EDF_REGISTRATION_DOCUMENT_2017

2.

RISK FACTORS AND CONTROL FRAMEWORK Control of Group risks and activities

Whenever necessary, the proposed commitments are then reviewed by the Board of Directors as described in section 4.2.2.4. “Strategic disposal projects” are investigated separately and supervised by the Disposals Committee to preserve confidentiality and responsiveness. Security of Information Systems (IS) 2.2.2.2.4 The security of information systems is governed by the Information Systems Security Policy focusing on: strengthening the involvement of managers and the protection of assets associated with the information system; management of information systems security risks; taking new regulatory obligations into account (European regulations on the protection of personal data, Law on Military Programming, etc.). The standard for the internal control of information systems is based on the external COBIT standard (Control Objectives for Information and related Technology). Internal control and cover of the risks specific to IS issues is coordinated by the Group Information Systems Department at two levels in the unit’s organisation based: on the IS Group Committee (which groups the EDF SA information systems ■ department and the CIO of the main subsidiaries) to approve the cross-functional risk mapping and control actions to be implemented; and on the Group’s Information Systems Security Managers, for the consistency, ■ coordination and monitoring of control actions following on from the various checks and audits of information systems security. The main actions implemented in matters of information systems security are: the continuation of actions to educate users and players in the information ■ system, notably in 2017 through the deployment of a new charter on the use of IT and telecoms resources; the identification and priority securing of the most critical assets; ■ the enhancement and extension of cyber surveillance capabilities by upgrading ■ the Security Operational Center (SOC); setting up Group insurance relative to cybersecurity; ■ actions to prevent, detect, monitor and react to cope with security incidents (e.g.: ■ viruses, intrusions, targeted attacks) mainly on targeting administrative data processing; performing tests on the disaster recovery plan. ■ Also note that the new IS security policy applies to all functions of the Company and to suppliers and partners. The internal control procedures relating 2.2.2.3 to reliability of financial and accounting information Reporting Guidelines 2.2.2.3.1 The internal control manual was entirely restructured in 2011 with regard to control of accounting and financial information in order to bring it into line with the AMF (French Financial Markets Authority) reference framework as revised in 2010. It was also revised in 2015 and 2016 to fit into the Group’s new internal control dynamic. The fundamentals of governance, roles and responsibilities remain unchanged. The accounting standards used by the EDF group (the scope of the consolidated financial statements are included in the notes to the consolidated financial statements (see section 6)) comply with the international standards published by the International Accounting Standards Board (“IASB”) approved by the European Union and applicable as at 31 December 2016. These international standards include the IAS (International Accounting Standards), IFRS (International Financial Reporting Standards) and the SIC and IFRIC interpretations. The accounting rules and methods are described in the Financial and Accounting Reporting policy, specified in the Group accounting principles manual and summarised in the notes to the consolidated financial statements. The measures to be taken concerning the control procedures are described in the Accounting and Financial Internal Control instruction. In particular they cover, for the management control area, the management cycle and steering – monitoring of investments – and for the accounting and tax area, the reliability of the accounting and tax information and the fight against fraud.

The Finance Management Directors of the Departments of the business lines and Subsidiaries sit on the Management Committee of the entities to which they belong. With the exception of the regulated subsidiaries, they are appointed and evaluated jointly by the operational management and the management of the Management Control function. For subsidiaries, accounting internal control policies are the responsibility of each corresponding legal structure. A network of correspondents from the operational Departments and subsidiaries facilitates dissemination of the instructions and harmonised implementation throughout the various Group entities. Procedures for preparing and controlling 2.2.2.3.2 the consolidated financial statements The consolidated financial statements are prepared by the Group Accounting and Taxation Department on the basis of the data entered locally by each entity (entities of the parent company and subsidiaries) in accordance with the Group standards and closing instructions, according to a single plan of charts. The scope of consolidation is closed after noting all companies of significance that are controlled, jointly-controlled or under significant influence. The non-significant nature of entities for which EDF holds an interest and which might fall within the scope of consolidation is examined regularly and submitted annually for the assessment of the Statutory Auditors. The half-year consolidated financial statements are presented to the Audit Committee and then approved by the Board of Directors. The annual consolidated financial statements are reviewed by the Audit Committee, then closed at 31 December of the fiscal year by the Board of Directors and lastly approved by the Shareholders' Meeting. Each annual and semi-annual results in the drawing up of instructions specifying the key deliverables expected from each stakeholder to the publication of the financial statements, the management report and the Reference Document for the annual closings. Meetings with EDF departments and the subsidiaries facilitate the preparation of these financial statements and make it possible to anticipate changes with regard to certain treatments thereby increasing the reliability of the accounting and financial information published. An analysis of the conditions of preparation (compliance with deadlines, quality of information, etc.) after the event allows for regular improvement of the consolidated financial statements preparation and analysis process. Monthly reporting of information on the balance sheet accounts and the income statement can anticipate the processing of complex operations and contribute to making the results more reliable. Forecasts and management acts are implemented using a single reference framework and tools shared between accounting and management. This system contributes to the coherence of Group management and facilitates dialogue at all levels of the organisation and helps promote exchange of information between actors and the quality of the information produced. Procedures for preparing and controlling 2.2.2.3.3 the financial statements The financial statements are prepared annually and semi-annually by the Parent company Financial Statements Department of the Accounting Consolidation Division. The annual financial statements are closed on 31 December of the fiscal year, approved by the Board of Directors of EDF and then approved by the Shareholders' Meeting. The condensed half-year financial statements are closed on 30 June of the fiscal year by the Board of Directors. EDF’s transactional accounting (excluding Nuclear Fuel Division, EDF Island Power Systems Division, Decommissioning and Waste Projects Department, and Executive Managers Department for the accounting component of payroll) is entrusted to the shared “Accounting” service centre of the Tertiary Services Department. The processing of the transactional accounting is organised by process. “Governance pacts” set the respective responsibilities of the operational Departments, the shared “Accounting” services centre or, where applicable, the accounting operators in the operational businesses and the Accounting Consolidation Division. Meetings are organised on a quarterly basis with the EDF SA departments to prepare the financial statements and anticipate changes with regard to certain treatments thereby increasing the reliability of the accounting and financial information published.

130

EDF I Reference Document 2017