Hermès // CSR Extract 2023

4

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Self‑assessment of internal control The self‑assessment of internal control, which began in 2005, is now a mature process within the Group. It is based on questionnaires completed by all controlled subsidiaries. This system contributes to the dissemination of the internal control culture within the Group. It also provides support for assessing the level of internal control and assessing the extent to which operational and functional risks are properly addressed. If the control processes are found to be ineffective, the subsidiaries are required to draw up an action plan to remedy the situation. The subsidiaries self‑assess each year using five questionnaires available on the intranet in the dedicated “CHIC” IT tool (Check your Hermès Internal Control). They are administered by the audit and risk management department. The self‑assessment is based on a general internal control questionnaire (CHIC Practices), the guidelines for which are drawn up in line with the AMF “Reference Framework”. A

questionnaire specific to cash management (CHIC Trésorerie), a questionnaire on operating procedures in the retail network (CHIC Boutique) and a questionnaire on operational procedures governing online sales (CHIC E‑commerce) are also part of the system. Lastly, a questionnaire dedicated to the leather goods workshops (CHIC Maroquinerie) was launched in 2023. These questionnaires are updated on an annual basis, in order to include any new risks and controls identified as key at Group level. The results are reported in a dedicated IT tool where they are centralised and analysed by the audit and risk management department, in order to identify areas for improvement and internal control priorities for the following year. They are shared with the departments concerned in order to define action plans for all the Group’s subsidiaries.

CHIC Questionnaires

Number of themes *

Examples of themes addressed

Practices

12

Finance, Human resources, Control environment, Information systems, Communication, Ethics and Compliance, Sustainable development, etc. Inventories, Production, Finance, Investments and Real Estate, Ethics and Compliance, Information Systems, etc.

Leather goods

11

E‑commerce

9

Sales, Shipping and Deliveries, Returns and Refunds, Storage, Customer Data, etc.

Boutique

7

Customer relationship management, Checkout closing, Stock‑taking, Safety/Security, etc.

Trésorerie

7

Management of bank accounts, Processes and Payment means, Regulatory compliance, E‑payments, etc.

* The themes are then sub‑divided into several questions addressing all related procedures in an exhaustive manner.

The internal control officers are involved in the self‑assessment, and are in charge of monitoring the action plans. The audit and risk management department checks and compares the responses given by subsidiaries to the questionnaires with its own assessment when performing audits. It ensures that the controls have been correctly undertaken, and that corrective action plans have been implemented. Internal control procedures The internal control processes are described in the Group procedures. They are defined at Group level, then rolled out and adapted by each division to the specific contexts and local regulations. All Group employees have access to them via a secure intranet website. Group procedures cover the Company’s main cycles (purchases, sales including digital, treasury, inventory management, fixed assets, human resources, information systems, safety and security, closing of financial statements, compliance, etc.). The audit and risk management department updates them regularly, in collaboration with the experts in their respective fields and the internal control officers. More specifically, extremely stringent cash management procedures have been put in place. The treasury security rules manual details the following procedures: a treasury management procedure that defines the roles and responsibilities between Group treasury and the subsidiaries; s

Information systems The use of tools adapted to Hermès’ needs facilitates the preparation and control of information. The consistency of information system urbanisation and architecture is managed at Group level. The projects follow a methodology that includes mandatory milestones, in particular that of the Architecture Committee, which ensures the coherence and compliance of projects, including with regard to security (compliance with the Group process of integration of security in projects – ISP). a Group cash management policy, approved by the Hermès International Supervisory Board, which sets out the authorised investment vehicles and all the criteria for managing liquidity and counterparty risk. s rules for opening and operating bank accounts, called “prudential rules”, for each of the Group’s companies, which are constantly updated and include among others the monitoring of authorised signatories; s an exchange rate policy approved by the Group’s Supervisory Board (this policy presents all the authorised financial instruments, the horizon and the hedging ratios); s intra‑group agreements signed by each subsidiary concerned, which structure the relationship between the Hermès Group and its subsidiaries and specify the management policy and rules applicable to all financial flows (cash flows, foreign currency transactions, etc.) that may generate liquidity or market risk; s

2023 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL EXTRACT FROM 2023 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

410