SOMFY // 2022 Annual Report

02 MANAGEMENT REPORT

RISK MANAGEMENT AND INTERNAL CONTROL

PRESENTATION OF THE RISK MANAGEMENT AND INTERNAL CONTROL SYSTEM — GOVERNANCE AND LEADING PLAYERS

The Group’s internal control and risk management system covers all the controlled companies that fall within the Group’s consolidation scope, apart from equity-accounted companies, notably Dooya, which has its own system, in which the Group is involved in particular through the creation ofa dedicated Audit Committee, presence on the DooyaBoard and support in line with needs. At Group level, the system has been developed around the three lines of defence model, ensuring the effective Division of roles and responsibilities.

The second line of defence, Functional Departments

The first line of defence, operational units

The Group’s operational units have been made aware of the need for compliance with rules and procedures in order to establish an effective first line of control. Each Group entity must implement appropriate control activities at operational level in relation to the processes that concern it, by applying the rules and guidelines developed at Group level.

Functional Departments represent an essential link in the second line of control. Each of these Departments sets out the procedures to be applied and offers their support to the Group’s entities in relation to the implementation of action plans aimed at reducing the risks identified. The second line of control also includes the Risk Management & Compliance and Internal Control functions, specifically responsible for leading an overall Group approach in order to ensure all risks are properly identified and addressed.

18

SOMFY – ANNUAL REPORT 2022