Orano - Annual Activity Report 2024 62 3 RISKS, CONTROL AND DUTY OF VIGILANCE PLAN Internal control system 3.1 Internal control system Internal control, described below, is the responsibility of group Executive Management. It concerns every employee in the group and applies to Orano as parent company and to all of the companies it controls, regardless of their legal form. 3.1.1 Commitments of the Orano group The Code of ethics and business conduct (“Code of Ethics”), published on the Orano group’s website, lists the commitments of the group in terms of, inter alia, safety, security, compliance and quality risks: “As a responsible company, our actions are governed by two priority principles: ● compliance with the most demanding requirements commensurate with the challenges in terms of safety and security in the conduct of our activities, as well as the protection of health and the environment; ● compliance with the strictest standards of integrity and a commitment to fighting against corruption, fraud and anticompetitive practices without compromise. At the heart of Orano’s purpose is the preservation of the climate, resources and health, which are fundamental issues. To this end, the group intends to use and develop all know-how in the transformation and control of nuclear materials, today and tomorrow. It is the responsibility of each and every one of us, both managers and employees, across all entities of the group, as well as those of our industrial and commercial partners, to ensure that these values are properly disseminated and that our principles are respected.” 3.1.2 Internal control objectives The Orano group’s internal control system is consistent with the commitments made as to the conduct of its business, particularly those written into its Code of Ethics, the demanding requirements in terms of safety and security, and compliance with the regulations applicable to activities. The internal control system helps to manage risks and operations. In particular, it aims to ensure: ● compliance with the applicable regulations; ● the implementation of instructions and directions set by management bodies; ● the proper functioning of the group’s internal processes, in particular those contributing to the protection of its assets; and ● the reliability and quality of the financial and operational information produced and communicated. Nonetheless, however well designed and applied they may be, the internal control mechanisms can only provide a reasonable assurance that the aforementioned objectives will be attained. In the “internal control reference framework” of the Autorité des marchés financiers (AMF, the French financial markets authority) to which the group refers (guidelines based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO)), the internal control system is characterized by: ● an organization with a clear definition of responsibilities, sufficient resources and expertise, and appropriate information systems, procedures, tools and practices; ● the internal distribution of relevant and reliable information, enabling each person to carry out his or her duties; ● a risk identification, analysis and management system; ● control activities designed to reduce these risks; and ● continuous oversight of the internal control system. The group has formalized the key controls to be implemented by all the entities to address the risks identified concerning 25 operating and financial processes. These standards are communicated to all employees. The group has adopted a policy whereby all group entities conduct their own assessment of their level of internal control using a selfassessment questionnaire based on the group’s internal control standards. This questionnaire, used by all entities, includes 197 control points, broken down into 17 cycles: ● 4 operational cycles, including one on product quality and another on end-of-lifecycle obligations; ● 1 cycle related to compliance and ethics; ● 1 cycle related to information systems; ● 3 cycles related to offers/sales, purchasing, legal and R&D/ intellectual property processes; and ● 8 cycles related to financial processes and human resources. All of these cycles are covered every two years, alternately. This system, which is reviewed by the joint Statutory Auditors, allows each group entity to compare its own practices with best practices applicable in the area and with the group’s expectations for controls identified as critical, and thereby improve its internal control. Management of the entities in question must then commit to action plans to address the weaknesses identified. Each year, the group’s audit plan includes a review of selfassessments to check their accuracy on a sampling basis, and monitors the progress of the entities’ action plans. The main points are summarized in the Internal Audit division’s activity report on internal control prepared by the Risk, Compliance and Internal Audit Department on the review of internal control.
RkJQdWJsaXNoZXIy NzMxNTcx