Risk identification | Risk management procedures |
---|---|
Risk identification
|
Risk management procedures
In 2023, VINCI continued the rollout of its overall IT security policy, under the impetus of the Executive Committee member serving as the Group’s cybersecurity coordinator. In order to raise the Group’s level of security, VINCI’s Chief Information Security Officer (CISO) introduced a transformation plan called CyberShields for the 2022-2024 period, which has four main focus areas:
The principal activities carried out were as follows:
|
Risk identification | Risk management procedures |
---|---|
Risk identification
Fraud: intentional act by an employee or a third party aimed at embezzling Group assets The systems of a group as decentralised and diversified as VINCI are exposed to the risk of both internal and external fraud, especially as regards payment systems. Attempts at fraud generally target the individuals involved in external payment processes. Possible consequences:
|
Risk management procedures
External fraud prevention involves several Finance Department, Security Department and Information Systems Department units. The core system includes reporting via an online platform (with a link on VINCI’s intranet), enabling central services to react immediately and facilitating analysis of fraud attempts. The fraud prevention instructions available on the Group’s intranet specify correct conduct in the event fraud is suspected, guidelines concerning means of payment and awareness-raising measures to be taken in regard to the key personnel faced with this kind of situation. Specific information and recommendations are regularly distributed to CFOs and anti-fraud coordinators.Internal fraud prevention is based on VINCI’s Code of Ethics and Conduct as well as on specific training or awareness initiatives. It is described in paragraph 2.4, “Business ethics”, of chapter E, “Workforce-related, social and environmental information”, pages 219 to 221. The procedure entitled “Preventing and combating fraud at VINCI SA” published on the Group’s intranet covers internal and external fraud and lists the Group personnel involved in combating fraud. It also provides an overview of all systems implemented to prevent and combat fraud effectively. |
The Group’s workforce-related and social risks are set out in full in section 4 of chapter E, “Workforce-related, social and environmental information”, which reports on the duty of vigilance plan (see page 260). The information provided in this section includes both the impact that VINCI’s activities can have on workforce-related and social issues and, vice versa, the potential effects of those issues on the Group.
Group companies are subject to risks related to the working conditions of their employees. They must also deal with the significant impact they have on stakeholders and communities in the regions where they are active. These workforce-related and social risks are taken into account at every project stage and are analysed far upstream so as to identify local issues and the expectations of stakeholders, including employees and their representatives. Appropriate measures are implemented as a result of this analysis. Similar analyses are carried out regularly throughout the life of each project.