Hermès // 2022 UNIVERSAL REGISTRATION DOCUMENT

4

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

A MATURE INTERNAL CONTROL SYSTEM GENERAL ORGANISATION

4.3.4 4.3.4.1

Organisation The Company’s management, organised into an Executive Committee and several specialised committees, ensures the strategic alignment and distribution of information. Detailed organisational charts and memoranda outlining strategic directions give staff members a thorough understanding of their role in the organisation and a way to periodically evaluate their performance by comparing it with targets. The Group’s organisation is based on an approach designed to foster a high level of accountability among local managers, whose duties and responsibilities are clearly defined. Regarding human resources processes, Hermès has established hiring, training and skills development programmes, enabling each individual to perform their current and future duties effectively. Within Hermès International, the finance department has primary responsibility for the preparation and control of financial information. the reliability of financial information and, in general, control over its activities, efficiency of its operations and optimisation of the use of its resources. s

Internal control objectives Internal control systems rely on ongoing, recurring actions that are integrated into the Company’s operating processes. They apply to all functions and processes, including those associated with the preparation of financial and accounting information. The Hermès internal control objectives include: compliance with laws and regulations; s proper observance of instructions and strategy directions given by the Group Management; s operating efficiency of the Company’s internal procedures, particularly those that help to protect its assets, as well as the safety and security of property and persons; s

Internal control system monitoring The monitoring system includes three levels of control:

LEVEL 3

Carried out by the audit and risk management department

PERIODIC INSPECTION PERMANENT CONTROL

Carried out by internal controllers or cross-functional departments LEVEL 2 Regular verification through sampling

Carried out by operational staff LEVEL 1 Daily checks of activities

its role of coordinating the network of internal control officers, the audit and risk management department is involved in their appointment, reviews the subsidiaries’ annual internal control plans and disseminates best practices. It relies in particular on a social and collaborative information‑sharing platform, identifies internal control priorities and promotes the sharing of experience between all members of the network. It also publishes a quarterly newsletter. Audit assignments represent the third level of control. They are explained in §4.3.5 “An agile internal audit system” below.

Regular reviews are carried out by internal control officers at a local level and are supplemented by the audit and risk management department depending on the issues at stake in each entity. The network of internal control officers is responsible for ensuring that suitable controls cover the principal risks related to distribution and production operations, as well as to support functions, notably regarding the security and traceability of assets. This network, made up of around 70 internal control officers, enables the presence of local contacts in the Group’s main entities. As part of

2022 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

390