CAPGEMINI_REGISTRATION_DOCUMENT_2017

CORPORATE GOVERNANCE - RISKS{AND INTERNAL{CONTROL

2.5 Risks and internal control

Risks and internal control

In accordance with the Law of July{3, 2008, this section was reviewed and approved by the Board of Directors on February{14, 2018, following a review by the Audit & Risk Committee.

This section was drafted jointly by several Group stakeholders. The departments that play a key role in identifying and controlling major risks include particularly the Internal Audit, Ethics & Compliance, Finance, Insurance, Legal, Human Resources and Security & Mobility Departments.

2

Definition of the internal control and risk management systems 2.5.1 a. Framework

e. Organization of the internal control and risk management systems

The Group builds on the reference framework and the application guidance published initially in January{2007 and updated on July{22, 2010 by the French Financial Markets Authority (AMF). The risk management and internal control systems contribute in a complementary manner to controlling the activities of the Group and satisfy objectives that are also complementary. b. Objectives of the internal control and risk management systems The Group's internal control and risk management systems seek to create and protect the Group's value, assets and reputation, and identify and measure the major risks to which the Group is exposed, anticipate and foresee changes in these risks and finally implement risk prevention and transfer measures. In this context, Capgemini Group has defined and implemented a control system that seeks to ensure: compliance of all management acts with relevant laws and X regulations; compliance with the Group’s seven core values and guidelines set by the Board of Directors and/or Group Management; application by the subsidiaries of instructions communicated; X the smooth functioning of the Group’s internal control X processes safeguarding assets; and the reliability of accounting and financial information. X Capgemini Group ensures the implementation of risk management and internal control systems within its subsidiaries. In 2017, such systems covered all consolidated subsidiaries and Group businesses. Acquired companies are integrated progressively into the internal control and risk management system. All material Group subsidiaries are currently integrated into the general system presented in this report. d. Limitations While contributing to the improved efficiency of its operational support functions, the optimal use of resources and good risk control, this system does not however offer an absolute guarantee of the control of all possible risks imaginable, no more than it can - irrespective of the skills of the employees performing the controls - guarantee alone the attainment by the Group of all objectives set. c. Scope of the internal control and risk management systems

Group values Since its creation, Capgemini has placed significant importance on compliance with the values and principles which guide and inspire its actions and, in particular, our business practices. These seven core values, defined by the Group's founder Mr.{Serge Kampf, are honesty, boldness, trust, freedom, fun, modesty and team spirit. They represent the Group's fundamental DNA and justify its reputation as an ethical and responsible company. In this respect, Capgemini has, for several years, been rated one of the “World's Most Ethical Companies” by the Ethisphere Institute. The ethics system founded on the Group's values and the Code of Business Ethics has been supplemented by several policies. This system seeks to: develop within new recruits an ethical culture promoting X integrity of behavior; raise awareness of compliance with international and national X laws and regulations; highlight initiatives aimed at strengthening the system to X prevent and avoid infractions, non-compliance and negligence in these areas. principles Group Management has distributed a set of rules and procedures known as the Blue Book. Compliance with the Blue Book is mandatory for all Group employees. The Blue Book sets out and comments Capgemini's seven core values, sketches out the overall security framework within which the Group's activities must be conducted, and, finally, describes the desired behaviors and specifies the prohibitions applicable in each of the Group's main functions. These principles ensure consistent, efficient and accountable decision-making. They concern: the delegation of decision-making powers and authorization; X the decision-making process applied within the Group is based on rules governing the delegation of powers complying with the principle of subsidiarity and corresponding to the three levels of Capgemini's organization: the Business Unit, for all issues that fall within its remit, provisions common to the Strategic Business Unit (SBU) for all issues concerning several Business Units under its authority; internal control and risk management

103

REGISTRATION DOCUMENT 2017 — CAPGEMINI