REPORT OF THE CHAIRMAN OF THE BOARD OF DIRECTORS

A1

4. System of internal controls

relevant business units to ensure the implementation and effectiveness of action

plans that aim to reduce these risks. In 2016, the industrial risks related to climate

change were identified in the framework of the group’s risk assessment process.

That assessment is discussed in paragraph 4.8.3 of Section 4.

Risk factors

of this

Reference Document.

In 2016, the group’s major capital spending and commercial projects were regularly

presented to the Audit and Ethics Committee by the managers in charge of them

and by the Finance Department, providing an opportunity to discuss changes in

the risks associated with those projects with the control bodies.

4.4.2.

SETTING OBJECTIVES

In 2016, the process of setting objectives for the group was framed by the 2015-

2017 Transformation Plan currently in progress.

4.5.

CONTROL ACTIVITIES

The functional departments, acting on behalf of the group’s management bodies,

deploy their policies and ensure their correct implementation. In particular, the

Management and Accounting Control Department defines and ensures the

application of management control rules, documents the accounting and financial

management processes, and ensures compliance with rules on delegations of

authority pertaining to financial commitments.

Each operational and functional level implements appropriate control activities to

regularly evaluate the level of achievement of established objectives. In particular, the

budget updates and reporting documents are used to regularly and progressively

compare actual results and the extent to which objectives have beenmet with those

defined when the budgets were approved.

By definition, each organization is responsible for its own internal controls. These

controls rely on the mobilization of human, material and financial resources, the

organization of those resources, the deployment of specific objectives within the

organization, and the implementation of controls for prevention or detection.

Preventive controls are carried out according to specific procedures, whether

manual or computerized, involving approvals at appropriate levels of the

organization, among other things. Detection controls consist of after-the-fact

verifications connectedwith specific supervision of the work performed and analysis

of variances or anomalies. Information systems, performance indicators, etc. are

used to facilitate this supervision.

In addition, audit and expert bodies are charged with controlling themost significant

issues in relation to the specific goals of the group and of the subgroups.

In particular, as regards accounting and financial information:

p

each entity has set up a system of controls before transactions are recorded;

p

controls are carried out at the different stages of the consolidation process:

○

either automatically by the consolidation software (control of debit/credit

balances, data traceability, data integrity, access control), or

○

manually by the consolidation department, financial controllers and business

analysts;

p

the group’s Tax Department performs tax reviews of the group’smain companies.

4.6.

CONTINUOUS OVERSIGHT OF THE INTERNAL CONTROL SYSTEM

In 2016, AREVA continued to take action to optimize its internal control systems.

These actions were conducted under the supervision of the Chief Executive Officer

and of the ExComs, and with the oversight of the Board of Directors through the

Audit and Ethics Committee.

The group’s Business Ethics Advisor deployed the annual compliance letter

process, which applied to all executives of the subsidiaries, the business units’

senior executive vice presidents, the regional directors, and the directors of the

group’s corporate functions.

AREVA’s Risk and Internal Audit Department intervenes everywhere in the group and

in any area relevant for internal controls. This department is under the responsibility

of its director and, under the supervisory and functional authority of the Audit and

Ethics Committee, carried out its activities completely independently, in compliance

with the Audit Charter and the international standards of the profession.

In 2016, the missions were conducted in accordance with the annual audit plan

approved by the Chief Executive Officer and examined by the Audit and Ethics

Committee. This department is responsible among other things for reporting to

the management bodies on its assessment of compliance and the effectiveness

of the internal control systems deployed throughout the group. In particular, this

assessment takes into account the risks identified using the full range of the group’s

tools (business risk model, internal control self-audit tools, interviews conducted

by the Audit Department with the General Inspectorate, the group’s principal top

managers and the statutory auditors, etc.). The recommendations resulting from

these missions give rise to performance improvement plans, which are monitored

in concert with the managers involved.

Lastly, as is the case each year, the Risk and Internal Audit Director presented his

internal controls review report to the Chief Executive Officer and to the Audit and

Ethics Committee.

In addition to audits carried out under the audit plan, the group’s entities perform

a self-audit of their internal controls every year following a standard questionnaire

(the “Self-Audit Income”), duly approved by their operational management, which

has complied since 2007 with the “Implementing guidelines for internal controls

of accounting and financial information” of the frame of reference published by the

AMF. The questionnaire, reviewed by the joint statutory auditors, was deployed in

2016 across the entire consolidation scope of the group, representing 92 entities

in some 20 countries. By entity, it covered 200 control items organized into

14 business cycles, and urged management to commit to action plans to address

the weaknesses identified.

330

2016 AREVA

REFERENCE DOCUMENT