![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0331.jpg)
REPORT OF THE CHAIRMAN OF THE BOARD OF DIRECTORS
A1
4. System of internal controls
controls and streamline access to the management information system. The main
purpose of this tool is to secure the access management process by ensuring that
user roles are defined according to best practices for the separation of duties and
by automating their management with the SAP Governance, Risk and Compliance
suite (SAP GRC).
4.2.7.
INTERNAL CONTROL STEERING AND PRACTICES
Internal control relies on all of these elements as well as on the practices of all
employees, which are themselves based on the group’s commitments (Code of
Ethics, compliance with the principles of sustainable development, etc.). “Best
practices” are identified to facilitate their dissemination and sharing so as to ensure
effective continuous improvement in matters of internal controls.
The internal control function jointly coordinated by the Internal Audit Department
and the Finance Department within the Internal Control Committee relies on a
network of internal control coordinators appointed in each of the business units,
whose main objectives are:
p
to ensure the distribution of information concerning decisions made and their
application by the entities (“top-down”); and
p
to roll up specific points requiring attention from the entities to the committee
(“bottom-up”).
The Risk and Internal Audit Department is in charge of monitoring and updating
the performance of the internal control system for the group’s governing bodies,
particularly through the self-audit exercise. In connection with this mission, it
provided support to operational management, the functional departments and
the shared service centers to strengthen existing systems by means of preventive
and corrective actions.
The person responsible for internal accounting and financial controls is tasked
more specifically with issues related to internal accounting and financial controls,
and works closely with the Risk and Internal Audit Department.
4.3.
DISSEMINATION OF INFORMATION
Bottom-up and top-down information channels have been established to
communicate relevant and reliable information in a timely manner.
p
Bottom-up information:
○
accounting and finance information is reported and processed following
specific processes and using shared tools to check and record the data (
i.e.
a single, secure software program for reporting and consolidation shared by
the entire group and supervised by the Finance Department),
○
the achievement of performance objectives by the business units and
functional departments and the execution of the transformation plans through
progress on related action plans are followed up on a monthly basis through
the Monthly Business Reviews and on a quarterly basis through the Quarterly
Business Reviews, particularly by the ExComs of the two new subgroups,
NewCo and New NP;
p
Top-down information:
○
the group’s relevant departments and entities are informed of resolutions by
the corporate decision-making bodies,
○
the group monitors laws and regulations on nuclear safety, occupational
safety, health, the environment, accounting and taxation, and disseminates this
information throughout the group as appropriate. Applicable organizational
memos, rules, standards and procedures are rolled out under an existing
standard for the organization and procedures, which is now applied in the
two subgroups (NewCo and New NP).
Communications with stakeholders are framed in plans designed to ensure and
uphold the quality of the information provided.
4.4.
MANAGING RISK AND SETTING OBJECTIVES
4.4.1.
RISK IDENTIFICATION AND MANAGEMENT
The group drew up a business risk model when it was established to take into
account the potential impact of events on the achievement of the group’s strategic
and operational objectives. AREVA’s Risk and Internal Audit Department, working
with the risk managers of the business units (which themselves have a network of
risk managers in their operating entities), carries out an annual update.
In 2016, the update was reviewed by the Risk Committee and approved by the
ExComs of both subgroups (NewCo and New NP). The business risk model was
presented to the Audit and Ethics Committee of the Board of Directors.
In particular:
p
the operational and functional management teams have approved the assessment
of risk in their operations. For example, all of the group’s entities collected,
analyzed and measured the risk factors of their respective operations. They
also prepared mitigation plans and management procedures to minimize the
risk and have designated the people in charge and the schedule for completion;
p
the members of the ExComs of the subgroups (NewCo and New NP) identified
and formalized the list of the group’s major risks and designated a “referring”
member for each of them. More specifically, this member is in charge of verifying
the existence of an appropriate action plan and reporting on its progress to the
Risk Committee, the Executive Committees and the company’s governing bodies;
p
based on this work, themain risk factors identified are described in the Reference
Document in the section on riskmanagement and insurance (see Section 4.
Risk
factors
). Matters pertaining to nuclear safety and industrial safety, which are an
absolute priority for the group, are discussed in that section;
p
in addition, in 2016, which saw significant changes in the group’s consolidation
scope and organization involving a number of entities, all of the management
and control bodies were attentive during this first period of transition to strict
compliance with applicable rules and to the proper functioning of all of the
processes that go into making the internal control system robust.
In addition, the Safety, Health, Security and Environment Department is tasked with
supervising industrial risk management and, on a practical level, working with the
2016 AREVA
REFERENCE DOCUMENT
329