EDF / 2020 Universal Registration Document

2 RISK FACTORS AND CONTROL FRAMEWORK Risk management and control of activities

Section 2.1 “Risk management and control of activities” describes the risk and activity control systems that apply to the entire Group. Section 2.2 “Risks to which the Group is exposed” describes the most significant risks the Group believes it is exposed to, bearing in mind the Group’ s specific characteristics.

Risk management and control of activities 2.1 This section presents the business control and risk management systems applicable to the entire Group for 2020. These systems, developed and implemented with due respect for the management independence of network infrastructure managers, are in line with the framework defined by the Group’s policies. They also comply with the general principles set out in the AMF risk management and internal control reference framework (published on 22 July 2010). They are also based on developments in the main international reference frameworks, in particular COSO-2013.

constantly ensure: ● compliance with laws and regulations, including those relating to the ❯ management independence of network infrastructure managers, the smooth running of processes and projects; ❯ the reliability of financial and non-financial information; ❯ compliance with Group policies; ❯ and the control of risks and activities of any kind. ❯ Principles of execution The fundamental principles of execution are based on the three lines of control model: 1st line of control: each manager at all levels is responsible for: identifying and controlling the main risks related to their activities, ensuring this control for the missions that they themselves have entrusted to their employees, to ensure that the control systems are appropriate and proportionate to the risks identified, and to report on them formally and regularly to their own manager through self-assessments; 2nd control line: the support functions define common requirements for the Group and supervise their control. Their contribution to the control of the Group’s activities is set out in section 2.1.2. Amongst them, the risk and internal-control functions organise the overall control measures and prepare reports intended for the Group’s governing bodies; 3rd control line: the independent audit system can check the appropriateness and effectiveness of the measures for managing the risks and activities of the Group’s entities, check management of the main cross-functional processes and major projects of the Group, and more generally, check the level of control of the Group’s risks (see section 2.1.3). All of these measures based on the three control lines provide the managers and governing bodies of the Group with “reasonable assurance” concerning the identification and coverage of the main risks.

Control environment 2.1.1 Framework: Group policy corpus

Since 2017, the EDF group has organised the control of activities and risks around the Group policies, validated and signed by the Executive Committee. This corpus defines all of the sustainable and cross-functional requirements to be implemented in all of the Group’s entities and subsidiaries. Regular updates make it possible to adapt requirements to regulatory changes and strategic orientations. A review of Group policies with regard to the raison d’être was undertaken in 2020. Control system objectives The system for controlling the risks and activities of the Group, defined in the “Functioning principles/Risk management and internal control” policy aims to: identify and periodically reassess the significant risks and opportunities likely to ● impact the targets of the Group, in order to ensure the existence and control of relevant and effective action plans;

* Group policies, implemented by the functional departments of the second line of control, cover the following areas: procurement and contract management, communication – institutional relations – partnerships, sustainable development, ethics and compliance, finance and markets, crisis management and business continuity, data management, real estate, legal affairs, project management, human resources, internal control, general services, safety and security of assets, information systems.

98

www.edf.fr

EDF - UNIVERSAL REGISTRATION DOCUMENT 2020