Hermès // 2021 Universal Registration Document

4

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

A MATURE INTERNAL CONTROL SYSTEM

the reliability of financial information and, in general, control over its s activities, efficiency of its operations and optimisation of the use of its resources.

4.3.4

GENERAL ORGANISATION

4.3.4.1

Internal control objectives

Organisation

Internal control systems rely on ongoing, recurring actions that are integrated into the Company’s operating processes. They apply to all functions and processes, including those associated with the preparation of financial and accounting information. The Hermès internal control objectives include: compliance with laws and regulations; s proper observance of instructions and strategy directions given by the s Group Management; operating efficiency of the Company’s internal procedures, particularly s those that help to protect its assets, as well as the safety and security of property and persons;

The Company’s management, organised into an Executive Committee and several specialised committees, ensures the strategic alignment and distribution of information. Detailed organisational charts and memoranda outlining strategic directions give staff members a thorough understanding of their role in the organisation and a way to periodically evaluate their performance by comparing it with targets. The Group’s organisation is based on an approach designed to foster a high level of accountability among local managers, whose duties and responsibilities are clearly defined. Regarding human resources processes, Hermès has established hiring, training and skills development programmes, enabling each individual to perform their current and future duties effectively. Within Hermès International, the finance department has primary responsibility for the preparation and control of financial information.

Internal control system monitoring

The monitoring system includes three levels of control:

LEVEL 3

Carried out by the audit and risk management department Assessment of the functioning of the system and contribution to its improvement

PERIODIC INSPECTION PERMANENT CONTROL

Carried out by internal controllers or cross-functional departments LEVEL 2 Regular verification through sampling

Carried out by operational staff LEVEL 1 Daily checks of activities

Regular reviews are carried out by internal control officers at a local level and are supplemented by the audit and risk management department depending on the issues at stake in each entity. The network of internal control officers is responsible for ensuring that the principal risks related to distribution and production operations, as well as to support functions, are covered by suitable controls, notably regarding the security and traceability of assets. This network, made up of around 70 internal control officers, enables the presence of local contacts in the Group’s main entities. As part of its role

of coordinating the network of internal control officers, the audit and risk management department is involved in their appointment, reviews the subsidiaries’ annual internal control plans and disseminates best practices. It relies in particular on a social and collaborative information-sharing platform, identifies internal control priorities and promotes the sharing of experience between all members of the network. It also publishes a quarterly newsletter. Audit assignments represent the third level of control. They are explained in § 4.3.5 “An agile internal audit system” below.

352 2021 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL