Compagnie des Alpes // 2021 Universal Registration Document

2 RISK FACTORS

Internal control procedures

2.8 Internal control procedures To constantly improve its internal control and risk management system, Compagnie des Alpes looks to the internal control and risk management procedures reference framework published by the AMF in June 2010. For this report, CDA has used the implementation guide intended for small and mid-cap companies, published in July 2010.

The AMF’s reference framework stresses that internal control and risk management procedures should be used in a complementary way to control the Company’s activities.

2.8.1 INTERNAL CONTROL PROCEDURES Internal control is a set of procedures implemented by the Group’s Executive Management, senior executives, and employees. It is designed to provide reasonable assurance that the following objectives are being met: l compliance with the current laws and regulations; l the application of the Executive Management’s instructions and guidance; l the completion and optimisation of operations, in particular those helping to protect the Group’s assets; l the reliability of financial information. Internal control is one element of the Group’s overall management system, as it helps to ensure that: l the Company’s activities are controlled, its operations are effective and its resources are used efficiently; l operational risks linked to the various operational processes, in particular risks of error or fraud, are managed. As is the case with any control system, the system the Group employs cannot provide an absolute guarantee that the risks identified have been eliminated entirely or are completely under control. It is intended to reduce the likelihood of these risks arising through the implementation of appropriate action and prevention plans. CDA Group Executive Management is responsible for implementing and monitoring the effectiveness of the internal control system. This system is tailored to the nature and scope of each of the activities and is integrated into existing processes in order to empower actors as closely as possible to the processes. It primarily consists in providing the required tools and an information-sharing platform, so that each employee is fully aware of their role in the system. An Internal Control Charter specifies the key operating principles (roles and responsibilities, governance, methodology). It is available in the Group’s reference documents. The internal control system consists of five elements: l an organisation – i.e. clearly defined responsibilities, adequate IT resources and skills based on rules and procedures; l the publication of relevant information; l a risk analysis system; l proportionate control measures; l a continuous monitoring system. Group organisation The Executive Management of the CDA Group decides on: l organisation, responsibilities and the delegation of powers and/or signing authorities; l the objectives, policies and values of the Group. The Group’s steering Committee, which is under the responsibility of the Executive Management, is based on a matrix organisation broken

down into major functional and operational departments. They are each headed by an executive member of the Executive Committee (Comex). There are 8 such departments: l three operational departments manage the implementation of Group strategy and are responsible for the achievement of commercial and financial targets, management, and human resources and risk management at all operating entities under their responsibility: l the Management of the Ski areas Division and Outdoor Activities - Winter/summer mountain areas, l the Management of the Distribution & Hospitality Division - l the Communications, Brand and Corporate Social Responsibility (CSR) Department, in charge of financial and institutional communications, as well as brand-related and CSR issues; l the Finance, Risk, IT, and Procurement Departments, which have responsibility for the Group’s financial policy, in particular the production of accounting and financial information, procurement policy, the IT master plan and risk and insurance policy; Charters are given to all employees, setting out the Group’s values: l the Corporate Governance Charter defines the areas in which Executive Management decisions are subject to prior approval by the Board of Directors, as well as the conditions for the granting of said approval. The charter also states the missions and prerogatives of the different committees of the Board of Directors, particularly the Audit and Finance Committee. The charter is available on the Group website: www.compagniedesalpes.com; l the Ethics Charter states the values and principles of the Compagnie des Alpes Group. It serves as a guide for professional behaviour, reviews the basics of investment ethics, explains the risks of conflicts of interest, and defines appropriate behaviour. It is adjusted in line with regulatory developments; l pursuant to Law No. 2016-1691 of 9 December 2016, known as the Sapin II Law, the Group has a plan for the prevention of corruption and trading in influence, including an Anti-Corruption Code of Conduct and a whistleblowing procedure; l a procedure for the prevention of fraud, money-laundering and the financing of terrorism; l a charter for the use of IT resources. Like the Ethics Charter, it is being gradually applied to all Group employees. Winter/summer mountain areas, l the Leisure parks Department; l the Information Systems and Digital Department; l the Group Legal Affairs and Compliance Department; l the Group Human Resources Department. Main Group charters

39

Compagnie des Alpes I 2021 Universal registration document