G
Corporate governance and capital
G.3
Report of Chairman of the Board of Directors on corporate governance and internal control
Trusted partner for your Digital Journey
264
contributing to an appropriate control environment include:
Policies and procedures:
The key policies and procedures
importance paid by Atos for compliant, ethical and fair
Code, part of each employee’s work contract outlines the
business behaviors;
the Code of Ethics:
As described in section
G.6.2 Code of
•
Responsibility (Atos has signed the UN Global Compact), this
Ethics
, and in line with Atos commitment to Corporate Social
provides a formal and standard approach to bid management,
Atos Rainbow:
Rainbow is a set of procedures and tools that
•
types of opportunities. Rainbow is the means by which Atos’
balancing sales opportunities and risk management for all
acquisition of the Group’s contracts. Above specific thresholds
management is involved in controlling and guiding the
Rainbow reviews are performed at general management level;
and procedures in terms of internal control include
implemented in all departments. The main impacting policies
operational policies and procedures
have also been
•
“Safety and Physical Security” and “Credit Risk Policy”. They
“Investment Committee”, “Data Protections”, “Contributions”,
are gathered in the Book of Internal Policies.
“Payments & Treasury Security Rules”, “Pension Governance”,
Control, Quality, security etc. The BPCOE community, supported
(BPOM) department focuses on creating an Atos Business
Group Policies, the “Business Process and Rollout Management”
business process owners and the functions related to Internal
Process Center of Excellence (BPCOE) in coordination with
compliance parameters.
organization, KPIs, and internally and externally mandated
targeted business processes, including the supporting
by process analysts, is responsible for documenting existing and
Process management:
Along with the centralization of the
management policy relies on the
Global Capability Model
Human Resource management:
The Group Human Resource
and expertise across the Group. A Group Policy on bonus scheme
(GCM) which is a standard for categorizing jobs by experience
completes this system by setting incentives.
Information Systems:
Group Business Process and Internal IT
directory), Communication (Group websites and Intranet) or
applications), Human Resources (resourcing tool, corporate
Project Managers (capacity planning and project management).
department is in place to provide common internal IT
supports functions like Finance (accounting and reporting
infrastructures and applications for Atos staff worldwide. It
Security and access to these infrastructures and applications as
department and benefit from the core expertise and resources
well as their reliability and performance are managed by this
from the Group.
B
– Communication of relevant and reliable
information
reliable information is provided within the Group.
Several processes are in place to ensure that relevant and
Executive Vice-Presidents.
Monthly reviews
of operational performance by Division and
Group Chief Financial Officer and in the presence of the relevant
Operational Entity are organized under the responsibility of the
A shared ERP system
is deployed and used in most countries
analysis (cross border project analysis, customer profitability…)
information. It allows producing cross border reporting and
(Division, geographical and market axis).
as well as business reports through different analytical axis
of the Group, enabling easier exchange of operational
following the operational and the functional structures. This
Formal information reporting lines
have been defined,
financial and non-financial information as well as operational
formal reporting, based on standard formats, concerns both
risks (through Risk Management Committees), treasury (with
restructuring (Equity Committee).
Payments and Treasury Security Committee), or financial
instructions, issued regularly, and especially for budgeting and
This bottom-up communication is accompanied by top-down
financial reporting sessions.
C
– System for riskmanagement
described in section F5 –Risk management activities of this
document.
analyze and manage risks. Although risk management is part of
Risk management refers to means deployed in Atos to identify,
initiatives have been led concerning risk management, as
a manager’s day to day decision making process, specific formal
may impact the company. The ERM methodology is also used to
Management assessment, identifying the key challenges that
and compliance risks.
perform the Legal Risk Mapping, targeting more specifically legal
Risk management activities include a yearly Enterprise Risk
management function (including a Group Risk Management
Operational risks on projects are managed by the risk
Committee who met monthly to review the most significant and
reproduced for R&D projects with a dedicated organization.
challenging contracts). Similarly, the same process has been
Security Function.
Risks related to logical or physical security are managed by the
risks, and a regular follow up of mitigation actions.
All risk management activities include an assessment of the key
described next section related to “control activities”.
of Internal Control), on the basis of main risks identified, as
Control activities have also been implemented (through the Book