The second line consists of all the Group’s support functions. In particular, these support functions are responsible for leading and coordinating the implementation of Group policies for which they are responsible.
The Group risk map includes:
These risks are laid out in §2.2 “Risks to which the Group is exposed”. In addition, some risks are set out in detail in chapter 3, in particular risks related to climate and environmental issues, the duty of vigilance and personal health and safety.
On the basis of the risk maps and activity control reports drawn up by the Group’s entities (1st line of control), supplemented by cross-reviews with the 2nd line of control and with the Internal Audit Department, the EDF group’s Risk Management Department draws up a consolidated map of its major risks, including an overall assessment of internal control, and provides Management and the governance bodies with a consolidated, prioritised and regularly updated view of the major risks and their level of control. These documents are validated by the Risk Committee and are presented to the Board of Directors after examination by the Audit Committee.
The Group’s audit unit is composed of all of the Group’s audit resources exercising an internal audit activity. Pursuant to a decision of the Chairman & Chief Executive Officer, this unit is led by the Group Audit Director. It includes the Internal Audit Department (“IAD”, reporting to the General Secretary) and audit teams specific to each of the main French and foreign subsidiaries. The relationship between the IAD and Enedis audit teams, as well as their respective prerogatives, have been defined to ensure compliance with the principle of management independence. The IAD carries out functional supervision of the unit (co-appointment and co-evaluation of the subsidiaries’ Audit Directors by the IAD – excluding Enedis –, sharing best practices, training, sharing tools and methods, etc.). At the end of 2021, the Group audit unit consisted of 70 FTE employees.
The IAD applies the international standards defined by the Institute of Internal Auditors and monitors their compliance.
The assignments, powers and responsibilities of the auditors as well as the rights and duties of the audited parties are defined in a charter that was issued in July 2019. It sets out the fundamental principles governing audits, the procedures for drawing up the programme, the types of assurance assignments entrusted to it, and the duties of the audited parties and auditors. It includes a code of ethics applicable to the entire unit. This Code has for purpose to promote an ethical culture and to remind that the auditor must respect and apply certain basic principles relevant to the profession and the conduct of internal audits.
The Internal Audit Department has direct access to the Chairman & Chief Executive Officer; it reports on assignments to the Audit Committee, which issues an opinion on the risk-based internal audit universe, reviews the performance of audits and verifies the adequacy of the workload and resources dedicated to internal audits. The IAD’s processes, from the definition of the audit programme to the monitoring of action plans, are outlined and managed.
Auditors are trained in the same methodology, in line with international standards, and are evaluated at the end of each assignment. The IAD’s processes for all activities (from the definition of the audit programme to the monitoring of action plans) are outlined and managed. The audit unit regularly submits voluntarily to evaluation by IFACI (1). The last evaluation of 2018 stated, as previously, that the audit practices complied with the international standards of the profession.
(1) Institut français de l’audit et du contrôle interne (French Institute of Audit and Internal Control).
