Each risk is monitored by an expert coordinator tasked with defining the aim, a remediation plan and indicators. To align our action plans with reality out in the field, in 2022 we deployed a self-assessment cycle, developed in conjunction with the coordinators for each risk. Our goal: establish a shared vision for rolling out the Group’s minimum requirements and test the robustness of the risk management measures in place. The Group’s main Business Units, accounting for more than 80% of our revenue, were assessed. Tangible progress The report shows progress across all areas, and we are continuing with our consolidation efforts at each Business Unit. Enhanced support is provided by the Group’s support functions, particularly for Business Units undergoing sustained business growth or with external growth projects. In 2023, as Business Units are given more autonomy, the scope of internal management will be extended. With these new foundations, we will continue to promote an increasingly dynamic approach to risk management that is integrated into our strategy and operations. Client centric approach Reference framework: General policy Human capital Environment Health, Safety and Security (HSS) Ethics and business compliance Reference framework: 3S Reference framework:General policy Reference framework: General policy Reference framework: Ethics policy Risk of a mismatch between our clients’ needs and our service offering THEMES Client culture at the core of our practices Knowledge and anticipation of market trends Adapting our service offering Risk of a lack of key resources that we can use for our projects THEMES Anticipating needs and business skills Maintaining and developing business expertise Motivating and engaging employees Risk that our projects or sites may have negative impacts on the environment or people THEMES Compliance with regulatory requirements Robustness of projects and adaptation to climate change Limiting the carbon footprint of our sites Protecting biodiversity and natural resources Risk of accidents which might damage the mental or physical health of people under our responsibility THEMES Technical security Health and safety of our employees and partners Data protection and confidentiality Crisis management Cybersecurity Risk of unethical behaviour which can have repercussions on business, result in financial sanctions and damage the Group’s reputation THEMES Corruption Conflicts of interest Anti-competitive practices Coercive practices Fraud Cybersecurity 24 — SYSTRA — 2022 Sustainability Report