2. GENERAL INFORMATION 2.2 Risk management and internal control To accomplish its mission, meet its objectives and secure its commitments, the Group has defi ned rules and principles to guide employees in their daily work, at the initiative of the Chief Executive Offi cer. The Book of Business Principles sets out the rules of governance, authorization thresholds and principles of internal control. Two specialized committees To ensure that these principles are properly applied and to clarify its policy, the Executive Board relies on two specialized committees: ● the Group Investment Committee, which meets on a weekly basis and signs off on investment commitments and commercial contracts above a certain threshold. The Committee consists of nine permanent members, each representing a different Group department (management control, fi nance, legal affairs, compliance, sustainability, etc.), who may be joined from time to time by experts, depending on the nature of the projects presented. Projects are reviewed against the key elements provided: background and reason for the project, fi nancial data, key characteristics of the project, SWOT analysis, evaluation and risk mitigation plan. Other elements also brought to the attention of members of the Committee include a detailed operational description, legal framework, detailed fi nancial assumptions and expert opinions. Projects not reaching the threshold for review by the Group Investment Committee are examined by equivalent committees that are in place at regional level and in the lines of business. Certain projects require prior approval of the SNCF Group; ● the Risk Committee consists of 15 permanent members chosen for their position, expertise and knowledge of the Group’s organization and activities. The Committee is responsible for monitoring changes in internal and external risk factors that have a major impact on the Group’s strategy and objectives, based on risk mapping, internal audit reports, external best practices and the inventory of risks and disputes in all Group entities. It takes all necessary decisions or chooses orientations in terms of risk prevention and management, internal control, ethics and compliance, in order to reinforce the Group’s level of control over all types of risk, fi nancial and non-fi nancial. Its role is to identify and analyze any potential or proven risk, choose preventive or corrective measures to be taken by the Group to ensure their effective implementation, and to monitor them on a regular basis. It updates the Group’s risk map at Committee meetings, which are held quarterly or more frequently if necessary. Governance, Risks and Compliance The Governance, Risks and Compliance Department encompasses three areas of expertise: ● the Group Ethics and Compliance Department; ● the Group Internal Control and Risk Management Department; ● the Group Internal Audit Department. The Group executive vice-president, Governance, Risks and Compliance is a member of the GEODIS Management Board and reports directly to the Chief Executive Offi cer. She keeps the Management Board regularly informed of the progress of her activities to ensure that it has all the support it needs for its decision-making. With the exception of Internal Audit, which is centralized, each department has a central team and a network of correspondents in all the regions and lines of business to ensure the overall consistency of the compliance program and to match it to the appropriate level of the organization. Ethics and Compliance The mission of the Group’s Ethics and Compliance Department is to manage any risk of violation of the rules applicable to anti-corruption, competition law, personal data protection, customs and export control, as set out in the relevant laws and regulations, as well as in the Group’s Code of Ethics. It is also tasked with administering the whistleblowing system, through which employees and third parties can report potential violations of laws and regulations, as well as of the Group’s Code of Ethics. The department is made up of several teams with the necessary expertise in the fi elds concerned, supported by a network of correspondents in the lines of business and the regions, providing effective support to operational staff through a dynamic approach to continuous improvement. Internal Control and Risk Management In line with international standards, GEODIS’s internal control and risk management system is based on three lines of control: functional and operational department (fi rst line), Control and Compliance Department (second line), and Internal Audit (third line). Each of these has well-defi ned roles and responsibilities in the implementation of risk management within its perimeter. In its role as a second line of defense, the Group’s Internal Control and Risk Management Department assists functional and operational departments at Group, line of business and regional level to defi ne their internal rules and procedures, enabling them to integrate relevant controls for effective risk management. It has drawn up the Book of Business Principles, which it regularly updates. This document constitutes the Group’s mandatory reference framework regarding governance rules and authorization thresholds. 26 - 2024 ACTIVITY AND SUSTAINABILITY REPORT
RkJQdWJsaXNoZXIy NzMxNTcx