SOLOCAL_Registration Document_2017

3

CORPORATE SOCIAL RESPONSIBILITY 3.4 Societal responsibility

These principles are based on: a policy contributing to the development of the culture of internal l control and the principles of integrity; the identification and analysis of risk factors that could l compromise attaining the Group’s objectives; an organisation and procedures designed to ensure that senior l management’s strategies are implemented; periodic review of control activities and a continuous effort to l improve; the process for distributing internal control information. l In order to achieve its objectives, SoLocal Group has set forth and implemented general guidelines for internal control that are largely based on the guidelines published in 1992 by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and on the AMF’s internal control framework and recommendations. The following description of SoLocal Group’s internal control and risk management procedures is based on this framework. The assessment made for this purpose was carried out in accordance with the key points of this framework and its implementation guidance. It also takes into account the work of IFACI, (Institut français de l’audit et du contrôle internes) the French Internal Control and Audit Institute. The internal control system involves all SoLocal Group governance bodies and employees. The organisation of internal control is based on a centralised Management division supported by a network of employees within the various departments and entities. This organisation aims to provide reasonable assurance of achievement of the aims of the business (compliance and reliability of the results obtained) by means of the internal control system. Internal audit policy The Internal Audit team ensures that the internal control system is mature and appropriate by evaluating its effectiveness and efficiency, while promoting continuous improvement. On the basis of a risks assessment, the Internal Audit team evaluates the system’s relevance and effectiveness by assessing the quality of the Group’s control environment, the work of internal governance bodies, the reliability and integrity of financial and operational information, operational effectiveness and efficiency, asset protection, and legal, regulatory and contractual compliance. SoLocal Group’s Internal Audit team is responsible for performing the tasks defined in the audit plan at the beginning of the year. It answers to the Group’s senior management but is functionally supervised by the Board of Directors’ Audit Committee. Internal Audit staff perform three types of audits: on the compliance and effectiveness of processes and activities; l audits on the maturity of internal control; l audits on those areas decided by the Audit Committee. l

RISK MANAGEMENT AND SUPPLIER

3.4.1.3

RELATIONS

Information security Internally, employees have access to the Group’s “Information Security Policy” via the Group Intranet. This policy constitutes a Reference Code on conduct associated with the security of information for SoLocal Group which must be implemented by each entity of the Group. It describes the management’s commitment to information security, its scope, the items taken into account, the regulations and contractual obligations, the objectives and responsibilities. It covers all security issues caused by the handling of information, at physical, technical and organisational levels, whatever the medium used. It also covers the use of information and communication technologies. Guidelines specify, depending on the use, in particular, of new digital technologies and in light of the new risks associated with them, the rules to be followed and applicable best practice, firstly to ensure the identification and authentication of internal users when connecting to components of the SoLocal Group’s information system (more broadly speaking: machines, systems, applications, routers, etc.). In addition, and as mentioned on the Group’s Intranet site available to all employees, information is an important part of the SoLocal Group’s assets; operational activity, the Group’s competitiveness and employment directly depend on it. The damage to which the Group is exposed may be strategic, economic, financial, social or media-related. Thus, each employee has a responsibility for the information they issue or transmit, and for the security of that information. Each person is asked to use the appropriate pictograms, which indicate the degree of security of the documents used (in ascending order: “free”, “confidential”, and “secret”). Internal control Internal control at SoLocal Group is a set of processes and measures defined by senior management and implemented by employees which serve to meet the following objectives: compliance with the applicable laws and regulations in force, l both within and outside the Group; observance of the Board of Directors’ instructions and l guidelines; prevention and control of operational risks, financial risks and l risk of error and fraud; optimisation of internal processes by ensuring that operations l are effective and that resources are used efficiently; the quality and fair presentation of accounting, financial and l management information.

74

2017 Registration Document SOLOCAL