Areva - Reference Document 2016

A1

REPORT OF THE CHAIRMAN OF THE BOARD OF DIRECTORS

4. System of internal controls

relevant business units to ensure the implementation and effectiveness of action plans that aim to reduce these risks. In 2016, the industrial risks related to climate change were identified in the framework of the group’s risk assessment process. That assessment is discussed in paragraph 4.8.3 of Section 4. Risk factors of this Reference Document.

In 2016, the group’s major capital spending and commercial projects were regularly presented to the Audit and Ethics Committee by the managers in charge of them and by the Finance Department, providing an opportunity to discuss changes in the risks associated with those projects with the control bodies. SETTING OBJECTIVES In 2016, the process of setting objectives for the group was framed by the 2015- 2017 Transformation Plan currently in progress. 4.4.2.

4.5. CONTROL ACTIVITIES

The functional departments, acting on behalf of the group’s management bodies, deploy their policies and ensure their correct implementation. In particular, the Management and Accounting Control Department defines and ensures the application of management control rules, documents the accounting and financial management processes, and ensures compliance with rules on delegations of authority pertaining to financial commitments. Each operational and functional level implements appropriate control activities to regularly evaluate the level of achievement of established objectives. In particular, the budget updates and reporting documents are used to regularly and progressively compare actual results and the extent to which objectives have beenmet with those defined when the budgets were approved. By definition, each organization is responsible for its own internal controls. These controls rely on the mobilization of human, material and financial resources, the organization of those resources, the deployment of specific objectives within the organization, and the implementation of controls for prevention or detection. Preventive controls are carried out according to specific procedures, whether manual or computerized, involving approvals at appropriate levels of the In 2016, AREVA continued to take action to optimize its internal control systems. These actions were conducted under the supervision of the Chief Executive Officer and of the ExComs, and with the oversight of the Board of Directors through the Audit and Ethics Committee. The group’s Business Ethics Advisor deployed the annual compliance letter process, which applied to all executives of the subsidiaries, the business units’ senior executive vice presidents, the regional directors, and the directors of the group’s corporate functions. AREVA’s Risk and Internal Audit Department intervenes everywhere in the group and in any area relevant for internal controls. This department is under the responsibility of its director and, under the supervisory and functional authority of the Audit and Ethics Committee, carried out its activities completely independently, in compliance with the Audit Charter and the international standards of the profession. In 2016, the missions were conducted in accordance with the annual audit plan approved by the Chief Executive Officer and examined by the Audit and Ethics Committee. This department is responsible among other things for reporting to the management bodies on its assessment of compliance and the effectiveness of the internal control systems deployed throughout the group. In particular, this assessment takes into account the risks identified using the full range of the group’s

organization, among other things. Detection controls consist of after-the-fact verifications connectedwith specific supervision of the work performed and analysis of variances or anomalies. Information systems, performance indicators, etc. are used to facilitate this supervision. In addition, audit and expert bodies are charged with controlling themost significant issues in relation to the specific goals of the group and of the subgroups. In particular, as regards accounting and financial information: p each entity has set up a system of controls before transactions are recorded; p controls are carried out at the different stages of the consolidation process: ○ either automatically by the consolidation software (control of debit/credit balances, data traceability, data integrity, access control), or ○ manually by the consolidation department, financial controllers and business analysts; p the group’s Tax Department performs tax reviews of the group’smain companies. tools (business risk model, internal control self-audit tools, interviews conducted by the Audit Department with the General Inspectorate, the group’s principal top managers and the statutory auditors, etc.). The recommendations resulting from these missions give rise to performance improvement plans, which are monitored in concert with the managers involved. Lastly, as is the case each year, the Risk and Internal Audit Director presented his internal controls review report to the Chief Executive Officer and to the Audit and Ethics Committee. In addition to audits carried out under the audit plan, the group’s entities perform a self-audit of their internal controls every year following a standard questionnaire (the “Self-Audit Income”), duly approved by their operational management, which has complied since 2007 with the “Implementing guidelines for internal controls of accounting and financial information” of the frame of reference published by the AMF. The questionnaire, reviewed by the joint statutory auditors, was deployed in 2016 across the entire consolidation scope of the group, representing 92 entities in some 20 countries. By entity, it covered 200 control items organized into 14 business cycles, and urged management to commit to action plans to address the weaknesses identified.

4.6. CONTINUOUS OVERSIGHT OF THE INTERNAL CONTROL SYSTEM

330

2016 AREVA REFERENCE DOCUMENT