Material organizational risks
HUGO BOSS considers IT risks, personnel risks and governance and compliance risks to be among the material organizational risks.
Central IT department secures Group-wide IT system against outages and cyber attacks
Smooth business operations with efficient processes are strongly dependent on a powerful and secure IT infrastructure uniformly implemented throughout the Group. Serious outages of the Group’s IT systems can lead to significant business interruptions, while cyber attacks can lead to system interruptions, the loss of confidential data and as a result to damage to the company’s reputation as well as liability claims. In order to reduce these risks, preventative system maintenance and security checks are carried out by the central IT department on a regular basis, multi-level security and anti-virus concepts are implemented and job-related access rights are assigned. In addition to this, access control systems, daily data backups in the Group-wide ERP system, an uninterrupted power supply as well as regular online training sessions for staff should increase IT security in the Group. The internal audit function regularly monitors the security and reliability of the IT systems as well as the effectiveness of the control mechanisms which have been implemented.
HUGO BOSS considers cyber attacks as an emerging risk
HUGO BOSS assumes that global cyber attacks will continue to increase in future, and consequently classes it as an “emerging risk”. For this reason, the Group is working on implementing a so-called security information and event management (SIEM) system. The completion of this approach to security management due in 2018 will make it possible to gain a comprehensive view of the IT security in the Group. Also, an anti-threat protection system was implemented with the introduction of Windows 10, which is also intended to protect the Group against attacks by ransomware and phishing. Furthermore, HUGO BOSS also works with external service providers to avert risks. Due to the measures carried out, management currently considers the occurrence of IT risks to be unlikely and the financial impact to be moderate.
The Group’s personnel strategy addresses personnel risks
Achieving the Group’s strategic and financial goals is largely dependent on the skills and motivation of its employees and on safeguarding a fair and value-based corporate culture. Personnel risks mainly stem from recruitment bottlenecks, a shortage of specialists and excessive employee turnover. HUGO BOSS combats this risk with a forward-looking HR policy, comprehensive development and training offerings, the continuous development of its performance-based remuneration system and a variety of measures to support a healthy work-life balance. HUGO BOSS considers itself to be well positioned in the increasing international competition for skilled workers and so classes this risk as unlikely, however at the same time with a significant financial impact. Employees
Governance and compliance risks
All employees of the HUGO BOSS Group are required to comply with the code of conduct applicable throughout the Group and the compliance rules applicable in specific areas. All Group companies are subject to regular risk analyses and detailed audits where applicable. Adherence to the compliance rules is monitored centrally and breaches are reported to the Managing Board and Supervisory Board. Corporate Governance Report
Breaches of data protection laws, especially customer data protection laws, represent an increased compliance risk. Employees receive data protection training and are required to comply with the code of conduct. New processes and systems and those which have already been implemented are measured against data protection requirements on an ongoing basis and are continuously improved in order to comply with legal requirements. With a view to the future applicability of the General Data Protection Regulation (GDPR) of the European Union and the potential fines for breaches thereof which have been significantly increased, HUGO BOSS has introduced fundamental measures to implement the regulations and thus to mitigate risk.
Management classes risks in the context of governance and compliance as unlikely overall due to the corporate compliance system which has been implemented, however the potential financial risk is seen as significant.