INTERNAL CONTROL POLICY

TABLE OF CONTENTS
1. Preamble ..................................................................................................................................... 1 1.1 Concept of internal control ................................................................................................ 1 1.2 Internal control at the Caisse ............................................................................................ 2 Scope .......................................................................................................................................... 3 Objectives .................................................................................................................................... 3 Internal control at the Caisse ...................................................................................................... 3 4.1 Principles........................................................................................................................... 3 4.2 Basic components ............................................................................................................. 4 4.3 Internal control hierarchy .................................................................................................. 6 4.4 Types of internal control .................................................................................................... 7 4.5 Internal control reporting ................................................................................................... 7 Responsibilities ........................................................................................................................... 8 5.1 Employees ........................................................................................................................ 8 5.2 Investment and general services groups .......................................................................... 8 5.3 Finance, Treasury and Strategic Initiatives Executive Vice-Presidency ........................... 8 5.4 Caisse senior management .............................................................................................. 8 5.5 Internal Audit ..................................................................................................................... 9

2. 3. 4.

5.

1. PREAMBLE
Section 13.8 (1) of the Act respecting the Caisse de dpt et placement du Qubec provides that the Audit Committee's functions include seeing that internal control mechanisms are put in place and ensuring that they are sufficient and effective. In addition, section 13.2 of the Act provides that the Board of Directors shall, among other things, appraise the integrity of internal controls. 1.1 Concept of internal control

In the broad sense, internal control is a comprehensive framework that aims to ensure: 1. Application of orientations set by the Board of Directors and senior management; 2. Proper functioning of the organization's internal processes and outsourced activities; 3. Sound, effective and prudent management of risks; 4. Compliance with laws and regulations; 5. Economic acquisition, efficient use and effectiveness of resources; 6. Reliable information;

Approval Date: November 24, 2006

7. Its periodic independent assessment. The internal control system plays a key role in the conduct and monitoring of an organization's various activities. It requires effective activities and integrated measures adapted to the organization. Control measures are present throughout an organization and include a range of diverse activities such as validation, authorization, audit, data reconciliation, monitoring, operational performance review and separation of duties. Still, no matter how well designed and well applied the internal control system is, it cannot provide an absolute guarantee that an organization will achieve its objectives. There are limitations inherent in any internal control. These limitations are due to many factors, including uncertainty from external sources, exercise of judgment and dysfunctions that may occur as a result of human deficiency, error or fraud. Moreover, when controls are put in place, it is necessary to take the cost-benefit ratio into account so as not to develop excessively costly internal controls, although this may mean accepting a certain level of risk. The effectiveness of an organization's internal control system is strongly influenced by the following: The environment and industry in which it operates; The quality of oversight by senior management and the Board of Directors; The accountability of persons responsible for operations; The control culture in relation to the organization's risks; Adaptation of controls to the nature, complexity and diversification of business activities; Communication between the various hierarchical levels; The scope of work by Internal Audit. 1.2 Internal control at the Caisse

The Caisse de dpt et placement du Qubec (the Caisse) has a sophisticated internal control system applied on all levels of the organization. The Internal Control Policy (the Policy) takes into account good governance practices recognized in Canada and the existing internal control system at the Caisse. The Policy constitutes an overall, non-specific reference framework for all activities and processes. In addition, various aspects of internal control are covered by policies or other specific documents, some of which are listed below: Administrative policies, including policies on travel, public relations expenses and reimbursement of expenses; Human Resources Policy, including policies on compensation;

Approval Date: November 24, 2006

 Integrated Risk Management Policy; Management Outsourcing Policy; Compliance Policy; Optimal Resource Use Plan; Information Technology Security Policy; Information Disclosure Policy; Financial Certification Policy; Internal Audit Charter.

2. SCOPE
This Policy is intended for the employees, officers and directors of the Caisse and its wholly owned subsidiaries.

3. OBJECTIVES
The Policy is intended to: Create a formal environment to oversee internal control at the Caisse and its wholly owned subsidiaries; Make officers and employees aware of the importance of sufficient and effective functioning of internal control mechanisms; Provide the Board of Directors with the assurance of the integrity of the internal controls, and the Audit Committee with the assurance of the sufficiency and effectiveness of the internal control mechanisms.

4. INTERNAL CONTROL AT THE CAISSE

4.1 Principles

The Caisse's internal control system is based on the following principles: A clear definition of responsibilities; Sufficient resources and competencies; Appropriate procedures, information systems, tools and practices; Production of relevant, reliable information that allows all to fulfill their responsibilities;

Approval Date: November 24, 2006

 Control measures proportional to the issues specific to each process and designed to reduce the risks likely to affect achievement of the organization's objectives; Existence of and compliance with policies that complement this Policy. When controls are put in place, the Caisse takes the cost-benefit ratio into account to avoid developing costly internal controls to mitigate risks deemed low. Finally, in addition to careful attention to the sufficient design of control mechanisms, the Caisse ensures they are applied effectively throughout the year. 4.2 Basic components

The basic components of the Caisses Internal Control Policy include the following: General 8. The Caisse's internal control system is adapted to the nature and volume of its operations, its size and the business risks it must assume. Investment and management decisions are made primarily in Montral, which makes it possible to quickly identify and correct weaknesses or problematic situations. 9. The Caisse's directors, officers and employees are subject to codes of ethics and professional conduct. The codes are reviewed and communicated on an annual basis. Directors as well as officers and employees make an annual declaration. 10. Employees are invited to report in confidence, and anonymously if they wish, any irregularity they witness, by using the ethics line provided by the Caisse. Management of the ethics line is handled entirely by a specialized firm that is independent of the Caisse. 11. The conditions governing the responsibilities shared by the Caisse and its depositors are stipulated in various laws and in service agreements signed between the Caisse and its depositors. 12. The Caisse's investments are made as a function of its depositors' investment policies, the investment policies of the specialized portfolios, the Integrated Risk Management Policy and the approval levels established by the Board of Directors. 13. The Caisse has human resources policies that enable it to recruit competent, honest employees and to provide ongoing training and adequate compensation to ensure their loyalty. All employees have annual objectives and twice-yearly performance evaluations based on known and applied standards. 14. The process for the award of contracts is governed by a policy whose application is checked on a quarterly basis. 15. Supplier payments and reimbursements of employee expenses are made according to known and applied standards.

Approval Date: November 24, 2006

16. In the preparation of year-end results, the Caisses information sources and return calculations are checked by independent accounting specialists in accordance with international performance presentation standards. 17. The combined financial statements, those of the specialized portfolios and those of the general fund and the individual funds are audited by the Auditor General of Qubec in accordance with accounting principles generally recognized in Canada. 18. The Information Disclosure Policy sets out the Caisse's undertaking to provide quality information and sets the applicable rules. 19. The Financial Certification Policy obliges the Caisse to maintain at all times financial internal controls and financial information disclosure controls designed to produce and communicate reliable, complete information that faithfully reflects the Caisse's financial situation in all material respects. The Caisse shall ensure that financial information is recorded, processed, checked and presented in a timely fashion. The Policy provides for an internal and external financial certification process. The Disclosure Committee reviews the financial certificates. Senior management oversight and control culture 20. The Board of Directors approves and periodically reviews the Caisses major business strategies and policies, approves the Caisses organizational structure, develops an understanding of risks, establishes acceptable risk levels, ensures senior management takes steps to identify, measure and control risks and, lastly, ensures senior management appraises the integrity and effectiveness of internal controls. 21. Senior management implements the policies adopted by the Board of Directors, develops mechanisms to identify, measure and control risks assumed by the Caisse, maintains a hierarchical structure that assigns responsibilities and clear levels of authority, establishes a sufficient internal control policy and, finally, ensures the internal control mechanisms are sufficient and effective. Risk identification and evaluation 22. The Caisse has adopted an Integrated Risk Management Policy that permits sound, prudent management of material risks and is subject to periodic revision and specific reporting to senior management and the Board of Directors. Control activities and separation of incompatible duties 23. The Caisse has put in place an internal control system with four levels that are complementary and exhaustive. The system is described in section 4.3 of the Policy. Controls are implemented at all levels of the Caisse's operations. 24. The Caisse takes care to identify duties that are incompatible or require specific monitoring to reduce the impact of the risks that may arise from them. It also ensures that deficiencies involving separation of duties are rectified.

Approval Date: November 24, 2006

Information and communication 25. The Caisse maintains an information system that allows sufficient monitoring of business strategies and objectives. 26. The Caisse relies on internal and external data to support the decision-making process adequately. The Caisse maintains controls to ensure data are relevant, reliable and accessible. Monitoring and correction of deficiencies 27. The responsibility for monitoring lies first with those who are responsible for activities, processes and systems and then with senior management and the Board of Directors. 28. Internal control effectiveness is evaluated on an ongoing basis with the following activities: Monitoring by team leaders; Monitoring by the risk management team; Monitoring by the information technology security team; Monitoring by the finance team; Meetings of the Executive Committee; Quarterly meetings of the President and Chief Executive Officer; Monitoring by the compliance team; Work by Internal Audit; Meetings of the Board of Directors and the Boards committees; Work by the Auditor General of Qubec and independent auditors.

29. Internal Audit has the necessary resources to fulfill its mandate and reports directly to the Chairman of the Audit Committee of the Board of Directors. The Audit Committee approves the three-year plan and the annual work plan, reviews the results of work and may require that any other work be carried out. Internal Audit may retain recognized independent specialists to assist with audit missions. 30. The Caisses control culture provides that significant deficiencies are communicated to the appropriate persons and corrected quickly with due regard for the costs and efforts required. Internal Audit follows up on recommendations made in the course of its work, as well as those made by the Auditor General of Qubec or other independent specialists. 4.3 Internal control hierarchy

The Caisses internal control system provides four levels of control, namely: Level 1: Control measures that are incorporated into activities, business processes and computer systems and whose ultimate responsibility rests with the first users responsible for these business processes; in addition, the administrative support

Approval Date: November 24, 2006

teams in the business units play an important role in control and monitoring as well as implementation of corrective measures; Level 2: Control functions that are independent of investment processes, including investment administration, risk management, performance measurement, corporate accounting and budget follow-up, legal affairs, financial certification and information technology security; Oversight functions, including the Board of Directors and its committees as well as the Executive Committee and its committees, Internal Audit and Compliance; External audit functions, such as those of the Auditor General of Qubec and independent accounting specialists. Monitoring by the three agencies that determine the Caisses credit ratings is also included in this level, since they can issue recommendations to avoid any lowering of ratings.

Level 3: Level 4:

4.4

Types of internal control

The Caisses internal control system includes all policies, directives, procedures, measures and tools relative to the four following types of internal control: 31. General internal controls (controls that apply to the Caisse as a whole); 32. Manual internal controls (controls specific to a business process whose application is not computerized); 33. Computerized internal controls (controls specific to a computer system); 34. The fraud prevention program (specific controls to prevent and detect fraud). 4.5 Internal control reporting

The Caisse evaluates the integrity, sufficiency and effectiveness of its internal controls through work carried out by control functions independent of the investment processes as well as monitoring functions. Numerous reports are made periodically to senior management and the Board of Directors by the various functions, including Internal Audit. In addition to the stipulations of the preceding paragraph, the Caisse carries out, pursuant to the Policy, the following reporting to assure the Board of Directors of the integrity of the internal controls, and the Audit Committee of the sufficiency and effectiveness of the internal control mechanisms: Senior management Annual self-assessment1 of the effectiveness of general internal controls (starting in 2006) Annual self-assessment of the effectiveness of the fraud prevention program (starting in 2006)
1

This exercise involves a comprehensive review of the Caisses internal control system to assess its integrity, sufficiency and effectiveness.

Approval Date: November 24, 2006

Internal Audit Annual assessment of the general control environment (starting in 2006) Annual assessment of the management of the environment of important computer systems (starting in 2006)

5. RESPONSIBILITIES
5.1 Employees

Each employee is obliged to comply with the applicable laws, regulations, policies and directives, including the Caisses Code of Ethics and Professional Conduct for Officers and Employees. 5.2 Investment and general services groups

Each unit is responsible for: Managing its activities prudently; Applying internal control measures adopted by the organization; Rapidly reporting any lack or malfunction of an internal control; Taking part in preparation of annual self-assessments of the effectiveness of the general internal controls and the fraud prevention program provided in section 4.5 of the Policy. 5.3 Finance Executive Vice-Presidency

The Finance Executive Vice-Presidency is responsible for: Administering the Policy; Preparing annual self-assessments of the effectiveness of the general internal controls and the fraud prevention program provided in section 4.5 of the Policy. 5.4 Caisse senior management

Senior management is responsible for: Maintaining an internal control environment based on adaptability, integrity, sufficiency and effectiveness; Communicating annual self-evaluations of the effectiveness of general internal controls and the fraud prevention program to the Audit Committee and the Board of Directors.

Approval Date: November 24, 2006

5.5

Internal Audit

Internal Audit is responsible for performing audit work, communicating the results of such work to senior management and the Audit Committee and following up on recommendations in accordance with the process established by the Audit Committee.

Approval Date: November 24, 2006