2 Risk Factors And control Framework
2.1 Risk management and control of activities2.1 Risk management and control of activities
This section presents the business control and risk management systems applicable to the entire Group for 2022. These systems, developed and implemented with due respect for the management independence of network infrastructure managers, are in line with the framework defined by the Group’s policies. They also comply with the general principles set out in the AMF risk management and internal control system reference framework (published on 22 July 2010). They are also based on developments in the main international reference frameworks, in particular COSO-2013.
2.1.1 Control environment
Framework and objectives
The EDF group organises the control of activities and risks in the form of forty Group policies, validated and signed by the Executive Committee. This corpus defines all of the long-term and cross-functional requirements to be implemented in all of the Group’s entities and subsidiaries. Regular updates make it possible to adapt requirements to regulatory changes and strategic policy orientations. They are fully in line with the Group’s raison d’être.
The objectives of the system for controlling the Group’s risks and activities, defined in the Group “Functioning Principles/Risk Management and Internal Control” policy are:
- identify and periodically reassess the significant risks and opportunities likely to impact the Group’s targets, in order to ensure the existence of relevant and effective action plans;
- constantly ensure:
- compliance with laws and regulations, including those relating to the management independence of network infrastructure managers,
- the smooth running of processes and projects,
- the reliability of financial and non-financial information,
- compliance with Group policies,
- the control of risks and activities of any kind.
Organisation
The organisation of EDF’s Executive Management is described in section 4.3.1. “Members of the Executive Committee”. Each member of the Executive Committee is responsible for implementing all actions necessary for controlling the risks within their scope.
The Board of Directors
The Audit Committee reports to the Board of Directors.
The Executive Committee
The Group Executive Committee Commitments Committee and the Risk Committee report to the Executive Committee.
The Internal Audit Department and the Group Risks Department report to the Executive Committee via the General Secretary.
The Functional Departments report to the Executive Committee member to whom they report.
Board of Directors
The Board of Directors regularly examines, in connection with the strategy defined by it, opportunities and risks as well as the measures taken as a consequence.
Audit Committee
The mission of the Audit Committee is to monitor, under the responsibility of the Board of Directors, the effectiveness of the internal control, risk management and internal audit systems.
Executive Committee Commitments Committee
To improve the quality of the appraisal and monitoring of projects, the Group Executive Committee Commitments Committee (CECEG) thoroughly examines the most significant projects in terms of the extent of the commitments and/or the risks incurred before decisions are made by the Executive Committee (see section 2.1.3.4 “Approval of capital commitments”).
Risk Committee
The Executive Committee meets at least twice a year as a Risk Committee, at which time it examines in particular the mapping of Group risks, the assessment of internal control activities and audit activities (annual programme, results). It identifies the priority risks for the Group, shares the related strategy for mitigation and designates the members of the Executive Committee who are its sponsors.