Hermès // 2021 Universal Registration Document

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Self-assessment of internal control

internal control questionnaire ( CHIC Practices ), the guidelines for which are drawn up in line with the AMF “Reference Framework”. A questionnaire specific to cash management ( CHIC Trésorerie ) and a questionnaire on operational procedures in the retail network ( CHIC Boutique ) are also part of the system. Finally, a questionnaire on the operational procedures governing online sales ( CHIC E-commerce ) was launched in 2021 thanks to the joint work of several internal control officers. These questionnaires are updated on an annual basis, in order to include any new risks and controls identified as key at Group level. The results are reported in a dedicated IT tool where they are centralised and analysed by the audit and risk management department, in order to identify areas for improvement and internal control priorities for the following year. They are shared with the departments concerned in order to define action plans for all the Group’s subsidiaries. Finance, Human resources, Control environment, Information systems, Communication, Ethics and compliance, etc. Sales, Shipping and deliveries, Returns and refunds, Storage, Customer data, etc. Customer relationship management, Checkout closing, Stock-taking, Safety/security, etc. Management of bank accounts, Processes and payment means, Regulatory compliance, E-payments, etc. updated and include among others the monitoring of authorised signatories; an exchange rate policy approved by the Group’s Supervisory Board s (this policy presents all the authorised financial instruments, the horizon and the hedging ratios); a foreign exchange risk management agreement signed with each s relevant subsidiary, which structures the relationships between the Hermès Group and its subsidiaries, sets out policy and management rules applicable to financial flows, and defines the terms and conditions for calculating and applying the annual guaranteed exchange rates; a Group cash management policy, approved by the Hermès s International Supervisory Board, which sets out the authorised investment vehicles and all the criteria for managing liquidity and counterparty risk. External firms regularly conduct audits on technical issues related to payment security. In 2021, a global audit of the cash management system complemented the usual audits by the audit and risk management department. Examples of themes addressed

The self-assessment of internal control, which began in 2005, is now a mature process within the Group. It is based on questionnaires completed by all controlled subsidiaries. This system contributes to the dissemination of the internal control culture within the Group. It also provides support for assessing the level of internal control and assessing the extent to which operational and functional risks are properly addressed. If the control processes are found to be ineffective, the subsidiaries are required to draw up an action plan to remedy the situation. The subsidiaries self-assess each year using four questionnaires available on the intranet in the dedicated “CHIC” IT tool ( Check your Hermès Internal Control ). They are administered by the audit and risk management department. The self-assessment is based on a general

CHIC Questionnaires

Number of themes *

Practices

11

E-commerce

9

4

Boutique

7

Trésorerie

6

The themes are then sub-divided into several questions addressing all related procedures in an exhaustive manner. *

The internal control officers are involved in the self-assessment, and are in charge of monitoring the action plans. The audit and risk management department checks and compares the responses given by subsidiaries to the questionnaires with its own assessment when performing audits. It ensures that the controls have been correctly undertaken, and that corrective action plans have been implemented. The internal control processes are described in the Group procedures. They are defined at Group level, then rolled out and adapted by each division to the specific contexts and local regulations. All Group employees have access to them via a secure intranet website. Group procedures cover the Company’s main cycles (purchases, sales, treasury, inventory management, fixed assets, human resources, information systems, safety and security, closing of financial statements, compliance, etc.). The audit and risk management department updates them regularly, in collaboration with the experts in their respective fields and the internal control officers. In particular, in 2020 and 2021, procedures relating to distance selling and e-commerce, boosted by successive lockdowns, have been strengthened. More specifically, extremely stringent cash management procedures have been put in place. The treasury security rules manual details the following procedures: a treasury management procedure that defines the roles and s responsibilities between Group treasury and the subsidiaries; rules for opening and operating bank accounts, called “prudential s rules”, for each of the Group’s companies, which are constantly Internal control procedures

Information systems

The use of tools adapted to Hermès’ needs facilitates the preparation and control of information. The consistency of information system urbanisation and architecture is managed at Group level. The projects follow a methodology that includes mandatory milestones, in particular that of the Architecture Committee, which ensures the coherence and

2021 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

353