The IAD applies the international standards defined by the Institute of Internal Auditors and monitors their compliance.
The missions, powers and responsibilities of the auditors as well as the rights and duties of the audited parties are defined in a charter that was issued in July 2019. It sets out the fundamental principles governing audits, the procedures for drawing up the programme, the types of assurance assignments entrusted to it, and the duties of the audited parties and auditors. It includes a code of ethics applicable to the entire sector. This code is intended to promote a culture of ethics and serves to reiterate that the auditor must comply with and apply certain basic principles relevant to the profession and the conducting of internal audits.
The Internal Audit Department has direct access to the Chairman and Chief Executive Officer; it reports on assignments to the Audit Committee, which gives an opinion on the risk-based internal audit universe, reviews the performance of audits and verifies the adequacy of the workload and resources dedicated to internal audits.
Auditors are trained in the same methodology, in line with international standards and are evaluated at the end of each mission.
The IAD’s processes for all activities (from the definition of the audit programme to the monitoring of action plans) are outlined and steered.
The audit unit regularly submits voluntarily to evaluation by IFACI (1). The last evaluation of 2018 stated, as previously, that the audit practices were compliant with the international standards of the profession.
The Group’s audit unit conducts audits of the entities and controlled subsidiaries, Business Units, projects and cross-functional functions. These audits include a review of the robustness of internal control and are carried out every three to five years depending on their level of significance. The IAD conducts corporate cross-functional audits, whereas the Audit Departments of the subsidiaries only conduct audits within their scope. The IAD is the only entity competent to carry out audits of BUs/projects involving a corporate level risk.
The audit program is drawn up on the basis of the Group’s priority risk universe; all Group BUs, projects and processes must be audited on a regular basis.
All audits give rise to recommendations which, once validated by the audited parties and their management, become the subject of action plans drafted by the aforementioned management and audited parties. These action plans are sent for opinion to the IAD, which subsequently monitors them, starting no later than six months after the audit report is circulated.
A half-yearly summary report recaps the main findings of the corporate audit and the follow-up of action plans. The half-yearly report also presents the results of the audit programme, the satisfaction of the audited parties, the activity of the sector as well as an assessment of skills and the budget. Furthermore, it identifies any recurring or generic problems observed in several audits and which merit special attention.Finally, it provides an audit-based view of the Group’s level of risk control. This report is presented to the Chairman and Chief Executive Officer, the Executive Committee, and then to the Audit Committee and the Board of Directors.
Like all listed companies, the EDF group is subject to review by the AMF. As a company majority owned by the French State, EDF is also subject to control by theCour des Comptes (French Court of Auditors), State Controllers, the Inspectorate of Finance, Economic Affairs Committees or ad hoc Committees of inquiry of the French National Assembly and Senate.
According to law, the Statutory Auditors certify the annual financial statements(parent company and consolidated financial statements) and perform a limited review of the Group’s half-yearly condensed consolidated financial statements. Their report includes the verifications on the information on corporate governance required by theArticles L. 225-237-3 et seq. of the French Commercial Code.
In the light of its activity, EDF is also subject to control, in France, by the Energy Regulation Commission (CRE) and the French Nuclear Safety Authority (ASN).
The Group operates in a fast-changing environment that entails numerous risks of various kinds: they may be strategic or operational; some are exogenous, others are endogenous and inherent to the Group’s business lines. Their consequences may be manifold and may affect the Group’s operating results, the Group’s financial position and its ability to finance its strategy or development, affect its internal or external stakeholders or environment, or impact its reputation.
The Group describes hereinafter the specific risks to which it considers itself exposed.The principle of specificity leads us to describe in this section only those risks for which the specificity of the EDF group is a key factor. For risks that are not specific to the Group, the absence of a risk description in this section does not exclude the Group from taking the risk into account.
Risks are divided into five categories, described in sections 2.2.1 to 2.2.5respectively.
Section 2.2.1 “Market regulation, political and legal risks” describes the risks related to changes in public policy and regulation in the countries and territories where theGroup operates, as well as the legal risks to which the Group is exposed.
Section 2.2.2 “Financial and market risks” describes the risks arising from exposure to the energy markets in which the Group operates, as well as risks related to changes in the financial markets and the reliability of related information.
Section 2.2.3 “Group transformation and strategic risks” describes the risks related to the Group’s ability to adapt, particularly in terms of strategy and skills, in response to the needs for transformation brought about by climate change, new competition, and technological and societal changes.
Section 2.2.4 “Operational performance” describes the risks related to the control of the Group’s operating activities across its various industrial activities and projects, including EPR, services and sales. In particular, this section describes the risk to the Group relating to current and/or future EPR projects, which is a major risk.
Section 2.2.5 “Specific risks related to nuclear activities” supplements section 2.2.4 for the Group’s nuclear-related activities, which entails additional risk factors and special provisions, particularly in view of the primary requirements of nuclear safety and the very long-term capital-intensive nature of nuclear activity.
The risks are outlined in detail in each of the relevant sections for their respective category. They are numbered to make it easier to connect the table with the graph and the detailed descriptions that follow.
The economic disruptions caused by the Covid health crisis led to a drop in demand for electricity in 2020 and had a significant impact on many of the Group’s activities, most notably nuclear production, construction sites (construction of major projects and maintenance of nuclear power plants) and service activities. This health crisis will continue to affect the Group’s performance in 2021 and beyond. Its impact on the Group’s risks is specified in the presentation of each of the risks concerned.The main impacts are as follows:
(1) Institut français de l’audit et du contrôle interne (French Institute of Audit and Internal Control).