G

Corporate governance and capital

G.3

Report of Chairman of the Board of Directors on corporate governance and internal control

Trusted partner for your Digital Journey

264

contributing to an appropriate control environment include:

Policies and procedures:

The key policies and procedures

importance paid by Atos for compliant, ethical and fair

Code, part of each employee’s work contract outlines the

business behaviors;

the Code of Ethics:

As described in section

G.6.2 Code of

•

Responsibility (Atos has signed the UN Global Compact), this

Ethics

, and in line with Atos commitment to Corporate Social

provides a formal and standard approach to bid management,

Atos Rainbow:

Rainbow is a set of procedures and tools that

•

types of opportunities. Rainbow is the means by which Atos’

balancing sales opportunities and risk management for all

acquisition of the Group’s contracts. Above specific thresholds

management is involved in controlling and guiding the

Rainbow reviews are performed at general management level;

and procedures in terms of internal control include

implemented in all departments. The main impacting policies

operational policies and procedures

have also been

•

“Safety and Physical Security” and “Credit Risk Policy”. They

“Investment Committee”, “Data Protections”, “Contributions”,

are gathered in the Book of Internal Policies.

“Payments & Treasury Security Rules”, “Pension Governance”,

Control, Quality, security etc. The BPCOE community, supported

(BPOM) department focuses on creating an Atos Business

Group Policies, the “Business Process and Rollout Management”

business process owners and the functions related to Internal

Process Center of Excellence (BPCOE) in coordination with

compliance parameters.

organization, KPIs, and internally and externally mandated

targeted business processes, including the supporting

by process analysts, is responsible for documenting existing and

Process management:

Along with the centralization of the

management policy relies on the

Global Capability Model

Human Resource management:

The Group Human Resource

and expertise across the Group. A Group Policy on bonus scheme

(GCM) which is a standard for categorizing jobs by experience

completes this system by setting incentives.

Information Systems:

Group Business Process and Internal IT

directory), Communication (Group websites and Intranet) or

applications), Human Resources (resourcing tool, corporate

Project Managers (capacity planning and project management).

department is in place to provide common internal IT

supports functions like Finance (accounting and reporting

infrastructures and applications for Atos staff worldwide. It

Security and access to these infrastructures and applications as

department and benefit from the core expertise and resources

well as their reliability and performance are managed by this

from the Group.

B

– Communication of relevant and reliable

information

reliable information is provided within the Group.

Several processes are in place to ensure that relevant and

Executive Vice-Presidents.

Monthly reviews

of operational performance by Division and

Group Chief Financial Officer and in the presence of the relevant

Operational Entity are organized under the responsibility of the

A shared ERP system

is deployed and used in most countries

analysis (cross border project analysis, customer profitability…)

information. It allows producing cross border reporting and

(Division, geographical and market axis).

as well as business reports through different analytical axis

of the Group, enabling easier exchange of operational

following the operational and the functional structures. This

Formal information reporting lines

have been defined,

financial and non-financial information as well as operational

formal reporting, based on standard formats, concerns both

risks (through Risk Management Committees), treasury (with

restructuring (Equity Committee).

Payments and Treasury Security Committee), or financial

instructions, issued regularly, and especially for budgeting and

This bottom-up communication is accompanied by top-down

financial reporting sessions.

C

– System for riskmanagement

described in section F5 –Risk management activities of this

document.

analyze and manage risks. Although risk management is part of

Risk management refers to means deployed in Atos to identify,

initiatives have been led concerning risk management, as

a manager’s day to day decision making process, specific formal

may impact the company. The ERM methodology is also used to

Management assessment, identifying the key challenges that

and compliance risks.

perform the Legal Risk Mapping, targeting more specifically legal

Risk management activities include a yearly Enterprise Risk

management function (including a Group Risk Management

Operational risks on projects are managed by the risk

Committee who met monthly to review the most significant and

reproduced for R&D projects with a dedicated organization.

challenging contracts). Similarly, the same process has been

Security Function.

Risks related to logical or physical security are managed by the

risks, and a regular follow up of mitigation actions.

All risk management activities include an assessment of the key

described next section related to “control activities”.

of Internal Control), on the basis of main risks identified, as

Control activities have also been implemented (through the Book