![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0099.jpg)
CORPORATE GOVERNANCE AND INTERNAL CONTROL
2.5 Internal control and risk management procedures
2
97
Registration Document 2016 — Capgemini
decision-making. They concern:
These principles is to ensure consistent and efficient
authorization
; the decision-making process applied within the
Group is based on rules governing the delegation of powers
the delegation of decision-making powers and
◗
complying with the principle of subsidiarity and corresponding to
the three levels of Capgemini’s organization:
the Business Unit, for all issues that fall within its remit,
◗
concerning several Business Units under its authority,
provisions to the Strategic Business Unit (SBU) for all issues
◗
divestments, etc.) and/or whose financial impacts exceed
well-defined materiality thresholds.
Strategic Business Unit and for all transactions that must be
decided at Group level due to their nature (acquisitions,
the Group (Committee, Group Management, central functions,
◗
etc.) where a decision concerns a wider scope than the
and drawbacks of each of the possible solutions.
all interested parties as well as an assessment of the advantages
sufficient information to the parties involved. Recommendations
submitted to the final decision-maker must include the views of
This process has been formalized in an authorization matrix
which requires both prior consultation and the provision of
underpinning the Group’s internal control procedures, and sets
out the Group's requirements in each of the following areas:
Blue Book defines the governance and organization of the
Group and the main principles and basic guidelines
the framework of general policies and procedures
; the
◗
Group key principles,
❚
Group organization and governance,
❚
authorization and approval processes,
❚
sales and production rules and guidelines,
❚
client contract pre-sale phase,
risk management, pricing, contracting and legal rules, in the
❚
rules and guidelines,
financial management, merger, acquisition, and insurance
human resources policies,
❚
marketing and communications, knowledge management
❚
and Group IT,
procurement policies, including ethical requirements and
supplier selection,
environmental and community policies.
❚
inventories the tools and methods which help them control risks
identified in the exercise of the Group's businesses.
This set of rules and procedures, which has force of law within the
Group, reminds employees of their obligations in this area and
environment.
This rules and procedures were updated in 2016 to reflect the
development of the Group's business activites and changes in its
Risk management and internal control players
for each of the three lines of defense.
risk committee and involving various parties operating at different
levels of the organization. These key players are presented below
In 2016, the Group a risk management system administered by a
development of the Group’s business activities and changes in its
environment.
These rules and procedures are updated periodically to reflect the
Governance bodies
The Audit & Risk Committee
and actions plans for priority risks.
Management. These reviews encompass the overall consistency
of the system, the priority risks identified, new or emerging risks
internal control systems. The Audit & Risk Committee will therefore
be required to review all systems implemented by Group
The Group Audit & Risk Committee of Cap Gemini S.A. Board is
responsible for monitoring the efficiency of risk management and
Group management and the Risk Committee
relating to the risk management process within the Group. The
and internal control system within the Group. It reports to the
Audit & Risk Committee on all issues concerning these systems.
Risk Committee, chaired by the Group Chief Financial Officer, is
responsible for the effective implementation of a risk management
Group management has delegated to a Risk Committee, created
in 2016, the definition and implementation of the various activities
the Group. At least two meetings are held annually to discuss the
following main issues:
The Risk Committee brings together the main members of Group
Management with key players in the risk management process within
internal control systems within the Group;
monitoring of the implementation of risk management and
◗
the identification and prioritization of risks; the Risk Committee
validates the mapping of the Group’s main risks;
risks;
the monitoring of plans defined and implemented for priority
◗
the various Business Units.
the potential review of new or emerging risks communicated by
◗
The Risk Committee is also responsible for:
proposing to the Board of Directors the acceptable Group’s risk
◗
level ;
monitoring changes in the Group’s main risks;
selecting the priority risks to be covered by short-term action
◗
plans;
Committee;
monitoring these action plans in conjunction with the managers
◗
responsible for the priority risks, as designated by the Risk
Business Units and functional departments.
activities of the Risk Committee, and the managers of the various
the Insurance Director, who is responsible for coordinating the
Group risk management and who supports the risk managment
At an operating level, the Risk Committee builds on the actions of