126 / 330
2016 REGISTRATION DOCUMENT
HERMÈS INTERNATIONAL
126
CORPORATE GOVERNANCE
3
REPORT FROM THE CHAIRMAN OF THE SUPERVISORY BOARD ON THE CORPORATE GOVERNANCE PRINCIPLES
3.2.6.3
Scope of the risk management and internal
control system
The Group’s risk management and internal control mechanisms are
applicable to the parent company and to the controlled subsidiaries, as
they are presented in the notes to the consolidated financial statements.
3.2.6.4
Parties responsible for risk management
and internal control systems
Group management
The Group management designs risk management and internal control
procedures commensurate with the Company’s size, business opera-
tions, geographical footprint and organisation. In addition to establishing
procedures for delegating authority established at different hierarchical
levels, Group management has ultimate responsibility for guaranteeing
the effectiveness of the risk management system and its adequacy for
meeting the Group’s strategy objectives. To this end, it is provided with
activity reports and regularly meets with the audit and risk management
department (A&RMD). It therefore oversees the system as a whole to
safeguard its integrity and, where applicable, initiate any correctivemea-
sures needed to remedy any failures.
Audit Committee
The Audit Committee was established in 2005 within the Supervisory
Board pursuant to Article L. 823-19 of the French Commercial Code
(Code de commerce),
and without prejudice to the powers of the
Supervisory Board, which it does not supersede.
The roles and duties of the Audit Committee were formally documented
in rules of procedure drawn up by the Supervisory Board in 2010 and
regularly updated. The latest version appears on page 135.
Each meeting of the Audit Committee gives rise to written minutes
that must be approved. At each meeting of the Supervisory Board, the
Chairman of the Audit Committee gives the Board a report of the work of
the Audit Committee.
In 2016, the Audit Committee also conducted a self-assessment as part
of the triennial formal self-assessment of the Supervisory Board. Areas
of improvement are shown on page 119.
In 2016, approval of services other than certification of the financial
statements, pursuant to Article L. 822-11-02 of the French Commercial
Code
(Code de commerce),
resulted in the development and validation
by the Audit Committee of a procedure.
Audit and risk management department (A&RMD)
The department reports to the Group’s Executive Vice President of
Governance and Organisational Development, which guarantees its
independence, and has unlimited authority to review any matter at their
discretion.
The A&RMD consists of a core team of experienced auditors, and runs
a decentralised network of internal controllers. It performs three main
roles for the Group:
s
it performs internal audits and monitors the implementation of the
recommendations;
s
it identifies and analyses risks;
s
it ensures the deployment of internal controls suited to Group
ventures.
The auditors work on the basis of an annual audit plan, validated by
the Executive Management and the Audit Committee, which is adapted
every six months, if necessary. The audit plan is powered by comprehen-
sive risk analysis, including financial, operational and compliance, by
the proposals of the Executive Committee and by the audit trails, which
should allow a regular review of all Group entities and processes, with
a frequency appropriate to the magnitude of the risks and the relative
weight of the various Group entities. The A&RMD also carries out sup-
port assignments for the internal control roll-out within newly acquired
entities. In order to conduct specialised audits, A&RMD may call upon
outside firms or use appropriate analysis tools.
The A&RMD carries out a continuous improvement initiative as regards
the internal control and risk management systems. It notably monitors
the practices of other companies in such matters.
It works alongside the Group’s various departments in order to promote
the upstream handling of the main risks, as well as emerging risks, and
runs the risk mapping approach of the main businesses, retail subsi-
diaries and support functions. The risk maps can also be deployed on a
case-by-case basis, for certain projects. The methodology for risk map-
ping is regularly reviewed in the light of best practice.
The A&RMD coordinates a network of employees responsible for internal
control, in France and abroad, within the business lines, in distribution
and in support activities. This coordination includes awareness-raising
about best internal control practices. Lastly, it also participates in the
Group training sessions in order to promote an awareness of risk mana-
gement and internal control best practices amongst the management.
An audit charter formalising the duties and responsibilities of the internal
auditors and their professional conduct and detailing their audit enga-
gements was released and circulated in 2010. In 2013, the system
was completed by a risk charter that formalises the principles and rules
implemented with regard to risk management, and by an internal control
charter that formalises the roles and responsibilities of the people invol-
ved in internal control. The Head of audit and risk management attends
Audit Committee meetings. He meets with the Audit Committee six times
a year, including once without the presence of third parties. He presents
a report on the Audit Committee’s activity each year.
Internal control managers
Internal control managers oversee the implementation of the internal
control system within their scope, businesses, distribution subsidiaries
or support functions. They report to the CFO of their entity.
They work according to an annual plan, shared with their department
and A&RMD, taking into account the Group’s internal control priorities
and the risks specific to their company. Within their entity, their main
tasks are to:
s
review the key risks and the organisation of internal control;
s
verify the implementation of Group procedures in accordance with
local regulations;