Material organizational risks
HUGO BOSS considers IT risks, personnel risks, and governance and compliance risks to be among the material organizational risks.
Smooth business operations with efficient processes are strongly dependent on a powerful and secure IT infrastructure uniformly implemented throughout the Group. Serious failures of the Group’s IT system may result in significant business interruptions. In addition, cyberattacks can lead to major system interruptions, loss of confidential data and the ensuing loss of reputation and liability claims. In order to reduce these risks, preventative system maintenance and security checks are carried out by the central IT department on a regular basis, multi-level security and anti-virus concepts are implemented, and job-related access rights are assigned. In addition to this, access control systems, daily data backups of the Group-wide ERP system, an uninterrupted power supply as well as regular online training sessions for staff should increase IT security on a Group level. The internal audit department regularly monitors the security and reliability of the IT systems as well as the effectiveness of the control mechanisms which have been implemented.
HUGO BOSS assumes that global cyberattacks will continue to increase in future, and consequently classes it as an “emerging risk”. With the objective of further improving the ability to respond to potential attacks, the Company intends to keep working on the continuous development of its information security program. As part of this development, the Company has implemented a security information and event management system. This security management approach is intended to provide a complete overview of the Group’s IT security. Due to the measures carried out, Management currently considers the occurrence of IT risks to be unlikely. However, the associated financial implications could generally be high.
Achieving the Group’s strategic and financial targets is largely dependent on the skills and commitment of its employees and on safeguarding a fair and value-based corporate culture. Personnel risks mainly stem from recruitment bottlenecks, shortages of specialists and excessive employee turnover. HUGO BOSS counters this risk with a forward-looking personnel planning, comprehensive development and training measures, the continuous development of its performance-based remuneration system and flexible working models to better combine work and family life. Management therefore assesses personnel risks as unlikely overall, but also as having a high financial impact. Employees
Governance and compliance risks
All employees of HUGO BOSS are required to comply with the Code of Conduct applicable throughout the Group and the compliance rules applicable in specific areas. The Group companies are subject to regular risk analyses and detailed audits where applicable. Adherence to the compliance rules is monitored by the central compliance division and breaches are reported to the Managing Board and Supervisory Board. Corporate Governance and the Corporate Governance Statement, Combined Non-Financial Statement, Anti-Corruption and Bribery Matters
Breaches of data protection laws represent an increased compliance risk. The Group counters this risk using a system that complies with data protection laws and through appropriate technical and organizational measures. All employees are educated on data protection matters through activity-related training courses, the obligation to adhere to the Code of Conduct, and a separate duty of confidentiality. All internal processes and systems for processing personal data are measured on an ongoing basis and continually improved to ensure that they comply with the legal data protection requirements. Management assesses the risks in the context of governance and compliance as possible, with a high financial impact. Combined Non-Financial Statement, Social Matters