www.se.com Schneider Electric Universal Registration Document 2021 246 Chapter 3 – How we manage risk at Schneider Electric 3 rd line of defense: Internal audit In accordance with professional standards governing this activity, the internal audit independently assesses the effectiveness of internal control and risk management procedures given that, irrespective of how well they are implemented and how strictly they are deployed, these procedures can only provide reasonable assurance – and not an absolute guarantee – against all risks. A more robust description on the Group internal audit is presented in section 3.2.3, hereafter. 3.2.3 Governing bodies The Group’s corporate governance bodies supervise the development of internal control and risk management systems. The Audit & Risks Committee has particular responsibility for following up on the efficiency of internal control and risk management systems and reports to the Board of Directors. 3.2 Organization and Management Board of Directors Senior Management Internal Audit Operating Divisions and business units Internal Control Global Functions Audit Committee Global Finance Department The Board is informed about the efficiency of the internal control and risk management systems. Responsible for designing and leading the overall internal control system including the oversight, identification and assessment, and mitigation of risk at Group level as well as Business Unit level and across key Group functional areas. Annual internal audits and control missions. Embedding risk and control concerns. Monitoring implementation of recommendations. Within each business unit, the management team organizes control of operations, ensures that appropriate strategies are deployed to achieve objectives, and tracks business performance. Organizing and monitoring self- assessment campaigns and the implementation of set action plans. Decision-making and risk management at corporate level. Issue, adapt, and distribute policies, target procedures, and instructions to units and individuals assigned to handle specific duties. Follows-up on the efficiency of internal control and risk management systems and reports to the board thereon (see chapter 4, section 4.1.4, page 300). Organizing control and ensuring compliance with procedures.