Hermès // 2022 UNIVERSAL REGISTRATION DOCUMENT

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Group Management The Group Management designs risk management and internal control procedures commensurate with the Company’s size, business operations, geographical footprint and organisation. In addition to establishing procedures for delegating authority established at different hierarchical levels, Group Management has responsibility for guaranteeing the quality and effectiveness of the risk management and internal control systems. It thus ensures their adequacy for meeting the Group’s strategy objectives. To this end, Group Management is provided with audit reports and the risk mapping of subsidiaries, métiers and support functions, and regularly meets with the audit and risk management department. It therefore oversees the system as a whole to safeguard its integrity and, where applicable, initiate any corrective measures needed. Audit and Risk Committee The Audit and Risk Committee was established in 2005 within the Supervisory Board pursuant to Article L.823‑19 of the French Commercial Code ( Code de commerce ), and without prejudice to the powers of this Board, which it does not supersede. The roles and duties of the Audit and Risk Committee were formally documented in rules of procedure drawn up by the Supervisory Board in 2010 and regularly updated. The latest version is available at https://finance.hermes.com/en/ governing‑bodies‑rules‑procedure‑articles‑association/. The rules of procedure were amended and submitted for approval to the Audit and Risk Committee in 2021. Each meeting of the Audit and Risk Committee gives rise to written minutes that are approved. At each meeting of the Supervisory Board, the Chairwoman of the Audit and Risk Committee gives the Board a report of the work of the Audit and Risk Committee. The work and operation of the Audit and Risk Committee were assessed in 2022 as part of the Supervisory Board’s three‑year formal self‑assessment (see chapter 3 “Corporate Governance”), §3.7.3). As part of its oversight of the risk management and internal control system, the Audit and Risk Committee has access to information relating to internal audit, internal control and risk management. The risk mapping of Group entities and the corresponding action plans are regularly presented to it. A list of the work carried by the Audit and Risk Committee is provided in chapter 3 "Corporate governance", §3.6.3.4. Audit and risk management department The audit and risk management department reports to the Group’s Executive Vice‑President Corporate Development and Social Affairs, which guarantees its independence, and has unlimited authority to review any matter at their discretion. The audit and risk management department consists of a core team of experienced auditors, and runs a decentralised network of internal control officers. It performs a threefold mission for the Group: it identifies and analyses risks and ensures the implementation of action plans; s

The prevention and insurance department joined the audit and risk management department on 1January 2020 in order to increase synergies in terms of risk identification and management. Risk mapping now includes an insurance section in order to look at risks alongside the corresponding insurance coverage. Since 2022, the audit and risk management department has included a data, innovation and method optimisation project manager in its workforce. The duties of the audit and risk management department also consist of: it conducts internal audits and monitors the implementation of the recommendations; s it ensures the deployment of internal controls adapted to Group’s issues. s carrying out a continuous improvement initiative as regards the internal control and risk management systems; s working alongside the Group’s various departments in order to promote the upstream handling of the main risks, as well as emerging risks, and running the risk mapping approach of the main métiers , distribution subsidiaries, support functions and cross‑cutting subjects. The risk mapping methodology is regularly reviewed: in 2017 and in 2020, specialised external firms supported this continuous improvement process. The audit and risk management department thus ensures that it has a relevant, effective and motivating methodology for its contacts. The action plans resulting from the risk mapping are monitored each year by the network of internal control officers; s coordinating a network of around 70 internal control officers, in France and abroad, within the métiers , distribution subsidiaries and support activities. Since 2020, given the specific circumstances related to Covid‑19, internal control was stepped up, in particular through increased use of digital channels. A virtual meeting dedicated to the internal control issues of the distribution subsidiaries was organised in 2022, bringing together both the internal controllers and the Chief Financial Officers of the subsidiaries concerned. Two other face‑to‑face meetings were organised in Paris for the French and European internal control teams. In addition, half‑yearly meetings are organised with the Chief Financial Officers of the main regional distribution subsidiaries on the one hand, and the métiers on the other hand, to discuss their main internal control issues. s An audit charter has formalised the duties and responsibilities of the internal auditors and their professional conduct. It sets out the way in which their audit engagements are conducted. A risk charter, setting out the principles and rules for risk management, and an internal control charter, formalising the roles and responsibilities of its players, complete the system. These charters are reviewed regularly. Lastly, the Director of Audit and Risk Management attends Audit and Risk Committee meetings. She meets with this committee six times a year, including once without the presence of third parties. This meeting is dedicated to the presentation of the audit and risk management department’s activity report, and to discussions on its work and the resources at its disposal.

4

2022 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

387