HERMES_REGISTRATION_DOCUMENT_2017

1

OVERVIEW OF THE GROUP

RISK FACTORS

The auditors work on the basis of an annual audit plan, validated by the ExecutiveManagement and theAudit Committee, which is adaptedevery six months, if necessary. The audit plan is powered by comprehensive risk analysis, including financial, operational and compliance, by the pro- posals of the Executive Committee and by the audit trails. It must allow a regular review of all Group entities and processes, with a frequency appropriate to the magnitude of the risks and the relative weight of the various Group entities. The A&RMD also carries out support assign- ments for the internal control roll-out within newly acquired entities. In order to conduct specialised audits, A&RMDmay call upon outside firms or use appropriate analysis tools which are used notably in the context of preventing accounting fraud. The A&RMD regularly conducts integrated audits with Group experts. The A&RMD carries out a continuous improvement initiative as regards the internal control and risk management systems. It notably monitors the practices of other companies in such matters. It works alongside the Group’s various departments in order to promote the upstream handling of the main risks, as well as emerging risks, and runs the risk mapping approach of the main businesses, retail subsidia- ries and support functions. Themethodology for riskmapping is regularly updated in the light of best practice. In 2017, entirely revised by a spe- cialist external firm. The A&RMD coordinates a network of around 50 employees responsible for internal control, in France and abroad, within the business lines, in distribution and in support activities. This coordination includes aware- ness-raising about best internal control practices. Lastly, it also partici- pates in the Group training sessions in order to promote an awareness of risk management and internal control best practices amongst the management. An audit charter formalising the duties and responsibilities of the internal auditors and their professional conduct and detailing their audit enga- gements was released and circulated in 2010. In 2013, the system was completed by a risk charter that formalises the principles and rules implemented with regard to risk management, and by an internal control charter that formalises the roles and responsibilities of the people invol- ved in internal control. The Head of audit and risk management attends Audit Committee meetings. He meets with the Audit Committee six times a year, including once without the presence of third parties. He presents a report on the Audit Committee’s activity each year. Internal control managers Internal control managers oversee the implementation of the internal control system within their scope, businesses, distribution subsidiaries or support functions. They report to the CFO of their entity. They work according to an annual plan, shared with their department and A&RMD, taking into account the Group’s internal control priorities and the risks specific to their company. Within their entity, their main tasks are to: s review the key risks and the organisation of internal control; s verify the implementation of Group procedures in accordance with local regulations;

s participate in self-assessment of internal control work; s spread the culture of internal control to all employees; s perform monitoring of the action plans of risk mapping; s follow up on the audit recommendations of the A&RMD. Specialised committees

Hermès Group has deployed specific processes to monitor certain risks through specialised committees or working groups. These committees meet ona regular basis. For example, committees focusing on real estate risks, safety, IT risks and treasury risks analyse the issues, and study the appropriate corrective measures so that they are deployed in the entities. They also check that existing control systems comply with Group procedures. The main operational contacts involved take part in these committees, as does A&RMD, whose role is to facilitate the identification of risks and of the associated action plans. Since 2016, the Group Security Committee has been arbitrating on cross-functional topics of security and monitoring the functioning of the specialised committees. During the year, HermèsGroup introduced the “ComplianceCommittee”, comprising representatives of the compliance department, sustainable development department, industrial affairs department, audit and risk management department and human resources department, in order to prepare a vigilance plan for all Group subsidiaries. It should be noted that a Chief Compliance Officer was appointed in 2017. The Group’s operational staff The Senior Executives, the major functional and operating departments, and members of the Management Committees of the Group’s various entities serve as the main conduits for applying internal control and risk management; they are themain beneficiaries of the systemand also key contributors to its proper operation. Control activities carried out at the level of each entity fall under the joint responsibility of the Executive Vice-President and Financial Executive Vice-President, as established by the signature of a letter of representa- tion relating to the knowledge of the Hermès internal control objectives and of the quality of the controls implemented within the entity. To this end, they rely on the results of an annual self-assessment questionnaire on the implementation of the internal control system. Risk management system The Group’s risk management process is based upon the preparation of risk maps as well as a range of complementary tools that facilitate the identification of risks and help to define the actions necessary to best deal with them. Set up in 2004, the mapping initiative has been rolled out to the main entities under the supervision of the A&RMD. These maps serve to identify, evaluate and systematically rank the main risks. They represent a lever for performance improvement, as they contribute to the protection of company value and assets. These are effective management tools that provide a comprehensive and shared 1.8.5.5

42

2017 REGISTRATION DOCUMENT HERMÈS INTERNATIONAL