EDF_REGISTRATION_DOCUMENT_2017

RISK FACTORS AND CONTROL FRAMEWORK Control of Group risks and activities

Furthermore, these entities produce a map of risks every year based on a methodology common to the whole of the Group. The process of constructing the map of risks for the entities is based on: the principle of responsibility of management mentioned in section 2.2.1.1 ■ above, the typology of risks, for identification that is as broad as possible, ■ including internal and external risks, and operational and strategic risks, as well as opportunities, a qualitative evaluation method of the impact, the probability and the level ■ of control of each risk, the description of action plans for dealing with risks and the evaluation of ■ their effectiveness. In support of this approach, a methodological guide is available to the entities. In addition, a Risk Management Information System (SIGR) has been deployed since 2016 and was made generally available to the whole Group in 2017. Numerous discussions have taken place between the Group Risk Department and the entities, with the aim of querying the relevance of risks and the soundness of the control actions undertaken; based on these reports, the EDF group prepares the consolidated map of its ■ major risks including the overall assessment of internal control, with the aim of providing the directors and governance bodies with a consolidated, regularly updated view of major risks and the level of control (1) . These documents, prepared at the end of the year, are validated by the Risk Committee and are presented to the Board of Directors after examination by the Audit Committee. Since 2015, the Risk Committee has identified within the Group risk mapping a smaller set of “priority risks” selected as a result of their operational or strategic importance. The connection between these risks and the strategic project CAP 2030 has been given priority so that, as far as possible, risk control action plans may be included in the corresponding projects. The crisis-management and business-continuity policy defines the organisation principles for crisis management and business continuity and specifies the entire system necessary to its implementation. This policy consists in particular of: making sure of the existence of organisations for crisis management and ■ permanent systems for raising alerts; checking the existence and regular update of relevant crisis-management ■ procedures, with regard to the risks involved; defining, for periods of crisis, coordination procedures with all stakeholders; ■ ensuring feedback from crises and crisis exercises is systematically applied in ■ order to avoid or reduce the consequences of similar crises; checking the existence of business continuity plans within each entity; ■ checking the implementation of professional development actions for all players ■ in the crisis. A crisis exercise programme allows these mechanisms to be tested in terms of their effectiveness and overall consistency. Specific control systems excluding 2.2.2.2 accounting and financial information Control of energy market risks 2.2.2.2.1 Each year, the Executive Management validates the entities’ hedging strategies, as well as the associated risk limits, submitted for its approval by the Group Risk Management Department. These strategies are based on the Group’s energy markets risk policy. This policy sets out the management of these risks and specifies Crisis management and business 2.2.2.1.2 continuity

all the mechanisms necessary for its implementation and the monitoring of its enforcement. It describes: the governance and measurement system, clearly separating the risk ■ management and control responsibilities and making it possible to monitor exposure over the scope defined above; the risk control processes involving the Group’s Executive Management in the ■ event that risk limits are exceeded; a strengthened control system has been put in place for the EDF Trading subsidiary in the light of the specific nature of trading activities; the two-tiered organisation of the energy markets risk control unit, the entities ■ carrying out operational control and the Group Risk Management Department ensuring second-level control. The Audit Committee gives an opinion to the Board of Directors on the implementation of the policy and on the changes proposed by the Group Risk Department. The expectations, main provisions and procedures for implementing this policy are described in section 5.1.6. Control of financial risks 2.2.2.2.2 The policy on financing, cash and the control of financial risks requires all entities of the Group to continuously and systematically identify financial risks (in particular, liquidity, interest rates, foreign exchange and counterparty). The Group Risk Department exercises 2 nd level control of these risks via: verification that the principles of the policy have been properly applied (preparing ■ work management frameworks, methodology, monitoring exposures, regular calculation of risk indicators and checking compliance with risk limits); the control of positions in the trading room in charge of cash management. For ■ these activities, a system of indicators and risk limits checked on a daily and a weekly basis is in place. The Markets Committee (a body that brings together the Finance and Investment Department and the Group Risk Department) checks and reviews on a quarterly basis, where necessary, requests for exemptions to the work management framework and requests for investment in new financial products; The policy on the constitution, management and control of the financial risks involving dedicated assets of EDF SA applies to the portfolio of dedicated assets which are managed by the Financial Department. It was updated and approved by the Board of Directors in 2015. The Group Risks Department writes an annual risk mandate and specific working frameworks which define the principles for managing risks and the risk limits that are acceptable for this portfolio. Approval of commitments 2.2.2.2.3 The Commitments policy establishes that the Commitments Committee examines all of the commitment projects of the Group, excluding regulated subsidiaries, covering: investment, divestment, and merger and acquisition projects exceeding ■ €50 million; expenditure covering supplies, works or services of an amount exceeding ■ €200 million over the entire duration of contracts; long-term purchase or energy and emission credits and CO 2 quotas for annual ■ volumes or amounts exceeding 5TWh for electricity, 10TWh for gas and €150 million for coal, oil, emission credits and CO 2 allowances; the multiannual programme to supply back-end reactors and services of the ■ nuclear fuel cycle; The annual programmes of commitments relative to decommissioning (including ■ operations for the transfer of obligations) or those at the back-end of the nuclear fuel cycle; strategic projects likely to commit the Group over the long term through several ■ investments below amounts of €50 million each. The projects presented include an in-depth analysis of risks according to a methodological standard for the analysis of defined risks.

2.

Group risk mapping notably includes environmental risks and risks related to climate change (physical risks and transition risks). These risks are described in section 2.1 ; the (1) strategic response to the challenges of climate change is described in §3.3.

129

EDF I Reference Document 2017