ASSYSTEM_Registration_Document_2017

3

MANAGEMENT REPORT

INTERNAL CONTROL AND RISK MANAGEMENT PROCEDURES PUT IN PLACE BY THE COMPANY RELATING TO THE PREPARATION AND PROCESSING OF ACCOUNTING AND FINANCIAL INFORMATION

The quarterly project reviews help to identify the risks involved in ongoing projects and to decide on any actions to be taken to reduce them. These reviews – which mainly relate to fixed-fee projects – are carried out using check-lists and enable the following areas to be dealt with: ● recognition of revenue in line with the financial progress of the contract; ● cash flows. Each business unit also carries out monthly project reviews, which cover the vast majority of ongoing projects. The risk mapping procedure put in place by the Group covers the different categories of major risks to which the Group is exposed and measures these risks in terms of impact and vulnerability (i.e. net exposure to risks after taking existing controls and risk reduction measures into account). Assystem has opted for a “top-down” approach to allow the Group's management to obtain an overall view of the major risks to which it is exposed. This overall view emerges as a result of discussions with members of the executive management team and with Assystem's key operations and corporate support managers. The discussions are based on an inventory of the main risk factors and an assessment of their potential impact and probability of occurrence, and they cover the following principal themes: ● finance. For each of the above categories, the main risks have been identified, defined and assessed in terms of their impact and probability of occurrence. The criteria used to assess the impact of identified risks and the probability of their occurrence are described below. IMPACT For risks whose consequences can be measured in monetary terms, their impact on consolidated operating profit is determined in accordance with the following scale. ● margin on completion; ● contractual risks and related reserves and provisions; ● business/operations; ● contract and project management; ● HR/people and skills management;

TOOLS The Group has put in place a set of key indicators which enable it to monitor project management. These indicators are tracked during the quarterly project reviews carried out with operations staff by the CFO & Deputy CEO. The Group's financial reporting also includes a series of indicators and aggregates which allow for a finely-tuned analysis of the performance of the various subsidiaries and business units. In addition to these indicators, the Group specifically monitors its indirect costs, billable staff time and billing rates. All of the tools used are also rounded out by the Group's internal control measures. 3.8.3.2 Internal communication The Intranet and the reporting and consolidation system are the two centralised communication channels used by the Group to relay key information that is necessary for the people concerned to exercise their responsibilities. The QMS manual and the main procedures applicable at local level (relating to IT, human resources and project management) are published on the Intranet. All of the subsidiaries are equipped with the reporting and consolidation system (LINK), which is the platform used for the financial information published by the Group. An accounting guide is distributed to all Group subsidiaries to ensure that information is submitted in a standardised fashion. The Group communicates with its subsidiaries by circulating memorandums and procedures in order to ensure that matters affecting the Group as a whole, such as investments, cash management, the monitoring of trade receivables, etc., are dealt with in a consistent manner. Lastly, subsidiaries are responsible for setting up and maintaining management information systems that are compatible with the Group's objectives in terms of reporting financial information and managing projects. At this stage, the Group has not opted to implement a shared management information system for all of its subsidiaries. It does, however, take care to ensure that the descriptions and content of its key performance indicators are harmonised for comparable activities in order to enable cross-business analyses (in particular project profitability analyses) to be carried out based on the same data, and to facilitate the exchange of skills between business units and countries. 3.8.3.3 Identifying, analysing and managing risks The Group attaches critical importance to effectively managing its risks. The “Risk Factors” Chapter of this Registration Document (Chapter 5) describes the Group's main risks as well as the measures implemented to manage them.

50

ASSYSTEM

REGISTRATION DOCUMENT 2017