ad hoc missions conducted at entities. Within this context the Holdings Consolidation and Accounting Department defines the Group’s accounting standards and ensures that they are distributed and applied in accordance with the following principles: z the Financial Directors of the entities are responsible for preparing and producing the parent-company financial statements for their entity. The parent-company financial statements are prepared on the basis of the accounting principles in force in the country, and are restated at the consolidated level, if necessary, to respect the accounting principles laid down by the Group, which makes it possible to guarantee the consistency of the accounting principles used for the consolidated financial statements; z the formats and tools for submitting information to be consolidated are identical for all consolidated entities.

3.5.2 PROCEDURES RELATIVE TO THE PRODUCTION OF ACCOUNTING AND FINANCIAL INFORMATION Organisation and procedures

Accounting and financial information relating to the CDA Group, a listed company, is drawn up by the Holdings Consolidation and Accounting Department. This department is responsible for the preparation and production of the parent-company financial statements of holdings and the Group’s consolidated financial statements. It therefore prepares the financial section of the half-year report and the Registration Document relating to the financial statements as at 30 September, with due consideration for the regulatory requirements applicable to listed companies.

57

Compagnie des Alpes I 2017 Registration Document