HERMÈS - 2020 Universal registration document

RISKS AND CONTROL RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

INTERNAL CONTROL SYSTEM

4.3.4

Set up in 2004, the mapping initiative has been rolled out to the main entities, as well as on cross-functional subjects, under the supervision of the audit and risk management department. The methodology applied is regularly updated and enables a precise assessment of the risks specific to the Group. These mappings serve to identify, evaluate and systematically rank the main risks. They represent a lever for performance improvement, as they contribute to the protection of company value and assets. These are effective management tools that provide a comprehensive and shared vision of the risks and define operational action plans and responsibilities of stakeholders. The risk mappings are updated periodically by each company under the supervision of the audit and risk management department. Each year, between five and 10 risk mappings are carried out at the level of the distribution subsidiaries, métiers or cross-functional areas in the Group. The internal control managers within the entities are the local relays for the mapping initiative. They participate in the initial risk analysis, while updating and monitoring the action plans. The consolidated risk mapping is prepared every three years. The risk mappings of subsidiaries, métiers and cross-functional areas, as well as individual assessments by Executive Committee members, feed into it. This mapping is the subject of a specific Executive Committee workshop. It is also shared with the Audit and Risk Committee. The Group risk mapping is also used as a starting point for the audit and risk awareness-raising campaigns for the functions most exposed to the s risk of fraud are conducted on a regular basis. Awareness-raising, identified as an effective fraud prevention tool, is rolled out and adapted to the types of fraud (risk of system intrusion, “CEO fraud”, etc.). Security reports are regularly submitted to the Group Safety Committee, as well as to the Audit and Risk Management Committee. An ad hoc security system has also been introduced and is monitored by the Group safety department; a new corruption risk mapping was drawn up in 2020 with the help of s a specialist external firm and with the collaboration of the legal compliance department, which is responsible for its management, as described in section 2.8.2.3.1. The audit and risk management department is also able to modify its work programme and carry out ad hoc assignments in order to deal with new risks, particularly in the event of an alert issued by a Group division. Cross-functional audits can thus be carried out. Finally, an IT platform for the sharing of incidents not only enables assessment of changes in certain risks, but also early detection of any signs indicating a potential weakness. This is a preventive tool that allows for the constant improvement of the control system, corresponding as closely as possible to actual conditions. An analysis of the incidents reported by the subsidiaries and métiers is carried out several times a year by the audit and risk management department and is communicated to the Group’s internal controllers and departments, including statistics relating to incidents during the period and a reminder of the Group’s procedures and related best practices. management department’s audit plan. In the areas of fraud and corruption:

GENERAL ORGANISATION

4.3.4.1

Internal control objectives

Internal control systems rely on ongoing, recurring actions that are integrated into the Company’s operating processes. They apply to all functions and processes, including those associated with the production of financial and accounting information. The Hermès internal control objectives include: compliance with laws and regulations; s proper observance of instructions and strategy directions given by the s Group Management; operating efficiency of the Company’s internal procedures, particularly s those that help to protect its assets, as well as the safety and security of property and persons; the reliability of financial information and, in general, the internal s control system enables the Company to maintain control over its activities, to enhance the efficiency of its operations and to optimise the use of its resources. The Company’s management is organised into an Executive Committee and several specialised committees, and ensures that strategic directions are followed consistently and information is disseminated effectively. Detailed organisational charts and memoranda outlining strategic directions give staff members a thorough understanding of their role in the organisation and a way to periodically evaluate their performance by comparing it with targets. The Group’s organisation is based on an approach designed to foster a high level of accountability among local managers, whose duties and responsibilities are clearly defined. Regarding human resources processes, Hermès has established hiring, training and skills development programmes designed to enable each individual to perform their current and future duties effectively. Within Hermès International, the finance department has primary responsibility for the preparation and control of financial information (see below). Hermès uses effective IT tools tailored to its requirements in preparing and controlling information. Integrated applications are used to centralise data reported to Hermès International by the subsidiaries, for accounts consolidation and for cash management. Managers have access to data generated by the management systems on a weekly and monthly basis, giving them the information they need to manage business operations effectively, to monitor performance consistently, and to identify any irregularities. Organisation Information systems

4

2020 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

347