Risks related to Compliance and corruption are monitored by the Groupe Compliance Department.
The risks relating to accounting information, external growth strategy, management of the liquidity position, foreign currencies and changes in the Groupe’s debt or tax position are monitored by the Finance Department, in cooperation with the Executive Management.
The risks associated with accounting and financial information are also monitored via the FMC program, managed by the Internal Audit, Risk Management and Internal Control Department.
The Group has also implemented a risk mapping approach. As a result, several risk maps have been developed and updated on a regular basis in order to provide the Groupe with an overview of the risks that may impact its finances, operations, compliance or image. Specific risk maps feed the major risk map and vice versa. They are supplemented by ad hoc risk analyses carried out at the Groupe’s request of the management. The use of a methodology common to all mappings guarantees overall consistency. Each mapping is preceded by a documentary analysis that establishes the risk universe. Then, individual or collective interviews are conducted with key employees who share their risks, their control framework and an initial estimate of the likelihood and impact based on a rating scale adapted to the Groupe and, if necessary, to the mapping exercise. The rating scale is on four levels, ranging from rare to certain for likelihood and from low to major for impact, as indicated below. Different dimensions are taken into account (image, finance, Talent, CSR, legal, etc.) and adapted to each risk map exercise. The timeframe used is as follows: short-term (one year) or medium-term (between one and five years) or long-term (beyond five years). A workshop to rate the net risks, taking into account the control framework, is then organized with the concerned internal (CSR, legal, GSO, etc.) or external stakeholders and the Secretary General.
This image represents a risk matrix that helps evaluate the severity of a risk based on two dimensions: Probability and Impact. Each risk level is color-coded based on its severity, with darker shades representing higher risk.
Probability Levels:
Rare (1) – The event is unlikely to occur
Possible (2) – The event might occur occasionally
Probable (3) – The event is likely to occur
Certain (4) – The event is expected to occur
Impact Levels:
Low (1) – Minor consequences if the event occurs
Moderate (2) – Noticeable effects, but manageable
High (3) – Significant impact on operations or objectives
Major (4) – Severe impact, possibly critical for the organization
Risk Level Interpretation:
Each cell in the matrix is the intersection of a probability level and an impact level:
Lightest color (e.g., Rare + Low) = Very low risk
Medium color (e.g., Probable + Moderate) = Moderate risk
Darkest color (e.g., Certain + Major) = Highest level of risk
This matrix is a visual tool to support decision-making in risk management by prioritizing actions on the most significant risks
This diagram represents the mapping of the Group's major risks, organized around six specific risk themes.
At the center is the Mapping of Major Group Risks
Surrounding this central element are the following risk mappings:
Corruption risk mapping
ESG risk mapping
Duty of Care mapping
Climate risk mapping
Cybersecurity risk mapping
Each type of mapping contributes to a comprehensive and integrated view of the significant risks the Group is exposed to.