Areva - Reference Document 2016

A1

REPORT OF THE CHAIRMAN OF THE BOARD OF DIRECTORS

4. System of internal controls

4.2.4. INFORMATION SYSTEMS Themission of the Information Systems and Services Department (DSSI) is to ensure the availability, confidentiality and integrity of the group’s information systems. To accomplish this, it is organized to meet the following objectives: p orient the information system towards services to the group’s businesses, in alignment with the organization of the group’s processes; p standardize, streamline and consolidate the technical and functional infrastructure to ensure its performance and reliability, taking into account economic, geographic and security-related considerations. General internal control procedures The group’s internal control procedures consist of rules, directives and operating procedures defined by the governing bodies. Supplementing this, the subsidiaries and businesses have translated their internal control systems into charters and policies. The charters establish rules of governance and principles for internal controls, as follows: p the Nuclear Safety Charter spells out the group’s commitments in the field of nuclear safety and radiation protection to ensure that requirements are met throughout the facility operating period; p the Audit Charter describes the purpose, missions, roles and responsibilities and applicable procedures of the group’s internal audit; p the Network Security Charter defines the basic principles of the AREVAnet computer communication network and the rules to be followed to access various services. Policies define the operating principles and procedures that are a step above specific business procedures. The group has established the following policies in particular: p the procurement policy and guide to ethics in procurement, which together set rules, objectives and best practices in procurement and business ethics; p the payment security policy defines the group’s policy for secure payment methods and means to be used to limit the risk of fraud; p the personnel protection policy is designed to give all group employees equal protection, whether they are traveling on business or live in France or abroad; p the occupational safety and environmental policies establish rules of conduct for continuing risk reduction; p the human resources policy aims to boost the company’s collective performance by developing each individual’s skills and talents. Consistent with the principle of subsidiarity and to ensure the assimilation of these instructions, the operational departments adapt the procedures to their specific circumstances prior to implementation within their entities. Overall organization The reporting and processing of information is now organized into three operational levels –management entities (elementary level of information production), business units (performance analysis mesh) and subgroups (management mesh, notably NewCo and New NP) – in order to gradually bring roles and responsibilities within the group into alignment with the restructuring plan in progress in the French nuclear industry. 4.2.5. OPERATING PROCEDURES 4.2.5.1. 4.2.5.2. Accounting and financial reporting procedures

Instructions for consolidation are issued by the group’s Financial Management Control and Accounting Department for all half-year and annual financial statements. These instructions include: p the schedule for preparing accounting and financial information for reporting purposes; p items requiring particular attention, such as complex issues, changes in the legal environment and new internal procedures; and; p the coordinators for consolidation (at the corporate level) responsible for approving consolidation treatments for a portfolio of entities; they also perform crosscutting analyses (corresponding to the notes to the consolidated financial statements) for the entire group. The group’s Legal and Finance Department modeled the group’s principal financial processes in place and provides all players using those processes (corporate departments, subgroups and business units) with a comprehensive, up-to-date, shared documentary base enabling processes to be documented by linking them with procedures in force within the group. The modelled processes are available on a dedicated intranet space and are updated regularly to reflect changes in the organization. Implementation and control of accounting principles The reporting entities’ financial statements are prepared in accordance with the group’s accounting and financial principles. These rules apply to all entities included in the group’s consolidation scope. They include: p a glossary that defines the main headings of the financial statements and the group’s performance indicators; p applicable procedures issued by the Management and Accounting Control Department. The principles are supplemented by procedures and instructions issued and reviewed on a regular basis by the other units of the Finance Department (Financial Operations and Cash Management Department, Financial Communications Department, Tax Department), by the subgroups (NewCo and New NP), and by the business units, and include procedures and instructions dealing specifically with internal controls and fraud. The “standards and procedures” function of the Management Control and Accounting Department defines and distributes information relating to implementation of themanagement control and accounting standards, procedures, principles and rules. It also monitors changes in regulations to ensure that the financial statements are prepared in accordance with IFRS rules adopted by the European Union. SOFTWARE In addition to office automation software used by employees, the group has special software customized for the conduct of its operations. A wide variety of tools are used, including facility control systems, integrated management systems, methods and scorecards, and they contribute to the operational control of each business. The group has a single, secure reporting and consolidation tool shared throughout the group under the authority of the Finance Department. In addition, organizational notes and standards and procedures applicable to the entire group are distributed using a dedicated software application. AREVA set up a tool for all SAP core systems in the group (called the AREVA Segregation of Tasks & Roles Optimization project) to maintain the level of internal 4.2.6. p the process for validating this information; p an annotated chart of accounts; and

328

2016 AREVA REFERENCE DOCUMENT