HERMÈS - 2020 Universal registration document

RISKS AND CONTROL RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Audit plan

the implementation of the Group’s strategic orientations through the s consistency of the operational actions of the entities and the use of resources in relation to the actions undertaken; more generally, the likelihood, severity and level of control of risks s that could have a significant impact on the Group’s strategy. There are several types of audits including: audit of distribution subsidiaries including the audit of stores; s audit of production sites and métiers ; s audit of support departments for upstream or downstream flows; s special audits conducted with the help of external firms, in particular s on information systems; support for affiliates in the setting up of the internal control system. s Upon completion of the audits, reports are prepared detailing the audit findings and risks identified, and recommending solutions to remedy them. Proper implementation of the recommendations is verified during follow-up audits. The audit reports are sent to the managers of the audited subsidiaries or departments and to Group Management. Since 2020, the audit and risk management department has started using an analysis tool for accounting entries in its audits. This tool makes it possible to improve the relevance of certain tests undertaken, by facilitating the identification of atypical transactions. In addition, in collaboration with an external firm, a project to develop a data analysis tool using artificial intelligence algorithms is underway.

The auditors work on the basis of an annual audit plan, validated by the Executive Management and the Audit and Risk Committee, which is adapted every six months, if necessary. The audit plan is developed through a comprehensive analysis of risks, including financial, operational and compliance risks, the proposals of the Executive Committee and the results of follow-up audits. It must allow a regular review of all Group entities and processes, with a frequency appropriate to the magnitude of the risks and the relative weight of the various Group entities. The audit and risk management department also carries out support assignments for the internal control roll-out within newly acquired entities. In order to conduct specialised audits, the audit and risk management department may call upon outside firms or use appropriate data analysis tools notably in the context of preventing fraud. The audit and risk management department regularly conducts integrated audits with the Group’s experts: experts in IT security, safety, compliance and insurance. Following the successive lockdowns that characterised the year in 2020, some of the audits in subsidiaries have had to be carried out remotely. The audit plan was almost entirely maintained and adapted to cover the risks specific to the health crisis, such as: internal control support for the security of means of payment for remote sales, audit of payments validated remotely by employees working from home, increased coordination of the internal controllers network, detailed audit of e-commerce activities.

4

2020 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

351