Hermès // CSR Extract 2023

RISK FACTORS AND MANAGEMENT RISK MANAGEMENT, INTERNAL CONTROL AND INTERNAL AUDIT

Audit plan The auditors work on the basis of an annual audit plan, validated by the Executive Management and the Audit and Risk Committee, which is adapted every six months, if necessary. An overall analysis of risks, in particular financial, operational and compliance risks, feeds into the audit plan. The Executive Committee’s proposals and audit follow‑ups complete it. It must allow a regular review of all Group entities and processes, with a frequency appropriate to the magnitude of the risks and the relative weight of each entity. The audit and risk management department also carries out support assignments for the internal control roll‑out within newly acquired entities. For specialised audits, it may use external service providers and data analysis tools, particularly in the context of fraud prevention. In addition, it regularly performs integrated audits with the Group’s experts: IT security, safety, compliance, insurance, etc. The 2023 audit plan was adapted to the context of recent years to include in‑person audits of entities located in countries where health restrictions have been the most prolonged. The strengthening of IT safety audits continued in 2023. In the field of cybersecurity, and more broadly the IT control environment, most audits are entrusted to external expert firms. In addition, the audit and risk management department has been carrying out dedicated audits of communications expenditure with the support of external firms.

Upon completion of the audits, reports are prepared detailing the audit findings and risks identified, and recommending solutions to remedy them. Proper implementation of the recommendations is verified during follow‑up audits. The audit reports are sent to the managers of the audited subsidiaries or departments and to Group Management. Since 2020, the audit and risk management department uses an analysis tool for accounting entries in its audits. This tool improves the relevance of certain tests undertaken, by facilitating the identification of atypical transactions. Moreover, since 2021, the Group has had a tool for analysing in‑store transactions based on 39 indicators that can continuously highlight any non‑compliance with Group procedures. Initially developed for internal control officers, this tool is also used by the audit and risk management department to perform in‑store tests on the most sensitive sales transactions and stock movements. More broadly, this tool is also a means of fighting corruption and money laundering in stores. Collective and individual training sessions against fraud, for Chief Financial Officers and internal control officers, were organised by the data, innovation and method optimisation team in the audit and risk management department. special audits conducted with the help of external firms, in particular on information systems; s support for affiliates in the setting up of the internal control system. s

4

2023 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL EXTRACT FROM 2023 UNIVERSAL REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

413