Atos - Registration Document 2016

G Corporate governance and capital G.3

Report of Chairman of the Board of Directors on corporate governance and internal control

contributing to an appropriate control environment include: Policies and procedures: The key policies and procedures the Code of Ethics: As described in section G.6.2 Code of • Responsibility (Atos has signed the UN Global Compact), this Ethics , and in line with Atos commitment to Corporate Social importance paid by Atos for compliant, ethical and fair Code, part of each employee’s work contract outlines the business behaviors; provides a formal and standard approach to bid management, Atos Rainbow: Rainbow is a set of procedures and tools that • types of opportunities. Rainbow is the means by which Atos’ balancing sales opportunities and risk management for all acquisition of the Group’s contracts. Above specific thresholds management is involved in controlling and guiding the Rainbow reviews are performed at general management level; and procedures in terms of internal control include implemented in all departments. The main impacting policies operational policies and procedures have also been • “Safety and Physical Security” and “Credit Risk Policy”. They “Investment Committee”, “Data Protections”, “Contributions”, are gathered in the Book of Internal Policies. “Payments & Treasury Security Rules”, “Pension Governance”, Control, Quality, security etc. The BPCOE community, supported business process owners and the functions related to Internal Process Center of Excellence (BPCOE) in coordination with compliance parameters. organization, KPIs, and internally and externally mandated targeted business processes, including the supporting by process analysts, is responsible for documenting existing and management policy relies on the Global Capability Model Human Resource management: The Group Human Resource and expertise across the Group. A Group Policy on bonus scheme (GCM) which is a standard for categorizing jobs by experience completes this system by setting incentives. Information Systems: Group Business Process and Internal IT department is in place to provide common internal IT supports functions like Finance (accounting and reporting infrastructures and applications for Atos staff worldwide. It (BPOM) department focuses on creating an Atos Business Group Policies, the “Business Process and Rollout Management” Process management: Along with the centralization of the directory), Communication (Group websites and Intranet) or applications), Human Resources (resourcing tool, corporate Project Managers (capacity planning and project management). Security and access to these infrastructures and applications as department and benefit from the core expertise and resources well as their reliability and performance are managed by this from the Group.

B – Communication of relevant and reliable information

reliable information is provided within the Group. Several processes are in place to ensure that relevant and Monthly reviews of operational performance by Division and Group Chief Financial Officer and in the presence of the relevant Operational Entity are organized under the responsibility of the A shared ERP system is deployed and used in most countries of the Group, enabling easier exchange of operational analysis (cross border project analysis, customer profitability…) information. It allows producing cross border reporting and (Division, geographical and market axis). as well as business reports through different analytical axis following the operational and the functional structures. This Formal information reporting lines have been defined, financial and non-financial information as well as operational formal reporting, based on standard formats, concerns both risks (through Risk Management Committees), treasury (with restructuring (Equity Committee). Payments and Treasury Security Committee), or financial instructions, issued regularly, and especially for budgeting and This bottom-up communication is accompanied by top-down financial reporting sessions. described in section F5 –Risk management activities of this document. initiatives have been led concerning risk management, as a manager’s day to day decision making process, specific formal analyze and manage risks. Although risk management is part of Risk management refers to means deployed in Atos to identify, may impact the company. The ERM methodology is also used to Management assessment, identifying the key challenges that and compliance risks. perform the Legal Risk Mapping, targeting more specifically legal Risk management activities include a yearly Enterprise Risk management function (including a Group Risk Management Operational risks on projects are managed by the risk Committee who met monthly to review the most significant and reproduced for R&D projects with a dedicated organization. challenging contracts). Similarly, the same process has been Security Function. Risks related to logical or physical security are managed by the risks, and a regular follow up of mitigation actions. All risk management activities include an assessment of the key described next section related to “control activities”. of Internal Control), on the basis of main risks identified, as Control activities have also been implemented (through the Book Executive Vice-Presidents. C – System for riskmanagement

Trusted partner for your Digital Journey

264