PRADA S.p.A. — Governance Information 2022

Jul 28, 2022

TERMS OF REFERENCE OF

THE AUDIT AND RISK COMMITTEE

OF

PRADA S.p.A.

Approved by the Board of Directors of PRADA S.p.A. on July 28, 2022

---

Audit and Risk Committee Terms of Reference

ARTICLE 1

PURPOSE AND SCOPE

1.1 These terms of reference (the “Terms of Reference”) govern the constitution, functions and duties of the audit and risk committee of PRADA S.p.A. (the “Company”), established by the Board of Directors pursuant to article 21.7 of the Company’s By-laws (the “Audit and Risk Committee” or the “Committee”).

1.2 To the extent not expressly set out in and so far as consistent with these Terms of Reference, reference is made to the laws and the Company’s By-laws governing the operation and functions of the Board of Directors and the Rules Governing the Listing of Securities on The Stock Exchange of Hong Kong Limited (the “Listing Rules”).

ARTICLE 2

APPOINTMENT AND COMPOSITION

2.1 The members of the Audit and Risk Committee shall be appointed and replaced by resolution of the Board of Directors, which shall resolve also upon their remuneration.

2.2 The Audit and Risk Committee shall consist of a minimum of 3 (three) and a maximum of 5 (five) members, chosen among the non-executive members of the Company’s Board of Directors, the majority of whom must be independent non-executive directors, i.e., meeting the independence requirements set forth in Rule 3.13 of the Listing Rules.

2.3 The members of the Audit and Risk Committee must have adequate expertise in relation to the tasks they have to perform, and at least one of the Committee members must be an independent non-executive director with appropriate professional qualifications or accounting or related financial management expertise as required under Rule 3.10(2) of the Listing Rules. The competences of all members of the Audit and Risk Committee are assessed by the Board of Directors at the time of their appointment.

2.4 The Audit and Risk Committee shall appoint among the independent non-executive directors a chairperson (the “Chairperson”) who is responsible for coordinating and planning the activities of the Committee and conducting its meetings. A former partner of the Company’s existing auditing firm shall be prohibited from acting as a member of the Audit and Risk Committee for a period of 2 (two) years from the date of the person ceasing: (a) to be a partner of the firm; or (b) to have any financial interest in the firm, whichever is later.

2.5 The directors agree to serve as a member of the Audit and Risk Committee only if they believe they can devote sufficient time and make contributions to the Company that are commensurate with their role and board responsibilities.

2.6 If, for any reason whatsoever, including as a result of the termination of their office as a Director, one or more members of the Audit and Risk Committee cease to hold office, the Board of Directors of the Company shall replace them without delay at the first relevant meeting in accordance with the provisions set out in the preceding paragraphs. The term of office of the members of the Audit and Risk Committee appointed to replace those who have ceased to serve shall expire at the same time as that of the members in office at the time of their appointment, unless the Board of Directors determines otherwise at the time of their appointment.

---

Audit and Risk Committee Terms of Reference

2.7 Unless otherwise determined by the Board of Directors at the time of their appointment, the term of office of the members of the Audit and Risk Committee shall be the same as that of the Board of Directors to which they belong, and the early termination of as the office of any Director, for whatever reason, shall result in his/her simultaneous and automatic termination as a member of the Audit and Risk Committee.

3. ARTICLE 3

DUTIES

3.1 The Audit and Risk Committee is an advisory and proposing body with the task of supporting the Board of Directors in its assessments and decisions on the internal control and risk management system and the approval of periodic financial and non-financial (the latter, when prepared by the Company) reports.

3.2 The Committee shall perform the following functions:

(i) makes recommendations to the Board of Directors of the Company together with the Board of Statutory Auditors regarding the appointment, confirmation, revocation of the entity responsible for the statutory audit, as well as any other matter related to the granting of the mandate to said entity, its remuneration, terms of engagement, and any questions of its resignation or dismissal;

(ii) assesses and monitors the independence of the entity responsible for the statutory audit, as well as the effectiveness of its audit activities in accordance with the applicable accounting standards;

(iii) discusses and defines with the entity responsible for the statutory audit the scope and nature of the audit and financial reporting requirements before the audit commences. It acts as the key representative body for overseeing the Company's relations with the entity responsible for the statutory audit;

(iv) evaluates the advisability of appointing an external auditor to carry out control activities other than the statutory audit, defining the relevant policy, identifying the matters in respect of which this intervention is necessary and suggesting the actions to be taken. For this purpose, "external auditor" includes any entity that is under common control, ownership or management with the audit firm or any entity that a reasonable and informed third party knowing all relevant information would reasonably conclude to be part of the audit firm nationally or internationally. The Committee shall report to the Board of Directors of the Company, identifying and making recommendations on any matters where action or improvement is needed;

(v) verifies the adequacy and accuracy of the Company's financial statements and reports, in particular, the annual report and accounts, half-yearly reports and (if prepared for publication) quarterly reports and the financial reporting judgments contained in these documents, before they are submitted to the Board of Directors, with particular reference to:

(a) any changes in accounting policies and practices;

(b) major judgmental areas;

(c) significant adjustments resulting from audit;

(d) the going concern assumptions and any qualifications;

---

Audit and Risk Committee Terms of Reference

(e) compliance with accounting standards;

(f) compliance with the Listing Rules and legal requirements in relation to financial reporting;

(vi) regarding paragraph (v) above:

(a) members of the Committee should liaise with the Board of Directors and senior management of the Company and the Committee must meet, at least twice a year, with the Company’s auditors; and

(b) the Committee should consider any significant or unusual items that are, or may need to be, reflected in the financial statements and annual report and accounts, half-year report and, if prepared for publication, quarterly reports. It should give due consideration to any matters that have been raised by the Company’s staff responsible for the Accounting and Financial Reporting Department, head of the Internal Audit Department or auditors;

(vii) reviews the Company’s financial controls activity carried out by the Accounting and Financial Reporting Department, and unless expressly addressed by a separate board risk committee, or by the Board of Directors of the Company itself, to review the Company’s risk management and internal control systems;

(viii) assesses the suitability of the periodic non-financial information (if prepared by the Company), to correctly represent the Company’s business model, strategies, the impact of its activities and the performance achieved;

(ix) discusses with the Company’s management the functioning of the risk management and internal control systems, in particular with regard to the adequacy of resources, staff experience and qualifications as well as the training program of the persons responsible for drafting the financial statements and accounting records and the budget of the Company’s Accounting and Financial Reporting Department, and ensures that the management guarantee the effectiveness of the risk management and internal control systems;

(x) considers major investigation findings on risk management and internal control matters as delegated by the Board of Directors of the Company or on its own initiative and management’s response to these findings, verifies each statement relating to the risk management and internal control systems contained in the annual Directors’ Report prepared by the Company before it is submitted to the Company’s Board of Directors and analyzes any new elements or new issues relating to internal control and risk management;

(xi) monitors the independence, adequacy, effectiveness and efficiency of the Internal Audit Function and ensures that this function is provided with adequate resources and appropriate standing within the Company, as well as coordination between the Internal Audit Function and parties external to the Company that may perform audit functions;

(xii) verifies and periodically reviews the Group’s financial and accounting policies and practices;

---

Audit and Risk Committee Terms of Reference

(xiii) reviews management letters, reports and communications prepared by the entity responsible for the statutory audit and reviews any material queries raised by such entity to the management about accounting records, financial accounts or systems of control, as well as management's responses to such queries;

(xiv) assesses the findings relating to risk management, internal control and other areas that emerge from the audit reports of the Internal Audit Department, the communications of the Board of Statutory Auditors and individual members of the Board of Statutory Auditors, the reports of the Supervisory Board and the analyses and examinations carried out by third parties;

(xv) ensures that the Board of Directors responds promptly to any comments made by the entity responsible for the statutory audit in its reports or communications to the Company or the management letter issued by it;

(xvi) reports to the Board of Directors on matters relating to these Terms of Reference and the Corporate Governance Code contained in Appendix 14 of the Listing Rules;

(xvii) examines, at least annually, the work plan prepared by the head of the Internal Audit, as well as the periodic reports;

(xviii) reports to the Board of Directors, at least half-yearly, when the Annual Report and the Half-Year Report are approved, on the work carried out and on the adequacy of the risk management and internal control system;

(xix) expresses its opinion on the proposals for the appointment and revocation of the head of the Internal Audit made by the Chief Executive Officer(s), in agreement with the Chairperson, to the Board of Directors and on those relating to his remuneration, in line with the policies of the Company, as well as the allocation of adequate resources for the performance of his duties;

(xx) advises on the rules governing the transparency and substantial and procedural fairness of transactions with related parties pursuant to the Procedure for Connected Transactions;

(xxi) where deemed appropriate by the Board of Directors, express an opinion on transactions in which a Director has an interest, either directly or on behalf of a third party;

(xxii) verifies the procedures available to the Company's employees to report any concerns about possible improprieties and irregularities in financial reporting, in the internal control or in any other matters on a confidential basis. The Committee shall ensure that proper arrangements are in place for fair and independent investigation of these matters and for appropriate follow-up action;

(xxiii) ensures that procedures are in place to ensure that any confidential information reported is analyzed with independence and impartiality and that such reports are followed up appropriately;

(xxiv) supports the Board of Directors in defining the guidelines of the internal control and risk management system, so that the main risks relating to the Company and its subsidiaries are correctly identified, as well as adequately measured, managed and monitored, determining criteria for the compatibility of such risks with a sound and proper management of the business;

---

Audit and Risk Committee Terms of Reference

(xxv) supports the Board of Directors in describing, within the scope of the annual corporate governance report, the essential elements of the risk management and internal control system, as well as for the purpose of assessing its overall adequacy;

(xxvi) periodically verifies, following changes in laws and/or regulations or when it deems it necessary, the adequacy of these Terms of Reference and submits to the Board of Directors any proposals for amendments or additions;

(xxvii) considers other topics, as defined by the Board of Directors, and performs any additional duties assigned to it by the Board of Directors.

3.3 The Committee is entitled to access the information and company departments necessary for the performance of its duties, and may have access to sufficient financial resources and make use of independent external consultants at the Company's expense, within the terms and limits of the budget established for this purpose by the Board of Directors, as long as such independent external consultants are adequately bound by confidentiality. The Audit and Risk Committee shall report to the Board of Directors on any use of funds at least once a year.

3.4 The Chairperson of the Committee shall inform the Board of Directors, at the first meeting convened, on the activities carried out by the Committee. The Committee shall make available, in a timely manner, any documentation necessary to enable the Board of Directors to make informed decisions on the matters examined by the Committee.

4. ARTICLE 4 CALL OF THE MEETING, CONDUCT AND REPORTING

4.1 The Audit and Risk Committee shall meet, upon call by the Chairperson, whenever he or she deems appropriate, or when requested by at least 2 (two) members, or in accordance with the calendar of meetings of the Audit and Risk Committee established with the Company Secretary, in coordination with the meetings of the Board of Directors and the other Committees of the Company.

4.2 The notice of meeting, containing an indication of the day, time and place of the meeting and the list of topics to be discussed, should be given by the Chairperson or the Secretary to the Committee members upon request of the Chairperson, at least 3 (three) days before the date set for the meeting by e-mail or any other suitable means. In cases of urgency, the deadline may be shorter. Any documents relating to the items on the agenda shall be made available at the same time as the meeting is convened or subsequently, but in any case sufficiently in advance, except in exceptional cases or for reasons of confidentiality. A copy of the notice should be sent by the Corporate Affairs to the Chairperson of the Board of Statutory Auditors and, in the case referred to in paragraph 4.6 below, also to the Chairperson of the Board of Directors and to the Company's Chief Executive Officer(s).

4.3 Meetings of the Committee may be held in the absence of a formal notice sent in accordance with the above terms and procedures if all its members are present and no one objects to the discussion of the items on the agenda due to inadequate prior information.

4.4 Audit and Risk Committee meetings are chaired by the Chairperson, or in his/her absence or impediment, by the member chosen by those present at the beginning of the meeting, who shall direct, coordinate and moderate the discussion.

---

Audit and Risk Committee Terms of Reference

4.5 At the invitation of the Chairperson, the Company Secretary may attend meetings of the Audit and Risk Committee in order to act as secretary of those meetings. Alternatively, the Audit and Risk Committee may for one or more meetings appoint a person who is not a member of the Committee to serve as secretary (the "Secretary").

4.6 The Chairperson of the Company and the Chief Executive Officer(s) may be invited to attend meetings of the Committee, provided that they do not have any personal interest in the matters to be discussed and may not participate in voting at the Committee. The Chairperson of the Committee may, from time to time, invite any other person to the meetings of the Committee, including external parties, whose attendance may be of assistance to the best performance of the duties of the Audit and Risk Committee, provided that such external third parties respect the utmost confidentiality and privacy with reference both to the matters dealt with and to the performance of the meetings of the Audit and Risk Committee they are invited to attend. The Chairperson of the Board of Statutory Auditors (or another Statutory Auditor designated by the same) is entitled to attend the meetings of the Committee.

4.7 The Internal Audit Director reports at least annually to the Audit and Risk Committee on the activities carried out.

4.8 Meetings of the Audit and Risk Committee may also be held exclusively by means of telecommunications, provided that all the attendees can be identified and that such identification is recorded in the relevant minutes and that they are able to follow the discussion, participate in real time in the discussion of the items on the agenda, vote by open vote in the cases in which a vote is taken, and view, receive and send documents. Meetings of the Audit and Risk Committee are considered validly held even if the secretary and the Chairperson are in different places. In this case, the meeting is considered to have been held in the place where the Chairperson is based.

4.9 For meetings of the Audit and Risk Committee to be validly constituted, the absolute majority of the members in office is required. Resolutions are passed by an absolute majority of votes; in the event of a tie, the vote of the person chairing the meeting shall be decisive. Votes may not be cast by proxy and each member is entitled to one vote.

4.10 The Secretary of the Audit and Risk Committee should prepare full minutes of the meetings. Draft minutes are submitted to the Chairperson and the other members of the Audit and Risk Committee for comments within a reasonable time after the meeting is held, and the minutes are generally approved at the next meeting of the Committee. The Chairperson of the meeting and the Secretary sign the minutes of the meetings which are kept by the Secretary in chronological order. Final versions of minutes of the meetings should be sent to all members of the Committee for their records within a reasonable time after the meeting.

4.11 The Committee shall promptly exchange with the Board of Statutory Auditors any information relevant to the performance of their respective duties.

4.12 The Committee meets at least twice a year in the attendance of the entity in charge of auditing the Company's accounts.

---

Audit and Risk Committee Terms of Reference

5. ARTICLE 5

FINAL PROVISIONS

5.1 These Terms of Reference are available to the members of the Board of Directors and the Board of Statutory Auditors at the registered office of the Company and at the place where the Audit and Risk Committee is convened and published on the website of the Company and the Hong Kong Stock Exchange.

5.2 Any amendments to these Terms of Reference must be approved by the Board of Directors of the Company.