HERMÈS - 2019 Universal Registration Document

1

OVERVIEW OF THE GROUP RISK FACTORS

PARTIES RESPONSIBLE FOR RISK MANAGEMENT AND INTERNAL CONTROL

1.11.7.4

SUPERVISORY BOARD

GROUP MANAGEMENT

AUDIT AND RISK MANAGEMENT DEPARTMENT

AUDIT AND RISK COMMITTEE

SPECIALISED COMMITTEES

THE GROUP’S OPERATIONAL STAFF

THE NETWORK OF INTERNAL CONTROL MANAGERS

Group management The Group management designs risk management and internal control procedures commensurate with the Company’s size, business operations, geographical footprint and organisation. In addition to establishing procedures for delegating authority established at different hierarchical levels, Group management has ultimate responsibility for guaranteeing the quality and effectiveness of the risk management and internal control systems and its adequacy for meeting the Group’s strategy objectives. To this end, it is provided with audit reports and the risk mapping of subsidiaries and métiers and regularly meets with the audit and risk management department (A&RMD). It therefore oversees the system as a whole to safeguard its integrity and, where applicable, initiate any corrective measures needed to remedy any failures. Audit and Risk Committee The Audit and Risk Committee was established in 2005 within the Supervisory Board pursuant to Article L. 823-19 of the French Commercial Code ( Code de commerce ), and without prejudice to the powers of the Supervisory Board, which it does not supersede. The roles and duties of the Audit and Risk Committee were formally documented in rules of procedure drawn up by the Supervisory Board in 2010 and regularly updated. The latest version appears on pages 284 to 286. In 2017, the rules of procedure were amended, in order to incorporate the procedure for approving services other than the certification of financial statements, and submitted for the approval of Audit and Risk Committee.

Each meeting of the Audit and Risk Committee gives rise to written minutes that must be approved. At each meeting of the Supervisory Board, the Chairwoman of the Audit and Risk Committee gives the Board a report of the work of the Audit and Risk Committee. A list of the work carried by the Audit and Risk Committee in 2019 is provided on page 257. The work and functioning of the Audit and Risk Committee were assessed at the end of 2019 as part of the three-year formal self-assessment of the Supervisory Board (see pages 250 to 253). Since 2017 the updated IT risk mapping is also shared with the Audit and Risk Committee every year. Audit and risk management department The audit and risk management department reports to the Group’s Executive Vice President Compliance and Organisation Development, which guarantees its independence, and has unlimited authority to review any matter at their discretion. The A&RMD consists of a core team of experienced auditors, and runs a decentralised network of internal controllers. It performs three main roles for the Group: it performs internal audits and monitors the implementation of the s recommendations; it identifies and analyses risks; s it ensures the deployment of internal controls suited to Group s ventures.

2019 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

60