www.se.com Schneider Electric Universal Registration Document 2021 244 Chapter 3 – How we manage risk at Schneider Electric 3.1 Definition and objectives of internal control and risk management 3.1.1 Definition and objectives The Group’s internal control and risk management systems focus on: • protecting the Group’s value, assets, and reputation; • identifying and measuring the major risks to which the Group is exposed; • anticipating and foreseeing changes in these risks; and • implementing risk prevention and transfer measures. The Group’s risk management systems are designed to ensure: • Risks are properly and timely identified, assessed, and prioritized; • Risks and vulnerabilities are properly monitored; • Risks are efficiently mitigated. The Group’s internal control procedures are designed to ensure: • compliance with laws and regulations; • application of instructions and guidelines issued by Group Senior Management; • the proper functioning of the Company’s internal processes; • the reliability of financial reporting; and • more generally, internal control helps the Group manage its businesses, run efficient operations, and use its resources efficiently. 3.1.2 Scope of this report The system is designed to cover the Group, defined as the Schneider Electric SE parent company and the subsidiaries over which it exercises exclusive control. Acquired companies are integrated progressively into the internal control and risk management systems. 3.2 Organization and Management 3.2.1 Group values Resilience as a top value Schneider Electric has placed significant importance on resilience within the values and principles which guide and inspire its actions and, in particular, its business practice. Indeed, resilience is one of the fundamental elements of sustainable growth and belongs directly to the Group’s Sustainability value. All Group entities, along the three lines of defense described hereafter, are encouraged to: • Develop a culture promoting resilience for the Group; • Raise resilience awareness and best practices, within their scope of work; • Implement initiatives aimed at increasing the Group resilience, by decreasing the risk exposure and/or increasing its level of preparedness. Hybrid risk management model Schneider Electric uses a hybrid risk management model. It means that there are Central functions and experts in charge of setting risk management mechanisms, establishing policies, and other activities, but that the ownership of the risks belongs to the Business Units and Operating Divisions who are responsible for deploying the central framework to manage their risks. The section hereafter (3.2.2) goes over our three lines of defense and gives more detail about our hybrid risk management model.