Airbus // Universal Registration Document 2023

4. Corporate Governance 4.1 Management and Control

All Airbus organisations, including the Divisions, subsidiaries and controlled entities, commit to and confirm the effective implementation of the ERM system. The annual “ERM Confirmation Letter” issued by each Airbus organisation serves as their formal acknowledgement of their effective implementation of the ERM system. For the main risks to which Airbus is exposed, see “Risk Factors”. 4.1.3.2 ERM Governance and Responsibility The governance structure and related responsibilities for the ERM system are as follows: – – the Board of Directors, with support of the Audit Committee, supervises the ERM system strategy and business risks and opportunities, as well as the design and effectiveness of the ERM system; – – the CEO authorises ERM reports to be escalated to the Board of Directors. The CFO is accountable for an effective ERM system and supervises the Head of ERM, the ERM system design, and process implementation; – –the Head of ERM has primary responsibility for the ERM strategy, priorities, system design, culture development and reporting tool. The Head of ERM supervises the operation of the ERM system, and is supported by a dedicated risk management organisation in the Company, focusing on the operational dimension, including early warning and anticipation culture development, while actively seeking to anticipate and proactively mitigate identified sources of risk by challenging

the business to address such potential centres of risk within the Company. The risk management organisation is structured as a cross-divisional centre of competence and works to embed proactive risk management within the Company; and – – Company management at the executive level has responsibility for the operation and monitoring of the ERM system in their respective areas of responsibility, and for the implementation of appropriate response activities aimed at reducing risks and seizing opportunities, while also considering the recommendations of the internal and external auditors. – –ERM centre of competence (CoC), based on ERM reports, ERM Confirmation Letters, in situ sessions ( e.g. risk reviews), participation in key controls ( e.g. major programme maturity gate reviews); – –ERM key performance indicators (KPIs) measuring maturity and effectiveness of the ERM process within the Company’s various programmes and functions; – – risk and opportunity in-depth analyses proposed by the ERM CoC and performed by the functions with the involvement and support of the ERM CoC; and – – Corporate Audit, based on internal Corporate Audit reports and on an annual survey of heads of programmes and functions regarding the ERM network. – – the combination of the following controls is designed to achieve reasonable internal assurance as to ERM effectiveness: 4.1.3.3 ERM Effectiveness The ERM effectiveness is analysed by:

The combination of the following controls is designed to achieve reasonable assurance about ERM effectiveness:

Organisation

Explanations

Regular monitoring The Board of Directors and the Audit Committee review, monitor and supervise the ERM system. Any material failings in, material changes to, and/or material improvements of the ERM system which are observed, made and/or planned are discussed with the Board of Directors and the Audit Committee. ERM as part of the regular divisional business reviews Results of the operational risk and opportunity management process, self-assessments and confirmation procedures that are presented by the Divisions or other Airbus organisations to top management. ERM working sessions at an executive leadership meeting twice a year. ERM confirmation letter procedure Entities and department heads that participate in the annual ERM compliance procedures must sign ERM Confirmation Letters. ERM effectiveness measurement Assess ERM effectiveness by consideration of ERM performance KPI, ERM reports, ERM Confirmation Letters, in situ sessions ( risk reviews etc.) , participation in key controls ( e.g. major programme maturity gate reviews). Audits on ERM Provide independent assurance to the Audit Committee on the effectiveness of the ERM system, conducting an annual survey. Alert system Detects deficiencies regarding conformity with applicable laws and regulations, as well as with ethical business principles.

Board of Directors / Audit Committee

Top Management

Management

ERM CoC

Corporate Audit

Ethics & Compliance

240 Airbus Annual Report

Universal Registration Document 2023