Control and risk committee Appointment and Activities Performed by the Control and Risk Committee The Control and Risk Committee in charge comprised of three non-executive Directors, including two independent Directors: Fabio Gallia (independent with the role of Chairman), Paolo Di Benedetto (independent) and Béatrice Bigois, who will remain in office until the natural end of their terms as Directors, and therefore until the Shareholders’ Meeting called upon to approve the 2024 financial statements. The committee was appointed by the Board of Directors on March 31, 2022 at the proposal of the Chairman of the Board of Directors, who also decided, compared to the previous term, to reduce the number of members from four to three. The composition of the committee in office complies with the Code’s requirement that it be composed of only non-executive Directors, the majority of whom are independent, and that it be chaired by an independent Director other than the Chairman of the Board of Directors. The Board considered, having taken into account the experience of the members who were appointed, that the committee as a whole has adequate expertise in the business sectors in which Edison operates, functional to assess the relative risks, and that the recommendation that at least one of the members have adequate experience in accounting and finance or risk management was also observed. Attribution and operation of the Control and Risk Committee The Control and Risk Committee is made up of three non-executive Directors, the majority of whom are independent, and who collectively possess adequate expertise in the areas of activity in which Edison operates, in order to assess the relative risks, and, on the part of at least one member, adequate knowledge and experience in accounting and finance or risk management. The Chairman is appointed by the Board of Directors; otherwise, he is appointed by the committee itself. In any event, the Chairman is chosen from amongst the independent Directors who are members of the committee. The Control and Risk Committee plays an investigative and propositional role vis-à-vis the Board of Directors with regard to the internal control and risk management system and periodic financial and non-financial information. During 2021, when the Board of Directors adopted the Guidelines of Operation, it reformulated the Committee’s functions and attributions to comply with the recommendations set forth in the Code, as specified below. As regards the internal control and risk management system, it performs the following activities: a) supporting the Board of Directors in defining the guidelines of the system; b) examining and assessing the main risks, as well as the relative action plans aimed at mitigating them and, particularly with reference to the financial risks connected with commodities trading, the relative limits; c) reviewing the results of the Enterprise Risk Management process; d) supporting the Board of Directors in the review and assessment of the adequacy, effective operation and effectiveness of the internal control and risk management system of the Company and the Group with respect to the characteristics of the Company and the Group and the risk profile assumed, relying on the contribution of the Manager of the Internal Auditing Function; e) at the request of the Board of Directors or the Chief Executive Officer, providing opinions concerning specific aspects of the internal control system and the mapping and management of the main risks; f) supporting, with adequate investigative activity, the assessment and decisions of the Board of Directors regarding the management of risks deriving from prejudicial events of which it has become aware; g) proposing and/or assessing the appropriate initiatives with regard to any problems and critical issues that emerge in the context of the activities carried out by the Chief Executive Officer or of which he/she has become aware; h) reviewing and evaluating the Audit Plan, after analysis of the underlying assumptions, training criteria and the commitments of the activities laid out for such Audit Plan; with the right to ask the Internal Auditing Function to perform audits on specific operating areas, notifying the Chief Executive Officer and/or the Chairman of the Board of Directors, as well as the Chairman of the Board of Statutory Auditors; i) reviewing the periodic reports of the Manager of the Internal Auditing Function and the main results of the audits performed; j) reviewing and evaluating the progress status of the Audit Plan, its major findings, the relative action plans and the follow-up process; k) monitoring the independence, adequacy, effectiveness and efficiency of the Internal Auditing Function; l) expressing an opinion on the appointment and removal of the Manager of the Internal Auditing Function and on the adequacy of the financial resources assigned for the performance of the relative duties; m) examining and assessing the guidelines and methods for evaluating the internal control system, as well as the specific procedure governing information flows and the relative self-assessment activities. With regard to financial reporting, it supports the Board of Directors by carrying out the following activities, also on the basis of the information regularly provided by the Corporate Accounting Documents Officer and the Independent Auditors: a) assessing the suitability of periodic financial information to fairly represent the Company’s business model, strategies, the impact of its activities and its performance; b) examining and assessing, together with the Corporate Accounting Documents Officer and having consulted the Independent Auditors and the Board of Statutory Auditors, the proper use of the accounting standards and their uniformity for the purpose of drawing up the interim and annual consolidated financial reports as well as the Company’s separate financial statements; verifying their adequacy with regard to the activities carried out by the Company and the Group and examining any changes and their impact on the financial statements; c) examining and assessing the process of preparing the financial statements and financial reporting; in particular, changes in the scope of consolidation and their effect on the financial statements; d) examining and assessing the accounting of major corporate transactions particularly with reference to their effects on the financial statements; e) examining and evaluating specific accounting transactions or more complex or nonrecurring transactions, as well as transactions that incorporate significant estimates, particularly with reference to the impairment of goodwill. In the area of non-financial reporting, it supports the Board of Directors by performing the following activities: a) assessing the suitability of periodic non-financial reporting to correctly represent the Company’s business model, strategies, the impact of its activities and its performance; b) reviewing the content of periodic non-financial reporting relevant for the purposes of the internal control and risk management system; c) supervising sustainability issues related to the performance of the Company’s activities and the dynamics of its interaction with all stakeholders. Overall: a) reporting to the Board of Directors at least every six months, when the annual and semiannual financial reports are approved, on the activities carried out and on the adequacy of the internal control and risk management system; b) reviewing and assessing the regulatory compliance models developed and any updates; c) carrying out all other tasks assigned to it by the Board of Directors. For the meetings of the Committee to be valid, the presence of the majority of its members is required. Resolutions are taken by an absolute majority. At the Committee Chairman’s invitation, committee meetings are attended on a regular basis by the Chairman of the Board of Statutory Auditors or other Statutory Auditors, so as to ensure the delivery to this entity of the flow of information and reporting recommended by the Code, as well as the Independent Auditors. The following parties are also regularly invited and therefore attend committee meetings for their entire duration: the Chief Financial Officer, also in his capacity as the Corporate Accounting Documents Officer, the General Counsel, the Secretary to the Board of Directors, the Risk Officer and the manager of Accounting & Tax, also in his capacity as the Corporate Accounting Documents Officer. In any event, other Directors, experts, and, after informing the Chief Executive Officer, managers and employees, may be invited to attend by the Committee Chairman from time to time, in a merely advisory capacity. The Independent Auditors reports to the Control and Risk Committee at least twice a year on the activities carried out and the results of the audit process with respect to the semi-annual and annual financial reports. In performing its functions, the Control and Risk Committee has the possibility of accessing the information necessary for the performance of its duties and relying on the competent company departments. Even though the Board of Directors did not approve a specific budget, the committee is provided on an ongoing basis with the financial resources it needs to perform the tasks assigned to it. The Internal Auditing Department provides the committee with support in organising its activities. The Manager of the Department is the Committee Secretary and is responsible, among other things, for systematically taking minutes at its meetings. The Committee is required to meet at least four times a year. The Committee Chairman coordinates the work of the committee and at the first Board meeting held after each committee meeting, communicates to the Board of the Directors the resolutions adopted, which may take the form of a proposal to the Board with regard to issues within its jurisdiction. The Committee Chairman also provides the Chairman of the Board of Directors and/or the Chief Executive Officer with recommendations about items that should be included in the agenda of Board meetings. The Committee Chairman, with the support of the Secretary, ensures that the documentation on the items on the agenda contains adequate and complete information on the issues to be discussed and is sent at least two days before the date of the meeting. In its assessment of the overall adequacy of the internal control and risk management system, the Committee refers to the principles set out in the document “Guidelines for the internal control and risk management system” (approved by the Board of Directors), which also governs the process for preparing the report and its presentation to the Board of Directors.