Orano - Annual Activity Report 2024 64 3 RISKS, CONTROL AND DUTY OF VIGILANCE PLAN Internal control system Its activity is organized around an audit plan which takes into account in particular the risks identified by all group systems (risk mapping, internal control self-assessment tools, interviews carried out by the Risk, Compliance and Internal Audit Department with the members of the Executive Committee and “top managers” related to the risks, as well as with the Statutory Auditors). The recommendations resulting from its work lead to progress plans, which are monitored in consultation with the managers concerned. In this way the Internal Audit division contributes to the continuous improvement of the internal control system. Each year, the Risk, Compliance and Internal Audit Director presents his report on internal control and the department’s activities of the Internal Audit division to the Chief Executive Officer, to the Executive Committee and to the Audit and Ethics Committee. Anti-fraud and anti-corruption system In recent years, the risk of fraud has changed dramatically, with the surge in fraud by identity theft, and heightened use of “social engineering” with attempts at intrusion and data theft. Aware of this risk, which is increasing thanks to the inventiveness of fraudsters and the increasing digitization of financial transactions in particular, Orano has rolled out actions group-wide to reduce the risk of fraud, as well as a corruption prevention program. The group is thus rolling out a comprehensive corruption and influence peddling prevention program in accordance with the Sapin II law and its eight pillars, as well as with international standards. This is regularly updated, in particular by adjusting internal procedures according to the new risks identified and is the subject of awareness-raising and training campaigns. Each individual person, unit and department is obliged to report all attempted fraud or evidence of fraud to the Finance Department and the Protection Department, so that lessons can be learned from the situations encountered. The fraud scenarios suggested by these events or any others of which the group becomes aware, especially through communications from government agencies and other stakeholders, are also taken into consideration. When necessary, the existing procedures are amended to reflect the corrective measures identified in these events, which are then shared across the group, particularly with the employees most exposed to the risk. These procedures and alerts are the basis of the anti-fraud system.
RkJQdWJsaXNoZXIy NzMxNTcx