Universal Registration Document 2021

2.1 Gestion des risques et maîtrise des activités

This section presents the business control and risk management systems applicable to the entire Group for 2021. These systems, developed and implemented with due respect for the management independence of network infrastructure managers, are in line with the framework defined by the Group’s policies. They also comply with the general principles set out in the AMF risk management and internal control system reference framework (published on 22 July 2010). They are also based on developments in the main international reference frameworks, in particular COSO- 2013.

2.1.1 Control environment

Framework and objectives

The EDF group organises the control of activities and risks in the form of forty Group policies, validated and signed by the Executive Committee. This corpus defines all of the long-term and cross-functional requirements to be implemented in all of the Group’s entities and subsidiaries. Regular updates make it possible to adapt requirements to regulatory changes and strategic orientations. They are fully in line with the Group’s raison d’être.

The system for controlling the Group’s risks and activities, defined in the Group “Functioning Principles/Risk Management and Internal Control” policy aims to:

• identify and periodically reassess the significant risks and opportunities that may impact the Group’s targets in order to ensure the existence of relevant and effective action plans;

• constantly ensure:
  • compliance with laws and regulations, including those relating to the management independence of network infrastructure managers;
  • the smooth running of processes and projects;
  • the reliability of financial and non-financial information;
  • compliance with Group policies; and
  • the control of risks and activities of any kind.

Organisation

The organisation of EDF’s Executive Management is described in section 4.3.1.. Each member of the Executive Committee is responsible for implementing all actions necessary to controlling the risks within their scope.

The Board of Directors

In line with the strategy defined, the Board of Directors regularly examines opportunities and risks as well as the measures taken as a consequence. All of the Board’s committees contribute to ensuring the effectiveness of risk management and internal control systems.

Audit Committee

The mission of the Audit Committee is to monitor, under the responsibility of the Board of Directors, the effectiveness of the internal control, risk management and internal audit systems.

Executive Committee Commitments Committee

To strengthen the appraisal and monitoring of projects, the Group Executive Committee Commitments Committee (CECEG) thoroughly examines the most significant projects in terms of the extent of the commitments and/or the risks incurred before decisions are made by the Executive Committee (see section 2.1.3.4 “Approval of commitments”).

Risk Committee

The Executive Committee meets at least twice a year as a Risk Committee, at which time it examines in particular the mapping of Group risks, the assessment of internal control activities and audit activities (annual programme, results). It identifies the priority risks for the Group, shares the related strategy for mitigation and designates the members of the Executive Committee who are its sponsors.