EDF Energy maintains and deploys a consistent and comprehensive approach to risk management and internal controls through centrally approved policies applied in all organisational areas.
Leadership and Accountability
EDF Energy complies with applicable EDF Group wide risk management policies and decisions. Specific examples are EDF Group Counterparty Risk Management Policy and the EDF Group Corporate Energy Market Risk Policy.
EDF Energy applies a principle of subsidiarity; each Business Unit (BU) and Central Support Function (CSF) is responsible for maintaining an effective system of risk management and internal control, operating appropriate governance over this system and reporting on risk and internal control system effectiveness.
Responsibilities for operating and monitoring risk management and internal control activities are clearly documented and communicated across the company. Education and training to ensure an appropriate awareness of roles, responsibilities and accountabilities are available for employees.
Leaders demonstrate visible commitment to continuous improvement by embedding risk management and internal control standards into all business activities and reviewing the effectiveness and robustness of deployment through performance management processes.
The Audit Committee and Executive Team regularly evaluate the effectiveness of processes for identifying and managing risks to the achievement of EDF Energy objectives, and challenge and approve the EDF Energy company risk profile.
The Board of Directors (through the Audit Committee) is accountable for reviewing the effectiveness of EDF Energy’s internal control and annually provides an opinion of its quality.
Strategies, Objectives and Targets
EDF Energy strategies, objectives and targets (and the aligned BU and CSF strategies, objectives and targets) are clearly communicated and deployed and support those of EDF Group. Leaders ensure that employees understand the objectives of the key processes that they operate.
The EDF Energy Board regularly reviews and approves EDF Energy’s risk management strategy including risk mitigation strategy.
Risk Identification and Assessment
Risks to the achievement of EDF Energy strategies, objectives and targets are identified, assessed and recorded at an appropriate level, with sufficient detail, by suitably qualified and experienced people to enable EDF Energy wide oversight. The organisation considers the potential for fraud in identifying and assessing risks to the achievement of objectives.
Leaders ensure that employees understand the risks they are responsible for mitigating. Risk identification and assessment is undertaken as part of day to day activities. Company-wide risk reporting takes place at least twice yearly.
The risk response is reviewed and approved by an appropriately qualified person or body.
Develop and Implement Controls
The organisations structure and controls are appropriate and proportionate and are designed to ensure the delivery of objectives, strategies and targets.
Structures and controls are continuously reviewed to ensure that new and changing risks are adequately controlled and that any actions required e.g. control implementation, are prioritised according to the potential impact and are tracked to completion.
Monitor, Assess and Improve Controls
Leaders ensure that controls are appropriately monitored, tested, reviewed and reported on at an appropriate frequency and level. Findings are used to drive continuous improvement.
Leaders must demonstrate that controls are operating effectively and undertake Internal Controls Self Assessments (ICSA) annually as a minimum, and report on control effectiveness.
Our internal control and risk management framework therefore allows us to:
- Identify, evaluate, control and report significant risks
- Implement a comprehensive, consistent, company-wide approach to risk management
- Maintain a register detailing risks to our businesses and support functions and appropriate controls and remedial action plans; and
- Promote control of risk as a fundamental business process
Effective internal controls help us to reduce risks, improve competitiveness and comply with legal requirements. Internal control covers all systems used to provide our directors and managers with reasonable assurance concerning:
- Compliance with laws and regulations
- Compliance with management decisions and guidelines; and
- The effectiveness and efficiency of our activities and processes
The risks to the delivery of our mission and Better Energy Ambitions are categorised as follows:
- Market framework and political risks to the delivery of new low-carbon generation
- Regulatory risks and compliance with evolving regulation and legislation
- Operational risks to our day to day business operations and to the operation of our existing nuclear power stations and to the building of new nuclear power stations
- Health and Safety; and
- Risks to achieving Our Better Energy Ambitions
We believe that by controlling and managing our risks well, we can also respond to the opportunities by developing our business model to provide a low-carbon economy in the UK.