In July 2010, the Autorité des Marchés Financiers (AMF, the French securities regulator), published a reference framework concerning risk management and internal control systems (“Cadre de référence sur les dispositifs de gestion des risques et de contrôle interne”). The VINCI Group uses this document as the basis for its own framework.
The risk management and internal control systems play complementary roles in monitoring VINCI’s activities. They aim to identify and analyse the principal risks to which the Group’s subsidiaries are exposed and help to:
These systems, however well conceived and implemented, cannot provide an absolute guarantee that the Group will achieve its objectives.
In addition to setting up a specific system for the VINCI holding company, the Group also ensures that its business lines put in place risk management and internal control systems that are appropriate for their subsidiaries.
The scope of risk management and internal control includes fully consolidated subsidiaries.
The businesses in which VINCI operates require the personnel involved to be geographically close to customers in order to ensure the prompt delivery of solutions that are suited to their needs. To enable the manager of each business unit – of which there are around 3,200 in total in the Group – to take the required operational decisions rapidly, each business line has put in place an organisational structure suited to its activities.
In this context, the Group has delegated authority to operational and functional staff at all levels of the organisation. Delegation of authority and responsibility to these staff is carried out in compliance with the general guidelines (see paragraph 3.4.2, page 169) and the following VINCI principles of action and conduct:
VINCI’s Board of Directors is responsible for validating the Group’s strategic choices and ensuring that these choices are properly implemented while taking into account the workforce-related, social and environmental issues relating to its business activities. It also makes sure that the Group’s organisation functions properly. It carries out the controls and verifications that it believes are timely and appropriate. It considers all major matters concerning the Group’s business. In its annual management report, the Board sets out the principal risks and uncertainties the Group faces. The Board has adopted a set of internal rules that is regularly updated and has four specialised committees: the Audit Committee, the Strategy and Corporate Social Responsibility (CSR) Committee, the Remuneration Committee, and the Appointments and Corporate Governance Committee. The tasks delegated to the Audit Committee and the principal activities carried out in 2021 in this regard are presented in chapter C, “Report on corporate governance”, page 138. They take into account the recommendations of the Afep-Medef code.
The Executive Committee, composed of 11 members at 28 February 2022, is in charge of implementing the Group’s strategy, and of defining and monitoring the application of its risk management, finance, human resources, safety, information systems and insurance policies.
The holding company’s functional departments ensure that the Group’s rules and procedures as well as the decisions of VINCI’s Executive Management are correctly enforced. Furthermore, these departments advise business lines on technical matters without interfering with operational decisions, which are the responsibility of the business lines under the Group’s decentralised structure. The holding company had a staff of 336 at 31 December 2021.
To support the implementation and rollout of compliance programmes in the business lines and to ensure fair business practices, an Ethics and Vigilance Department, reporting to the Group’s Executive Management, was created in January 2018, and an Ethics and Vigilance Committee was created in March 2018. This seven-member committee includes five Executive Committee members and ensures that the compliance procedures covered by the Code of Ethics and Conduct are deployed and updated as necessary, in particular with regard to:
The committee met four times in 2021 and reports annually on its activity to the Board of Directors’ Strategy and CSR Committee. The Group’s duty of vigilance plan is presented in section 4 of chapter E, “Workforce-related, social and environmental information”, pages 233 to 258.
