HERMES_REGISTRATION_DOCUMENT_2017

OVERVIEW OF THE GROUP

RISK FACTORS

Hermès International, the finance department has primary responsibi- lity for preparation and control of financial information (see below ). Information systems Hermès uses effective IT tools tailored to its requirements in preparing andcontrollinginformation.Integratedapplicationsareusedtocentralise data reported to Hermès International by the subsidiaries, for account consolidation and for cashmanagement. Managers have access to data generated the management systems on a weekly and monthly basis, giving them the information they need to manage business operations effectively, to monitor performance consistently, and to identify any irregularities. The information systems are designed to ensure that the accounting and financial information produced complies with security, reliability, availability and relevance criteria. Specific rules on the organisation and operation of all IT systems havebeendefined, applying to systemaccess, validation of processing and year-end closing procedures, data archiving and record verification. Furthermore, procedures and controls have been set up to ensure the quality and security of operation, maintenance and upgrading of accoun- ting and management systems and all systems that directly or indirectly send data to these systems. As a supplement to the detailed reviews performed by the information systems department within the main subsidiaries, the A&RMD verifies the implementation of the general IT controls during the audits. In this context, A&RMD may call upon external firms specialising in information systems. Internal control procedures The internal control processes are described in the Group procedures. They are defined on aGroup level, then rolled out and adapted to the spe- cific contexts and local regulations by each division. All Group employees have access to them via a secure intranet site. The Group procedures cover the Company’s main cycles (purchases, sales, treasury, inventory management, fixed assets, human resources, information systems, security and safety, closing of financial statements, etc.). The A&RMDupdates themon a regular basis, alongside the various experts in their respective domains. More specifically, extremely stringent cash management procedures have been put in place. The treasury security rules manual details the following procedures: s a treasury management procedure that defines the roles and res- ponsibilities between the Group treasury and the subsidiaries; s rules for opening and operating bank accounts, called “prudential rules”, for each of the Group’s companies, which are constantly updated and include monitoring of the authorised signatories, inter alia;

vision of the risks and define operational action plans and responsibi- lities of stakeholders. The risk maps are updated periodically by each company under the supervision of the A&RMD. The internal control managers within the entities are the local relays for the mapping initiative. They participate in the initial risk analysis, while updating and monitoring the action plans. Group risk mapping is updated annually. The subsidiaries’ risk mapping and individual assessments by Executive Committee members feed into it. This risk mapping is shared on a collective basis with them and action plans are circulated. It is also shared with the Audit Committee. The Group risk mapping is also used as a starting point for A&RMD’s audit plan and the internal auditors’ work programmes. It also feeds in to the internal control priorities of the internal control managers. Prioritisation of risks carried out by Groupmanagement is also sharedwith the entities in order to be included in the mapping carried out locally. The A&RMD carried out a specific mapping exercise concerning the risk of fraud, with action plans monitored. In 2017, a process of preparing corruption risk mapping was initiated with the support of a specialist external firm, in cooperationwith theChief Compliance Officer who will manage the process from 2018. The A&RMD is also able to modify its work programme and carry out ad hoc assignments in order to deal with new risks, particularly in the event of an alert issued by a Group division. A&RMD may also perform cross-functional audits. Finally, an IT platform for the sharing of incidents not only enables assessment of the changes of certain risks, but also the apprehension, early on, of any possible signs of weakness. It’s a preventive tool that allows for the constant improvement of the control system, to correspond to actual conditions as closely as possible. Organisation The Company’s management is organised into an Executive Committee and several specialised committees, and ensures that strategic direc- tions are followed consistently and that information is disseminated effectively. Detailed organisational charts and memoranda outlining strategic directions give staff members a thorough understanding of their role in the organisation and a way to periodically evaluate their per- formance by comparing it with stated targets. The Group’s organisation is based on an approach designed to foster a high level of accountability among local managers, whose duties and responsibilities are clearly defined. In its human resources processes, Hermès has established hiring, training and skills development programmes designed to enable each individual to perform their duties effectively, now or in the future. Within 1.8.5.6 Internal control system in response to risks

1

2017 REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

43