The Groupe has also introduced a risk mapping process. As a result, several risk maps have been prepared and updated on a regular basis in order to provide the Groupe with an overview of the risks that may impact its finances, operations, compliance or image. Specific risk maps feed the Groupe's major risk map and vice versa. They are supplemented by ad hoc risk analyses carried out at the request of management. The use of a methodology common to all mappings guarantees overall consistency. Each mapping is preceded by a documentary analysis that defines the risk universe. Then, individual or collective interviews are conducted with key employees who share their risks, their control framework and an initial estimate of the likelihood and impact based on a rating scale adapted to the Groupe and, if necessary, to the mapping. The rating scale is on four levels, ranging from rare to certain for likelihood and from low to major for impact. Different dimensions are taken into account (image, finance, Talent, CSR, etc.) and adapted to each risk map exercise, if necessary. A workshop to rate the net risks, taking into account the control framework, is then organized with the internal (CSR, legal, GSO, etc.) or external stakeholders concerned and the Secretary General.
This diagram shows the mapping of major Groupe risks.
- ESG risk mapping
- Corruption risk mapping
- Duty of Care mapping
- Climate risk mapping
- Cybersecurity risk mapping
In particular, for 2023, the mapping of the Groupe’s major risks, as well as the mapping of ESG risks, were updated and presented to the Strategy and Risk Committee as well as to the Audit Committee. The ESG risk mapping also covers risks presented in the Duty of Care mapping carried out in 2021. The full update of this map has been suspended pending the release of European directives. The risks identified in the ESG mapping were included in the updated implementation of the Duty of Care Plan presented to the Strategy and Risk Committee. The quantified mapping of cybersecurity risks was presented to the Risk Committee.
These mappings helped define the internal audit plan for 2024 in addition to other elements.
Thus, pursuant to article L. 225‑102‑1 of the French Commercial Code, it is stated that with regard to the Groupe’s activities, the financial risks associated with the impact of climate change have a non‑significant impact. However, the Groupe is mindful of measuring the environmental risks and finding solutions to reduce them (See Chapter 4 of the Universal Registration Document).