Orano - Annual Activity Report 2025 66 3 RISK CONTROL AND VIGILANCE PLAN Internal control system Its activity is organized around an audit plan which takes into account, in particular, the risks identified by all group systems (risk mapping, internal control self-assessment tools, interviews carried out by the Risk, Compliance and Internal Audit Department with the members of the executive committee and “top managers” related to the risks, as well as with the Statutory Auditors). The recommendations resulting from its work lead to progress plans, which are monitored in consultation with the managers concerned. In this way, the Internal Audit division contributes to the continuous improvement of the internal control system. Each year, the Risk, Compliance, and Internal Audit Director present his report on internal control and the department’s activities of the Internal Audit division to the Chief Executive Officer, to the executive committee, and to the audit and ethics committee. Anti-fraud and anti-corruption system In recent years, the risk of fraud has changed dramatically, with the surge in fraud by identity theft, and heightened use of “social engineering” with attempts at intrusion and data theft. Aware of this risk, which is increasing thanks to the inventiveness of fraudsters and the increasing digitization of financial transactions in particular, Orano has rolled out actions group-wide to reduce the risk of fraud, as well as two prevention programs, the first related to fraud prevention and the second to anti-corruption. The group is thus rolling out a comprehensive corruption and influence-peddling prevention program in accordance with the Sapin II law and its eight pillars, as well as with international standards. This is regularly updated, in particular by adjusting internal procedures according to the new risks identified, and is the subject of awareness-raising and training campaigns. The fraud prevention program relies on fraud risk training for finance staff, controls on the separation of duties in IT systems, second-level controls on sensitive transactions, and the group’s internal control self-assessment system. All individuals, units, and departments are required to report any attempted or actual fraud to the Finance Department and group Internal Audit, so that lessons can be learned from the situations encountered. The fraud scenarios suggested by these events or any others of which the group becomes aware, especially through communications from government agencies and other stakeholders, are also taken into consideration. When necessary, the existing procedures are amended to reflect the corrective measures identified in these events, which are then shared across the group, particularly with the employees most exposed to the risk.
RkJQdWJsaXNoZXIy NzMxNTcx