www.se.com Schneider Electric Universal Registration Document 2021 250 Chapter 3 – How we manage risk at Schneider Electric 3.3.2 Different mechanisms to identify, assess, and mitigate risks The Group recognizes that each risk nature is unique, and therefore requires a unique approach in the way it is identified, assessed, monitored, and mitigated. The figure below brings a few definitions and examples for each risk nature and shows the parameters that allow to differentiate them: Expected reward for risk and controllability. For the trend-driven risks, the objective is to reduce the business impact cost-effectively and prepare to turn a disrupted environment into opportunities. We identify, assess, and monitor the risks through frequent organization leaders and external stakeholders interviews. This is complemented with specific strategy cadences. For the event triggered risks, the objective is to reduce the risk exposure and increase the level of preparedness. Here are a few examples of the assets used to achieve this goal: crisis management and business continuity planning, strong policies and procedures adoption, and continuous risk and incidents monitoring. For management practice risks, the objective is to avoid or eliminate occurrences cost-effectively with a risk culture and compliance model embedded in Operating Divisions, strong policies and procedures adoption, and an effective set of internal controls. Figure 3: Three risk nature and their unique approaches Expected reward for risk (Value for the org. to take on risk) Controllability (Ability of org. to reduce the uncertainties creating risks) Trend driven risk Risk resulting from organizational strategic and operational choices intended to generate value Or Risk resulting from long term business, market, political and economic disruptions (e.g. sustainability as a business, economic cycles) Event triggered risk Risk originating from uncontrollable and unavoidable external factors (e.g. Cyber attacks, workplace disruptions, frauds) Management practice risk Risk resulting from day-to-day operations, behaviours and decisions from constituents (e.g. P&L management, Rewards & benefits, IT systems) Rewarded risk Unrewarded risk 3.3 Risk management mechanisms