HERMÈS - 2020 Universal registration document

RISKS AND CONTROL RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

The internal control managers are involved in the self-assessment, and subsidiaries to the questionnaires with its own assessment when are in charge of monitoring the action plans. The audit and risk performing audits. It ensures that the controls have been correctly management department checks and compares the responses given by undertaken, and that corrective action plans have been implemented.

Internal control system monitoring

The monitoring system includes three levels of controls:

LEVEL 3

Carried out by the audit and risk management department Assessment of the functioning of the system and contribution to its improvement

PERIODIC INSPECTION PERMANENT CONTROL

Carried out by internal controllers or cross-functional departments LEVEL 2 Regular verification through sampling

4

Carried out by operational staff LEVEL 1 Daily checks of activities

Crisis management

Regular reviews are carried out by internal controllers at a local level and are supplemented by the audit and risk management department depending on the issues at stake in each entity. The network of internal control managers is responsible for ensuring that the principal risks related to distribution and production operations, as well as to support functions, are covered by suitable controls, notably regarding the security and traceability of assets. This network has become denser and now covers the main entities. As part of its role as coordinator for the network of internal control managers, the audit and risk management department is involved in their appointment, reviews subsidiaries’ annual plans, disseminates best practices, notably through a collaborative corporate information-sharing platform, identifies internal control priorities, and encourages the sharing of experiences between all members of the network. It also publishes a quarterly newsletter. Audit assignments represent the third level of control. They are explained in section 4.3.5 “Internal audit system” below. In 2020, working groups were created to strengthen the procedures most affected by lockdown: remote sales and e-commerce.

Since 28 February 2020, in response to the health crisis linked to Covid-19, a monitoring unit has been set up to coordinate the necessary actions within the Group and the exchange of information. Committees by type of activity and geographical area were regularly organised to maintain close contact with the entities throughout the Group and address operational issues relating to employee protection, business continuity and adaptation of the internal control system. The crisis unit comprised members of the audit and risk management department, the group safety department and the group human resources department, including in particular the directors of internal communication and labour relations. This crisis unit reports to the executive committee, via the executive vice-president of governance and organisational development, on matters requiring a collective decision. Throughout 2020, the unit remained committed to assisting the subsidiaries meet their needs, reported during the various meetings or directly via a dedicated “Covid watch” email address.

2020 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

349