Hermès // 2022 UNIVERSAL REGISTRATION DOCUMENT

4

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Internal control officers Internal control officers oversee the implementation of the internal control system within their scope, métiers , distribution subsidiaries or support functions. They report locally to the Chief Financial Officer of their entity, and functionally to the audit and risk management department. They work according to an annual plan, shared with their department and the audit and risk management department, taking into account the Group’s internal control priorities and the risks specific to their scope. Their main duties are as follows: identify major risks and adapt the organisation of internal control accordingly; s verify the implementation of Group procedures in accordance with the activity and local regulations; s participate in self‑assessment of internal control work; s spread the culture of internal control to all employees; s monitor the risk mapping action plans; s follow up on the audit recommendations of the audit and risk management department; s in general, contribute in all their actions to improving risk management. s They are the contacts responsible for the rollout of systems to prevent corruption and cybersecurity risk. Specialised committees

corrective measures so that they can be implemented in the entities. They also check that existing control systems comply with Group procedures. The main operational contacts involved participate in these committees with the audit and risk management department. Its role is to facilitate the identification of risks and the associated action plans. Every two months, the Information Systems Security Committee brings together the main players, namely the Director of Group Cybersecurity, the information systems department, the audit and risk management department, the Group safety department and the digital projects and e‑commerce department, as well as a member of the Group Executive Committee. Its purpose is to detail the progress of the action plans and to draw lessons from any incidents in terms of cyber risks. A Hermès Product Transportation Safety Committee, made up of the Group safety department, the transportation department, the insurance department and the departments of the relevant métiers , meets as needed to define the necessary actions. Its objective is to improve transportation safety, in a practical way according to the risks specific to the products transported and any difficulties encountered. The Compliance and Vigilance Committee is made up of representatives from the legal department, including compliance, the sustainable development department, the direct purchasing department, the indirect purchasing department, the audit and risk management department, the commercial department, the finance department and the labour law department. It participates in, monitors and oversees the implementation, effectiveness and control of compliance programmes. Its duties are detailed in chapter 2 “Corporate social responsibility and non‑financial performance”, § 2.8.1.1.3. The Group Safety Committee makes decisions on cross‑functional safety issues identified during the specialised committee meetings. It also reviews the main safety incidents in order to adapt the overall system. This committee is composed of the Executive Vice‑President Corporate Development and Social Affairs, the Director of Human Resources, the General Counsel, the Director of Group Safety, the Director of Group Cybersecurity, the Managing Director of Hermès Group Services and the Director of Audit and Risk Management. If necessary, it can call on experts on specific issues. The Group’s operational staff The Senior Executives, the major functional and operating departments, and members of the Management Committees of the Group’s various entities are responsible for internal control and risk management; as the main beneficiaries and also key contributors to its proper application. The control activities carried out at the level of each entity are the joint responsibility of the Managing Director and the Chief Financial Officer. A letter of confirmation relating to Hermès’ internal control objectives and the quality of the controls in place within the entity is signed annually. This letter includes the results of an annual self‑assessment questionnaire on the implementation of internal control.

Transportation Safety Committee

Treasury Safety Committee

Group Safety Committee

Compliance and Vigilance Committee

IT Safety Committee

The Hermès Group has deployed specific processes to monitor certain risks through specialised committees or working groups. These committees meet on a regular basis. For example, committees focusing on safety, IT risks, treasury risks and compliance risks analyse the issues, and study the appropriate

2022 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

388