3

Information about the Company | Corporate Governance |

Reports

The protection of personal data remains a major concern for Vivendi.

Accordingly, the general counsels of the various business and legal

departments within the group have been made aware of the updated

charters on data and content protection and of the Good Practices

Guidelines in respect of matters of sensitive data protection. Inspections

and audits are conducted on a regular basis to ensure that the safeguard

procedures have been properly applied.

Responsibilities and Commitments of each Business Unit’s

General Management

Every six months, the Chairman and Chief Financial Officer of each

business unit signs a representation letter certifying compliance with

internal control procedures relating to the preparation of financial

statements and financial and industry-based information items, to ensure

the accuracy, integrity and reliability of financial disclosure.

At the proposal of the Audit Committee, Vivendi established a Code

of Financial Ethics. It applies to the senior executives of Vivendi SA

responsible for communications and financial and accounting reporting.

Rules on Market Ethics

Vivendi complies with the General Regulations of the AMF as well as

with the recommendations of the AFEP and MEDEF. Consequently,

purchase and sale transactions involving company securities are

prohibited during the period from the date on which a member of the

Supervisory Board or the Management Board becomes aware of precise

market information concerning the Company’s day-to-day business or

prospects which, if made public, would likely have a material impact on

the Company’s share price, up to the date on which this information is

made public. In addition, such transactions are prohibited for 30 calendar

days preceding and including the day of publication of the Company’s

quarterly, half-yearly and annual financial statements. The Company

prepares and distributes a summary schedule setting out the periods

during which transactions involving Company shares are prohibited

(“blackout periods”). Pursuant to the AFEP/MEDEF Code, hedging

transactions of any kind on the Company’s securities following the

exercise of stock options are prohibited.

Blackout periods are the subject of individual reminders sent via e-mail

whenever necessary including before each identified Financial Reporting

period.

Delegation of Powers

The delegation of operational powers, whether on a single occasion

or on a recurring basis, is one of the responsibilities of the General

Management of Vivendi and of the General Management of each of its

business units. These delegated powers are updated and formalized on

a regular basis in accordance with the evolving role and responsibilities

of the relevant delegate.

4.4. Risk Monitoring and Management

Vivendi’s Management Board is responsible for identifying and reviewing

measures to manage risks within business units that are likely to affect

achievement of the group’s objectives.

At the group level, risks are assessed based on a qualitative and

quantitative approach in reference to each business unit. In 2014, the

Audit and Risk Department drew up a risk mapping for each of the

group’s principal business units. For each entity, the risk mapping was

based on interviews held with 30 to 40 senior and operating managers.

These mappings were then reviewed by the business unit managers, the

Vivendi Management Board and the Statutory Auditors and presented to

the Vivendi Audit Committee on December 9, 2014.

The principal risks faced by the Company are described in Chapter 1,

Risk Factors of this Annual Report and in Chapter 4, Note 22 to the

Consolidated Financial Statements relating to market risk management

and derivative instruments.

Vivendi’s General Counsel and Company Secretary and legal department

are responsible for the prevention and management of risks relating to

ethics, competition and conflicts of interest. The management of financial

risks, including liquidity, interest and exchange rates, is carried out by

Vivendi’s Finance, Risk Management and Treasury departments through

a centralized organization at the Company’s headquarters.

Operational risks are managed by the business units, taking into account

specific aspects of their operations (e.g., regulatory risks in the Pay-TV

businesses, risks associated with infringement of intellectual property

rights in the music business and risks associated with piracy and

counterfeiting in the film and music businesses).

The policy of covering insurable risks, such as damage and operating

losses from accident and civil liability is monitored by Vivendi’s Risk

Management department in collaboration with the Finance department

and the General Counsel and Company Secretary. For a description of the

current insurance programs (see, Chapter 1 of this Annual Report).

4.4.1.

Internal Control Operations

Control operations are primarily performed by the functional and

operational management teams in accordance with existing reference

procedures.

The following bodies ensure the monitoring of internal control measures:

Audit Committee

The Audit Committee is comprised of independent members of the

Supervisory Board. Pursuant to the powers conferred upon it, the Audit

Committee prepares the decisions of the Supervisory Board and provides

recommendations or issues opinions to the Supervisory Board on a wide

range of matters. In 2014, at the proposal of its Chairman, the Audit

Committee established a multi-year program, reviewed and reinforced by

its members. This program specifically covers:

p

p

a review of the quarterly Consolidated Financial Statements

and annual financial statements of Vivendi SA, prepared by the

Management Board;

p

p

a review of impairment tests;

p

p

monitoring of the Company’s cash and any alerts as to potential

related issues;

150

Annual Report 2014