Cap Gemini - Registration Document 2016

2

CORPORATE GOVERNANCE AND INTERNAL CONTROL

2.5 Internal control and risk management procedures

In this respect, the risk management coordinator: Makes methodology tools and approaches available to the ◗ various management bodies. Coordinates all risk management activities within the Group. ◗ Centralizes and consolidates all work and particularly work ◗ performed by the various priority risk. Encourages the sharing of good practice within the Group. ◗ 1 st line of defense: from management to employees Operations and Business unit management supplement and relevant laws, regulations and customary practices in the country where they operate, in order to exercise control more effectively adapt the Blue Book drafted by Group Management, by drawing up detailed internal control procedures which comply with the communicated by the Group functional departments. identification and control of risks relating to their own environment, in compliance with the rules and procedures implemented and Operations and Business Unit management duties include the 2 nd line of defense: function departments with risk expertise The various Group functional departments assist the Risk over risks specific to their local market and culture. sector and ensures, in particular, the consistency of actions undertaken in the Business Units with these guidelines. It assists Committee with the identification and prioritization of risks. Each department defines and rolls out risk control systems in its activity all Group entities by facilitating the sharing of risk management and internal control best practice. Chief Executive Officer, guaranteeing the independence of the internal audit function with respect to the functions and Business Audit function. Its Director reports directly to the Chairman and For over 30 years, the Capgemini Group has had a central Internal 3 rd line of defense: internal audit languages spoken locally in the Group. This significant internationalization of the internal audit team reflects the desire to Units audited. The internal audit team comprises 32 auditors, representing 12 different nationalities and covering 90% of the seventeen auditors including three technical experts specializing in accompany the expansion of the Group into new regions of the world; the Internal Audit Department also has a Bombay desk with the internal audit function independently assesses the effectiveness of internal control and risk management procedures In accordance with professional standards governing this activity, reasonable assurance - and not an absolute guarantee - against all risks. given that, irrespective of how well they are drafted and how stringently they are applied, these procedures can only provide Internal Audit is therefore tasked with: reviewing the internal control procedures implemented in the Strategic Business Units and their component legal entities to ensure that they comply with the general principles and rules laid are exposed locally; down by the Group and with certain specific procedures enabling the elimination or mitigation of the risks to which they the review of IT projects.

their complete independence from the unit being audited). (Group Delivery Auditors), who are selected from among a list of Group accredited professionals according to their skills (and also auditing the Group’s major contracts considered to present ◗ significant risk; Internal Audit uses one or more technical experts Each Business Unit is audited in line with a bi-annual program covering the entire Group: the Chairman and Chief Executive budgetary commitments, etc.). At the request of the Chairman and Chief Executive Officer, the Internal Audit Department may Officer has the power to modify this program in the event of an emergency (delays and irregularities, major divergence from also perform special assignments to review specific situations. responsible for the ethics and compliance programs and the ethics phase of due diligence assignments on companies that the The Ethics, Compliance and Internal Audit Department is directly target company in order to ensure, in particular, their compatibility with Capgemini Group expectations. Group is considering acquiring. These reviews involve an examination, from an ethical stance, of all the activities of the management of the unit audited undertook to implement as quickly as possible in order to improve or correct the points identified by the audit. Internal Audit uses a tool covering the 51 audits of units belonging to all Group Strategic Business ◗ Units. Each audit involved an average of 36 man-days in the field and concluded with the issue of an action plan that entire Group and enabling it to monitor real-time the implementation of recommendations following the audit, Executive Officer; 1 special assignments at the request of the Chairman and Chief ◗ 1 ethical due diligence assignment. ◗ The Ethics, Compliance and Internal Audit Director presents: twice annually to the Audit & Risk Committee of Cap Gemini ◗ S.A. Board, a comprehensive report on the department’s work processing of financial and accounting information); during the half-year (particularly regarding internal control efficiency and risk management in the preparation and the Group’s Code of Business Ethics. Gemini S.A. Board a specific report on measures implemented under the ethics program and the result of compliance audits of once annually to the Ethics & Governance Committee of Cap ◗ Chairman and Chief Executive Officer on any matter that it considers should be brought to his attention and informs the Audit at any moment draw up a special report for presentation to the and Risk Committee and/or the Ethics & Governance Committee where significant deviations have been identified. Finally, the Ethics, Compliance and Internal Audit Department may this Registration Document. The main risk exposures faced by the Group and the related risk management systems are set out in the Risk Analysis section of During 2016, the Ethics, Compliance and Internal Audit: focusing particularly on priority actions;

98

Registration Document 2016 — Capgemini