Compagnie des Alpes - 2017 Registration Document

3 CORPORATE GOVERNANCE

Internal control and risk management procedures

3.5.3

RISK MANAGEMENT PROCEDURES

Action plans have been defined for each of these risks: z with a view to prevention, to attempt to reduce the likelihood of the risk arising; z with a view to protection, to limit the impact on the Group; z with a view to transferring the risk of financial loss to insurance companies, for insurable risks. Steering of risk management procedures A Group Risk Committee, chaired by the Chairman and Chief Executive Officer: z meets several times a year; z comprises all members of the Executive Committee, the Director of Audit and Internal Control and the Group Legal Director; z is prepared and led by the Director of Risk, Insurance and Crisis Management. It is responsible for the steering of the risk management procedures. It examines incidents that have occurred during the period, makes sure that action plans are being followed and are progressing, decides on the approaches to be taken and, if necessary, acts as an arbitrator. Lastly, it takes decisions on certain risks that are not considered a priority, either as a result of the economic or social environment, changes in indicators or weak signals that require particular attention. Specialist Committees complete this system and allow operational risks (risks linked to IT systems) or specific issues (risks linked to intangible assets) to be monitored more closely, as required. Specific case of crisis management Should a crisis arise, the Group has a crisis management system that allows it to quickly mobilise individuals with appropriate expertise to minimise the impact of the crisis and ensure it is resolved in the most effective way. The crisis management system takes into account the Group’s development, in particular its international scope and new areas of business. The Chairman and Chief Executive Officer has placed this system under the responsibility of the Risk, Insurance and Crisis Management Department, which ensures it is implemented, applied and monitored, in coordination with the Group Communications Department, which is responsible for crisis communication. Operational crisis management and communication management guides are distributed to Group entities. These guides include common definitions, a warning procedure, and designated individuals responsible in the subsidiaries for taking action and setting up a crisis unit in the event of a major crisis. Specific training is provided, and rules and penalties are clearly defined. This system enables the Group to be responsive and take quick decisions, both internally and in relation to stakeholders. It allows rapid and effective support to be provided to subsidiaries experiencing a serious incident and to mitigate the consequences, whether in terms of damage to the Group’s image or impact on its activity, at Group or subsidiary level.

CDA Group’s risk management is handled by the Risk, Insurance and Crisis Management Department. It aims to identify, analyse, assess, monitor and control the main risks to which the Group and its subsidiaries are exposed, thus helping to: z protect the value, assets and reputation of the Group; z secure decision-making and processes to help ensure targets are met; z ensure the Company’s actions are consistent with its values; z mobilise Group employees around a common vision of risks. These procedures are based on: z an organisational framework defining roles and responsibilities; z a risk management process comprising the steps of risk identification, Driven by Executive Management and implemented by the Risk, Insurance and Crisis Management Department, these procedures are applied to the holding company and all entities. As is the case with any control procedure, the risk management procedures cannot provide an absolute guarantee with regard to achievement of the Company’s targets. Organisation The Executive Management of the CDA Group decides on: z the risk management policy; z the objectives and values of the Group; z organisation and responsibilities in the area of risk monitoring; z risks to be addressed as a matter of priority and the acceptable risk level. The corporate officers of the entities are the risk owners and are responsible for implementing action plans for all risks under their responsibility. The Group’s experts provide support to the definition and implementation of the action plans. They form a network and are led by the Risk, Insurance and Crisis Management Department, allowing them to share their methods and take charge of cross-functional assignments. Procedures and Steering of risk management The CDA Group carried out detailed risk mapping for its entities and the holding company over several years, based on an assessment of potential impacts, the likelihood of a risk arising and the degree of control present. Since 2016, the Group Risk Committee has reviewed and defined the eight priority risks of the holding, or the Group and its subsidiaries, requiring analysis, definition and monitoring of an action plan. risk analysis and risk management; z management of the procedures.

59

Compagnie des Alpes I 2017 Registration Document