HERMÈS - 2018 Registration document

Overview of the group

Risk factors

control environment which forms their common base, and more specifi- cally, on the Company’s ingrained risk management and internal control culture, management style and corporate values. With this in mind, to underpin the risk management culture promoted by the Group, a formal ethical charter was adopted and disseminated to its employees in 2009. In 2013, it was completed by the business code of conduct, that sets out the behaviour expected from Group employees. Both documents were updated in 2016. They are available on the Company intranet and have been subject to formal acknowledgement of receipt when given to employees.Additionaltrainingsessionsonanti-corruptionlawshavealso been organised for operational staff. However, no risk management and internal control system, no matter how well-designed and applied, can provide absolute certainty that the Company will achieve its objectives.

Scope of the risk management and internal control systems

1.9.6.3

1

The Group’s risk management and internal control mechanisms are applicable to the parent company and to the controlled subsidiaries, as they are presented in the notes to the consolidated financial statements.

Parties responsible for risk management and internal control

1.9.6.4

SUPERVISORY BOARD

GROUP MANAGEMENT

AUDIT AND RISK MANAGEMENT DEPARTMENT

AUDIT AND RISK COMMITTEE

SPECIALISED COMMITTEES

THE NETWORK OF INTERNAL CONTROL MANAGERS

THE GROUP’S OPERATIONAL STAFF

Group management The Group management designs risk management and internal control procedures commensurate with the Company’s size, business opera- tions, geographical footprint and organisation. In addition to establishing procedures for delegating authority established at different hierarchical levels, Group management has ultimate responsibility for guaranteeing the effectiveness of the risk management system and its adequacy for meeting the Group’s strategy objectives. To this end, it is provided with audit reports and the riskmapping of subsidiaries andMétiers and regu- larly meets with the Audit and RiskManagement Department (A&RMD) It therefore oversees the system as a whole to safeguard its integrity and, where applicable, initiate any corrective measures needed to remedy any failures. Audit and Risk Committee The Audit and Risk Committee was established in 2005 within the SupervisoryBoardpursuanttoArticleL.823-19oftheFrenchCommercial Code (Code de commerce), and without prejudice to the powers of the Supervisory Board, which it does not supersede.

The roles and duties of the Audit and Risk Committee were formally docu- mented in rules of procedure drawn up by the Supervisory Board in 2010 and regularly updated. The latest version appears on pages 212 and 213. In 2017, the rules of procedure were amended, in order to incorpo- rate the procedure for approving services other than the certification of financial statements, and submitted for the approval of Audit and Risk Committee. Each meeting of the Audit and Risk Committee gives rise to written minutes that must be approved. At each meeting of the Supervisory Board, the Chairman of the Audit and Risk Committee gives the Board a report of the work of the Audit and Risk Committee. A list of the work carried by the Audit and Risk Committee in 2018 is provided on pages 189 to 190. In 2016, the Audit and Risk Committee also conducted a self-assess- ment as part of the triennial formal self-assessment of the Supervisory Board. Since 2017 the updated IT riskmapping is also sharedwith the Audit and Risk Committee every year. In 2018, the presentation was made during the session of 14 November 2018.

2018 REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

43