EDF_REGISTRATION_DOCUMENT_2017

RISK FACTORS AND CONTROL FRAMEWORK Control of Group risks and activities

2.2

CONTROL OF GROUP RISKS AND ACTIVITIES

Scope With regards to the scope that is controlled (excluding regulated subsidiaries), these objectives and principles are implemented by the departments or subsidiaries managed by the members of the Executive Committee, who make sure, themselves, that they are implemented in the Divisions, operational units or subsidiaries that they control. With regards to the other subsidiaries of the Group (regulated subsidiaries and significant shareholdings), the representatives of EDF within the governing bodies make sure, for each subsidiary, that a system for controlling activities and risks is put in place, provide regular information on the map of risks, internal control and audit activities (programme and main results); they can also check the efficiency and appropriateness of each of these measures through a periodic audit. The applicable principles are nevertheless adapted for the operators of regulated network and infrastructure, to ensure compliance with obligations relative to their independence of management. The management bodies 2.2.1.2 The organisation of the Executive Management of EDF is described in section 4.3.1. Each member of the Executive Committee is responsible for implementing all actions necessary to controlling the risks within their scope. Risk Committee The Executive Committee meets regularly in the Risk Committee configuration. The Risk Committee examines the map of the Group’s risks and the appraisal of internal control activities. It identifies the priority risks for the Group, shares their strategy for mitigation with regard to the strategy of the Group and designates the members of the Executive Committee who are its sponsors. The Risk Committee also examines the audit activities (annual programme, results). The Risk Committee meets at least twice a year. The Group Executive Committee Commitments Committee To strengthen the appraisal and monitoring of projects, an Executive Committee’s Commitments Committee (1) (CECEG) thoroughly examines the most significant projects in terms of the extent of the commitments or the risks incurred before decisions are made by the Executive Committee (see section 2.2.2.2.3 “Approval of commitments”). The second line of control of risks and 2.2.1.3 activities: players and missions The second line is composed of all the support functions of the Group (Purchasing, Communication, Sustainable Development, Ethics and Compliance, Finance, Real Estate, Legal, Human Resources, Risks, Security of Assets, General Services and Information Systems). In liaison with the Operational Managers, these Departments operate a system of management and overall coordination of their functions within the Group. In particular, these support functions are responsible for organising and coordinating the implementation of Group policies. This section focuses on the support functions coordinating the specific systems for the control of risks and activities. Note: the aspects relative to the Group’s human resources, including the control of risks relative to the health and safety of employees and service providers, are detailed in section 3.6.2 of the Reference Document. Group Risk Department 2.2.1.3.1 The Group Risk Department (reporting to the General Secretary) has the following tasks: deploy the risk and internal-control policy, organise the internal control function ■ and, in particular, prepare and update the consolidated map of major risks and the assessment of the Group’s internal control (see the detailed system in section 2.2.2.1.1); alert the Chairman and CEO and the Executive Committee on emerging risks and ■ risks that have not been sufficiently observed;

The objective of this section is to focus on control procedures related to activities or risks deemed significant, and on the main long-term procedures in place in 2017, highlighting changes and key initiatives developed during 2017. These internal control and risk management procedures come within the framework defined by the corpus of Group policies put in place in 2017. They also obey the general principles set out in the AMF’s risk management and internal control reference framework (published on 22 July 2010) and they are based on the changes made to the main international reporting guidelines, in particular COSO-2013. 2.2.1 Objectives and principles of control of 2.2.1.1 the risks and activities of the Group Objectives The system for controlling the risks and activities of the Group is defined in the policy “Group functioning principles/Risk management and internal control” validated following the meeting of the Executive Committee. The objectives are as follows: identify and reinterrogate periodically the significant risks overview and ■ opportunities likely to impact the targets of the Group, in order to ensure the existence and control of existing actions plans; constantly ensure: ■ compliance with laws and regulations, ■ compliance with Group policies, ■ the correct functioning of internal processes, notably those contributing to ■ the protection of the Group’s assets, the reliability of financial information, ■ and generally the control of risks and activities of any kind. ■ Principles The fundamental principles of execution are based on the three lines of control model: first control line: each of the managers at every level, for the missions that are ■ assigned to them, is responsible for: identifying and managing the main risks related to their activities; ensuring this control for the missions that they assign to their staff; ensuring that the measures for controlling identified risks are proportionately supported; formally and regularly reporting, to their own manager, on risks identified and on control measures through self-evaluations; second control line: the support functions define common requirements for the ■ Group and supervise their control. Their contribution to controlling the activities of the Group is specified in section 2.2.1.3. Amongst them, the risk and internal-control functions organise the overall control measures and prepare reports intended for the Group’s governing bodies. The specific measures aiming to control risks and activities are detailed in section 2.2.2; third control line: the independent audit system can check the appropriateness ■ and effectiveness of the measures for managing the risks and activities of the Group’s entities; check management of the main cross-functional processes and major projects of the Group; and more generally, check the level of control of the Group’s risks. (see section 2.2.1.4). All of these measures based on the three control lines provide the managers and governing bodies of the Group with “reasonable assurance” concerning the identification and coverage of the main risks. CONTROL ENVIRONMENT

2.

The composition of the Executive Committee’s Commitments Committee is the same as that of the Executive Committee. (1)

125

EDF I Reference Document 2017