Egis is an international group which, through the nature and geographic location of its activities, is liable to be exposed to numerous risks. The risk management system is integrated into the performance management system. The CEO of the Egis Group is its guarantor. He or she approves the guidelines in this field and the methodology implemented. The Risk function of the Group’s Ethics, Compliance, Risk and Performance Department is responsible for managing the risk management approach. It rolls out the methodology and updates the procedures and tools necessary for the process.

The Business Unit (BU) risk correspondents, appointed by the BU heads, lead the approach within their BU. They coordinate the process for identifying, assessing and managing risks within their scope of responsibility. They report annually on the major risks identified as well as any significant incidents. At Group level, major risks are identified as part of the processes in the performance management system by the process manager. The risks identified by the managers are consolidated in the Group’s map of major risks.

The Operational Risk Committee (ORC), which meets twice a year, is the risk governance body within the Group. It is responsible for validating the Group’s major risk mapping as well as reviewing and approving the associated action plans. Methodology for developing risk mapping The Egis group’s risk analysis methodology is in line with the best practices suggested by the recognised international reference frameworks, in line with the CDC (COSO 2 ERM and ISO 31000).

The risk mapping is reviewed each year. The risks are evaluated and prioritised according to an assessment matrix, taking into account their likelihood on the one hand and the severity of the impact on the other.