Hermès // 2021 Universal Registration Document

4

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

incident. Initial feedback was provided at the end of the financial year and a second will be conducted in early 2022. The aim is to identify ways of improving the crisis management system, particularly in terms of responsiveness, organisation and communication.

compliance of projects, including with regard to security (compliance with the Group process of integration of security in projects – ISP). Integrated applications are used to facilitate centralisation of data reported to Hermès International by the subsidiaries, consolidation of accounts and cash management. Managers have access to data generated by the management systems on a weekly and monthly basis, giving them the information they need to manage business operations effectively, to monitor performance consistently, and to identify any irregularities. The information systems are designed to ensure that, in particular, the accounting and financial information produced complies with security, reliability, availability and relevance criteria. Specific rules on the organisation and operation of all IT systems have been defined, applying to access, validation of processing and closing procedures, data archiving and record verification. Furthermore, procedures and controls have been set up to ensure the quality and security of operations, maintenance and upgrading of accounting and management systems as well as all systems that send data to them. In addition to the detailed reviews carried out by the information systems department in the main subsidiaries, the audit and risk management department organises a review of second-level IT controls through a self-assessment questionnaire completed by the subsidiaries, and of third-level controls via audits on: general IT controls in subsidiaries and centrally; s IT projects; s the cybersecurity system. s For third-level controls, the audit plan was considerably enhanced in 2020 and 2021, and is conducted with the assistance of specialists in each of the subjects audited. Since 28 February 2020, in response to the health crisis linked to Covid-19, a monitoring unit has been set up to coordinate the necessary actions within the Group and the exchange of information. Committees by type of activity and geographical area are regularly organised to maintain close contact with the Group’s entities. They make it possible to address operational issues in terms of employee protection, business continuity and adaptation of the internal control system. The crisis unit comprises members of the audit and risk management department, the Group safety department and the Group human resources department, including in particular the directors of internal communication and labour relations. This crisis unit reports to the Executive Committee, via the Executive Vice-President of Corporate Development and Social Affairs, on matters requiring a collective decision. Throughout 2021, the unit remained committed to assisting the subsidiaries meet their needs, reported during the various meetings or directly via a dedicated “Covid watch” email address. A crisis management exercise, designed with the support of an external firm, was conducted in December 2021. This exercise made it possible to test the reaction and communication of the various stakeholders of the crisis unit around various scenarios such as a cyberattack, a fire or a pollution Crisis management

PREPARATION AND PROCESSING

4.3.4.2

OF ACCOUNTING AND FINANCIAL INFORMATION

Definition, objectives and scope The processes relating to the preparation and processing of accounting and financial information are at the heart of the Group’s internal control system. They ensure stringent financial oversight of the Company’s activities and all processes involved in producing and reporting accounting and financial information for the parent company and the companies integrated into the consolidated financial statements. The processes are designed to meet the following objectives: compliance with accounting regulations and the proper application of s the principles used for the preparation of the financial statements; the prevention and identification of any accounting or financial fraud s or inconsistencies, as far as possible; the reliability of the information circulated and used in-house by s Group Management for steering purposes; the reliability of the published accounts and of other information s reported to investors. Hermès has set up an organised and documented system that ensures the consistency of consolidated and reported accounting and financial data. It is based on a Group Management manual, strict segregation of duties, and strong control by Hermès International over the information produced by the subsidiaries. Actors in the accounting and financial internal control process The internal control process for accounting and financial information involves the following stakeholders: Group Management, which is carried out by the Executive Committee, s led by the Executive Management. As part of the closing of the annual and consolidated financial statements, the Executive Management obtains all the information it deems useful. It analyses the subsidiaries’ accounts on a regular basis and meets with their Senior Executives from time to time, particularly during the budget preparation and account closing periods; the Supervisory Board, which exercises ongoing control over the s Company’s management. By consulting Group Management, the Board can verify that oversight and control systems are sufficient to ensure that the financial information published by the Company is reliable; the Audit and Risk Committee, whose roles and missions are s described in § 4.3.2; the Executive Vice-President of Corporate Development and Social s Affairs, member of the Executive Committee, who ensures the implementation of appropriate methods (organisation, skilled resources, tools) and oversees the audit and risk management department responsible for the risk management system and internal control coordination;

354 2021 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL