Universal Registration Document 2021

3. Non-financial performance

3.9.4 Methodology regarding Group risk mapping

The process for identifying and prioritising risks used to develop the Vigilance Plan is based on two complementary approaches: Group risk mapping, which includes several risks related to the duty of vigilance, and additional risk mapping, specifically focused on the entities most exposed because of their activity and/or their location.

Under the Group approach described in section 2.1 “Risk management and control of activities”, each Group entity conducts a risk mapping exercise, under the responsibility of management, using a risk typology designed to cover all categories of risk, whether internal or external, operational or strategic, to which the Group is exposed.

It is made up of 5 successive steps: Risk identification, risk assessment, prioritisation, control through the definition of an action plan, managing the action plan which includes monitoring the action plan’s deployment, and measuring its effectiveness.

Risk identification

In order to reasonably ensure that the main risks are being identified, a separate approach for each business process and each asset is combined with a separate approach for each major risk type. In addition, feedback, events, incidents, and near-misses are taken into consideration as a source of risk identification, as well as the results of audits. The identification of risks is the result of a discussion between the main actors: Managers, experts and stakeholders.

Risk assessment and prioritisation

The identified risks are qualitatively prioritised according to:

  • their impact, i.e. their potential criticality, assessed using multiple criteria, including the assessment of the impact on the physical or human environment;
  • their probability of occurrence, i.e. its degree of likelihood evaluated over a relevant time horizon, estimated on the basis of the history of the activity, feedback, or internal or external expertise;
  • their level of risk control, i.e. the efficiency of the actions implemented. The main purpose of the general risk mapping exercise is to define and implement action plans (prevention, protection, mitigation etc.) to reduce the impact of the risks and/or risk probability.
Group risk governance

The EDF group’s risk map is based on the entities’ risk maps, internal control self-assessments, and cross-analyses of feedback from operational and functional entities.

The Group Risk Management Department identifies and assesses Group-level risks and draws up a Group risk map, which is validated by the Risk Committee chaired by the Group’s Chairman and then presented to the Board of Directors’ Audit Committee.

How Group risk assessment shaped the Vigilance Plan in 2021

Through this approach, the main risks presented in section 2.2 “Risks to which the Group is exposed” have been identified, at the level of the EDF group.

Several of these risks are of strategic importance for the Vigilance Plan:

  • ethics or compliance risk (see section 2.2 – 1D “Ethics or compliance violations”): since 2019, this risk has included a “duty-of-care” component, implementing a Group action programme and requiring Group entities to report back on their own action in this;
  • adaptation to climate change – physical risks and transition risks (3B): this risk specifically includes a component focused on the impact of the Group’s operations on the climate (see section 3.1.3.2.3 “Scenario-based approach to verify corporate resilience”);
  • industrial safety violations and impact on environmental assets including biodiversity (4G), with a special focus on nuclear safety (5C) and hydropower safety (4E);
  • management of large and complex industrial projects (including EPR projects) (4A): this risk includes a component relating to the potential impact of projects on human rights, the environment and health and safety;
  • operational continuity of supply chains and contractual relationships (4B): this risk specifically includes vigilance-based measures during the contractualisation and contract monitoring stages.

The risks specific to the Duty of Vigilance are detailed by area in section 3.9.6 “Salient risks and risk prevention and mitigation measures”.

3.9.5 Major improvements of the EDF group’s vigilance plan in 2021

Early in 2021, an inventory, review, and diagnosis of the Group’s internal processes was carried out in order to measure the Vigilance Plan’s efficiency and how far its deployment had progressed. Several projects and actions were initiated as part of a continuous improvement process:

Creation, promotion and publication of a set of Duty-of-Care standards

In March 2021, EDF drew up a set of guidelines listing the commitments of the Group (EDF and its controlled subsidiaries) and the fundamental requirements for its business relationships in terms of human rights and fundamental freedoms, environmental protection, protection of personal health and safety and business ethics.

The Group has summarised its duty-of-care commitments in these standards, and spells out its requirements for its partners, financiers, suppliers, and subcontractors.

This document, submitted to the members of the CDRS (1) (see section 3.9.2 “Governance, steering and stakeholder involvement”), was signed by the Chairman of the EDF group. It is available in French and English on edf.fr website (https://www.edf.fr/sites/default/files/contrib/groupe-edf/engagements/2021/rse/edfgroup_rse_referentiel-ddv-2021_fr.pdf).

Better integration of the Duty of Vigilance into the investment process

Consideration of the Duty of Vigilance and the associated Group standards is included in each analysis of projects presented to the Commitments Committee of the Group Executive Committee (CECEG). In concrete terms, this takes the form of identifying the risks associated with the projects, both for the activities developed and for the supplier relationships envisaged within the framework of the project (see section 3.9.6 “Salient risks and risk prevention and mitigation measures – Global actions to prevent and mitigate risks relating to the Duty of Vigilance”).

This identification will be facilitated by the construction of a grid, to be made available in 2021, which will allow for an analysis of projects that are consistent with the Group’s raison d’être, CSR commitments, and guidelines, as well as with international standards. This grid takes into account environmental, health and safety, human rights, and ethical dimensions.

Reliability of country risk analysis

The Group has developed an in-house country profiling tool to assess a country’s context in terms of risks related to the duty of vigilance. It gathers the values of eight indicators (such as the Gender Gap Index or the Children’s Rights in the Workplace Index) for more than 180 countries covering the three Duty-of-Carethemes (Human Rights, Environment, Health and Safety) as well as the country’s socio-economic situation.

To complete this tool, the Group has also subscribed to Verisk Maplecroft® to have access to 13 human rights indices in order to refine and specify the human rights risks that the Group could face in the countries where it operates, purchases and develops.

(1) Committee for Dialogue on Social Responsibility (CDRS).