REPORTS OF THE BOARD OF DIRECTORS

8

REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS

The various risks thus assessed are positioned on a map with two axes

(impact and probability), which is then used to rank them as follows:

●

high probability/significant impact:

priority risks which require

attention and monitoring by the Board of Directors. These risks are

placed under the direct responsibility of one or more members of

the Board of Directors, who are tasked with ensuring that a related

action plan is in place and that the resulting measures taken effectively

reduce the level of risk;

●

high probability/low to medium impact:

risks requiring that the

Board of Directors is regularly informed in order to provide it with a

reasonable assurance of the proper functioning of controls aimed at

reducing the possibility of the risks occurring;

●

low to medium probability/low to medium impact:

risks requiring

that the Board of Directors is regularly informed in order to provide it

with reasonable assurance of the proper functioning of controls aimed

at mitigating the impact in the event that the risks occur;

●

low probability/low impact:

non-priority risks requiring that the

Board of Directors is periodically informed in order to provide it with

reasonable assurance of the proper functioning of controls aimed at

containing the risks in this category or completely eliminating them.

8.1.3.3.4 CONTROL ACTIVITIES IN LINE WITH OBJECTIVES

In view of the Group’s high degree of decentralisation and its policy

of delegating powers and responsibilities, the scope of the controls

implemented is defined by each subsidiary’s management team based

on the Group’s underlying internal control framework.

The main purpose of the controls performed is to reduce the major risks

to which the Group is exposed.

The principal categories of control activities cover the following areas:

●

contract authorisation: the Group has established delegation

principles which give the appropriate managers the necessary powers

to authorise contracts. The controls performed cover each contract

phase:

●

selection of invitations to tender,

●

submission of bids,

●

definition of billing rates and pricing,

●

contract riders;

●

contract review: the Legal Affairs Department conducts an independent

review of major contracts before they enter into force. In particular,

the Legal Affairs Department is responsible for defining the general

terms and conditions of services, which are stated on client invoices;

●

time management and billing: each subsidiary verifies the time entered

into the applications used for this purpose. The controls carried out

ensure that time is correctly allocated to ongoing projects and also

trigger client invoicing;

●

payments: the Group has introduced a dual signature policy for

means of payment. In line with this policy, the Company defines

thresholds for the authorisation of subsidiaries’ expenses based on

categories of authorised signatories. The secure bank messaging

system, “swaps”, is used to ensure that the policy is respected. In order

to reinforce the supervision and control of certain geographically

distanced subsidiaries, the Group Treasury Department receives

details of monthly expenses incurred and carries out

ex-post

controls

on these expenses;

●

budget and budget adjustments: each subsidiary presents the budget

that it has drawn up for the current financial year to the members of

the executive management team who authorise budgets. The same

procedure applies to budget adjustments that are made during the

year;

●

periodic results and reporting: periodic results are reported every

month

via

the reporting and consolidation application (LINK). The

Group Finance Department conducts a critical review of these results

and obtains any further information that it may require from the

relevant subsidiaries.

The Group also places particular importance on the appropriate

segregation of tasks in order to strengthen the controls undertaken in

relation to critical transactions, particularly payments.

In small-sized entities, the appropriate segregation of tasks is sometimes

difficult to achieve owing to the entity’s organisational structure. In

such cases, specific controls are put in place, essentially in the form of

increased supervision by management, which conducts an independent

review of critical transactions for control and authorisation purposes.

8.1.3.3.5 ONGOING MONITORING OF THE INTERNAL CONTROL PROCESS

Overseeing the internal control process is one of the primary duties

of the Board of Directors and the Audit Committee as well as of the

Group’s support and Operations Departments.

The Group’s executive management team defines the Group’s overall

internal control principles and ensures that they are correctly applied.

The Audit Committee examines the main reports related to the accounts

as well as those concerning internal control.

The internal control process is also assessed by local management

(managing directors and finance directors) by way of letters issued by

these executives certifying compliance with the applicable procedures

for preparing the financial statements and other information provided

in connection with the preparation of the annual accounts.

8.1.3.3.6 2017 ACTION PLAN

The Group has made internal control part of a continuous improvement

plan with the aim of enhancing the operational effectiveness of its

processes. In line with this, the action plan drawn up for 2017 notably

includes carrying out a priority review of recently-acquired subsidiaries,

covering financial and legal issues as well as IT systems.

Paris, 7 March 2017

Dominique Louis

Chairman of the Board of Directors

ASSYSTEM

REGISTRATION DOCUMENT

2016

171