1 102 Table of Contents 104 206

EXMAR report 2023

Internal control can be defined as a system developed and implemented by management, which contributes to managing the activities of the Company, its efficient functioning and the efficient use of its resources, appropriate to the objectives, the size and the complexity of its activities. Risk management can be defined as a structured, consistent and continuous process aimed at identifying, assessing, deciding on responses to and reporting on the opportunities and threats that may affect the achievement of the Company's objectives. Risks, as described in more detail in the ‘Risk Factors’ section below, are all compiled in the risk register and include the key strategic, operational and financial risks to the Company. The Board of Directors, Audit and Risk Committee, Executive Committee and all employees with managerial responsibilities are responsible to control the risks. The Executive Committee is responsible for the day-to-day management and policies of EXMAR and the EXMAR group. The Executive Committee meets on a regular basis. The CEO is the chairman of the Executive Committee. The Executive Committee develops, maintains and ongoingly improves (with the support of external advisers) adequate internal control and risk management procedures (i) to offer a reasonable assurance concerning the realization of goals, the reliability of the financial information and the observance of applicable laws and regulations and (ii) to enable the execution of internal control and risk management procedures. The quality of the internal control and risk management is assessed during the course of the financial year and by the execution of internal audits for the identified potential risks. The conclusions are shared and validated with the Audit and Risk Committee. EXMAR has established an internal audit function for the purpose of reviewing and analyzing strategic, operational and financial risks, to conduct specific assignments in accordance with the annual internal audit plan and to report and discuss the findings with the Audit and Risk Committee. The scope of internal audit is both on operations and on internal control over financial reporting. The Internal Audit function is outsourced to a qualified service provider (EY). The EY Internal Audit Manager reports both to the CFO and to the Audit and Risk Committee “Windmill with Sailing Boat and Church” KMSKA Photographer: Dominique Provost CORPORATE GOVERNANCE STATEMENT 103

RkJQdWJsaXNoZXIy NzgyMw==