MAROC_TELECOM_REGISTRATION_DOCUMENT_2017

2

GENERAL INFORMATION ABOUT THE COMPANY Information about the Company and corporate governance

– accounting policies and methods, and consolidation scope; – the Company’s off-balance-sheet risks and commitments; – monitoring of the Company’s insurance policies; – procedures for the selection of the Statutory auditors, formulation of an opinion on the fees requested for the performance of their audit duties, and the monitoring of compliance with the rules guaranteeing auditor independence; and – any issues that the committee believes might pose risks or serious procedural problems for the Company.

INTERNAL AUDIT The internal control procedures established within Maroc Telecom Group have the following objectives: – to ensure that management conduct, business transactions, and employee behavior are consistent with the operational guidelines set by the management bodies, and that they comply with applicable laws and regulations; and – to ascertain that the accounting, financial and management information provided to the Company’s management bodies presents fairly the Company’s operations and financial position. One of the objectives of the internal control system is to prevent or mitigate risks arising both from the Company’s business affairs and from error and fraud, particularly in the areas of finance and accounting. As is the case for all audit systems, there is no guarantee that such risks will be fully eliminated.

Maroc Telecom risk control is performed using the three control lines model:

Control line

Entity

Role

First control line

Operational Management

Implements the Company’s strategy and the resources necessary to control its activities Ensure the management of risks, internal control andbcompliance Provides independent assurance and assessment

Second control line

Risk Management and other support functions (IT,bHR, Legal, Finance, Management Control, etc.) Internal Audit (General Control Department)

Third control line

To perform its task of assessing and validating the Company’s internal control systems, the Audit Committee is supported by the Internal Audit and Inspection Departments. It defines the action plan for the Internal Audit and Inspection Departments and analyzes their findings. The average attendance rate among Audit Committee members at meetings held in 2017 was 88%. INTERNAL AUDIT, RISK MANAGEMENT & INSPECTION Internal audit Maroc Telecom’s Internal Audit Department (Operational Audit and Financial Audit) reports to the General Control Department. It is an independent function that has direct access to the Audit Committee. The Internal Audit Department is governed by a charter approved by the Audit Committee. The role of the Internal Audit Department is to provide the Company with an analysis of the level of risk of its operations and tomonitor the quality of internal control at each level of the Company’s organization. The Internal Audit Department helps the Company to achieve its objectives by assessing procedures for risk management, control and corporate governance. The effectiveness of the internal control process is assessed by the Internal Audit Department, according to an annual audit plan approved by the Audit Committee. Summaries of the comments and recommendations formulated by the Internal Audit Department are provided to the Audit Committee. The audit plan is defined according to an analysis of the business risks, which include financial risks, IT risks, and risks specific to the operational units of the Group. Tomeet this twofold objective, the Internal Audit Department has two divisions, each of which has the following complementary functions: – financial audit (8 auditors at Decemberb31, 2017), for processes with an accounting and financial impact;

– operational audit (12 auditors at Decemberb31, 2017), for matters regarding operational units (Retail branches, technical centers, stores, regions, etc.). Operational audits consist of analyzing procedures for the management of resources, networks and customer services. The annual audit plan consists of a program of engagements whose implementation is entrusted to the Internal Audit Department. These engagements have the following main objectives: – to verify the existence and adequacy of controls in the areas of finance, data processing, and operations, to ensure that the main risks have been identified and are suitably covered; – to review the robustness of financial information, including controls relating to security of the communication, storage and backup of information; – to review the operational units and systems to ensure adequacy in respect of policies, procedures, and legal and regulatory requirements; – to review the means for safeguarding assets and for advising management as to the efficiency and effectiveness of the utilization of resources; – to ensure that recommendations have been carried out during follow-up engagements. The Internal Audit Department (Operational Audit and Financial Audit) communicates and coordinates with the Company’s external auditors tomaximize the effectiveness of the audit scope of coverage. Internal audits performed in 2017 involved the main items of the balance sheet and income statement, i.e., revenues, assets, inventories, and liquidity, as well as other key corporate processes. Risk Management In a context marked by tougher competition, growing regulatory pressure, and strong environmental concerns, risk management is an essential management concern.

56

MAROC TELECOM ____ 2017 Registration Document