EDF_REGISTRATION_DOCUMENT_2017

RISK FACTORS AND CONTROL FRAMEWORK Control of Group risks and activities

The Group’s Ethics and Compliance 2.2.1.3.4 Department The Group Code of Ethics, which has been deployed since 2013, defines the rules and principles that must guide the actions and conduct of Group employees on a daily basis. It has been translated into 12 languages. Since December 2015, the Ethics and Compliance plan has been strengthened with the creation of a Group Ethics and Compliance Division (DECG) which supports the executive directors and, more generally, all employees, in setting up a Group Ethics and Compliance Programme. This programme is created to meet the requirements of national and international regulatory authorities and local practices. On 17 May 2016, the Executive Committee adopted the Group Ethics and Compliance policy (PECG), which combines the requirements that the executive directors must know, comply with and enforce within their entities, in accordance with the risks to which these entities are exposed. This document supplements the Group Code of Ethics, which is itself accompanied by instructions applicable at the scale of the Group. The Group Ethics and Compliance Division (DECG) has the task of organising and coordinating the implementation of the Group Ethics and Compliance policy. The entities of the Group are responsible and liable for the implementation of the requirements of the Group Ethics and Compliance policy and associated instructions. The system was supplemented in 2017 with the publication of the Code of Conduct, which requires all employees to comply with regulatory instructions on the main compliance subjects. Moreover, the Group Ethics and Compliance Division reports to the Group’s Executive Committee and to the Governance and Corporate Social Responsibility Committee of the Board of Directors. It responds to any internal or external consultations and any alerts at the Group level addressed to it. The Sustainable Development 2.2.1.3.5 Department The EDF group takes into account the issues relating to sustainable development and includes them in its overall strategy. The CAP 2030 strategic project aiming to make EDF “an efficient and responsible electricity producer, champion of low-carbon growth” has set new prospects for the Sustainable Development and Environmental approach of the Group, including six corporate social responsibility objectives explained in section 3.1.2 of this document. The Sustainable Development Committee (SDC) serves as the Environmental Management Board at the Group level and is in charge of coordinating the environmental management system in accordance with ISO 14001. The EDF group maintains its ISO 14001 certification obtained for the first time on 9 April 2002. The scope of certification encompasses EDF SA, several French subsidiaries (including Dalkia, Électricité de Strasbourg, EDF Énergies Nouvelles,Citelum, etc.), and a number of international subsidiaries including EDF Energy, EDF Luminus, EDF Trading, Edison. The processes implemented as part of this certification help to reinforce the control of the Group’s environmental risks, in particular with regard to regulatory aspects and environmental issues at stake by assuring its stakeholders of a structured and tailored organisation. In 2017, all of the requirements relative to sustainable development at Group level were specified in the Group Sustainable Development policy, including, in particular, the requirements related to the challenges of climate change. The Sustainable Development Department has the task of organising the management, coordination and control of this policy, for which the implementation and control are the responsibility of the divisions and entities of the Group. The Group Information Systems 2.2.1.3.6 Department Amongst its various tasks, the Group Information Systems Department controls the implementation of the Group’s Information Systems Security policy and is in charge of organising the internal control and coverage of the associated risks (see section 2.2.2.2.4). Also, the Group Information Systems Department co-organises, with the Legal Department, the Group instructions on the protection of personal data. The entities are liable for the application of this instruction pursuant to the application of the Ethics and Compliance policy of the Group.

The Security and Economic Intelligence 2.2.1.3.7 Department The organisation of security within the EDF group aims to ensure compliance with the requirements defined in the Security of Assets policy in coping with malicious acts. The Security and Economic Intelligence Department has the task of organising the management, coordination and control of this policy and in particular for preparing and providing to the entities the explanatory notes, practical guides and methodologies for applying the requirements of the policy. The 3 rd line of control, the Group’s audit 2.2.1.4 unit The Group’s Audit unit is composed of all of the audit resources of the Group exercising an internal audit activity. Pursuant to a decision of the Chairman and CEO this function is supervised by the Group Audit Director. The Group audit unit includes the Audit Department and audit teams specific to each of the main French and foreign subsidiaries. Relations between the Audit Department and the various audit teams, and their respective powers, take into account whether the teams belong to EDF SA or to regulated subsidiaries, for which the relationships are adapted to ensure compliance with the principle of independence of management. The Audit Department carries out functional supervision of the business line (co-appointment and peer assessment of Audit Directors of the subsidiaries by the Audit Department – excluding RTE and Enedis –, exchanging best practices, training, sharing tools and methods, etc.). At the end of 2017, the Group audit unit consisted of 58.5 FTE (1) Performance standards for EDF SA and the controlled subsidiaries The Audit Department applies international standards defined by the Institute of Internal Auditors, promotes these standards and monitors compliance. The missions, powers and responsibilities of the auditors as well as the rights and duties of the audited parties are set out in a charter which was updated in May 2016. This charter, signed by the Chairman and CEO reiterates the independent nature of the audit function and specifies the missions and commitments of the internal audit function, the duties and rights of the auditors and audited parties. It includes a code of ethics applicable to all the Group audit unit as a whole. This code is intended to promote a culture of ethics and serves to reiterate that the auditor must comply with and apply certain basic principles relevant to the profession and the conducting of internal audits. The Audit Department reports to the General Secretary; the Director of the Audit Department enjoys direct access to the Chairman and CEO and reports on audit works to the Audit Committee to which it provides with information necessary to determine the adequacy of the audit staff with regard to the implementation of the supervision missions it has to carry out. All of the auditors are trained in the same methodology, compliant with international standards. They are recruited from the various businesses of the Group as well as from external audit firms. The auditors are evaluated at the end of each mission. The key processes relevant to the proper functioning of the Audit Department for the entire chain of its activities (from the drafting of the audit programme up to monitoring of the implementation of recommendations) are set out and coordinated. The audit unit regularly submits voluntarily to evaluation by IFACI (2) . The last evaluation of 2014 stated, as previously, that the audit practices were compliant with the international standards of the profession. Functioning procedures The Group’s audit unit carries out complete audits of the entities of EDF SA and controlled subsidiaries. These audits include the examination of the robustness of their internal control and are carried out at a rate of three to five years according to their extent. The Audit Department carries out cross-functional corporate audits, while the Audit Departments of the subsidiaries perform audits within their scope of responsibility. The Audit Department is the sole entity empowered to carry out audits of subsidiaries for corporate-level risks. The audit programme is reviewed by the Chairman and CEO, the Risk Committee, and thereafter by the Board of Directors. It is drawn up to reflect:

2.

Full-time equivalent in 2016 at constant scope compared to end 2015. (1) Institut français de l’Audit et du Contrôle Interne (French Institute of Audit and Internal Control). (2)

127

EDF I Reference Document 2017