Material organizational risks
HUGO BOSS considers IT risks, personnel risks, and governance and compliance risks to be among the material organizational risks.
IT risks
Smooth business operations with efficient processes are strongly dependent on a powerful and secure IT infrastructure uniformly implemented throughout the Group. Serious failures of the IT system of the Group can result in significant business interruptions. In addition, cyberattacks can lead to major system interruptions, loss of confidential data and the ensuing loss of reputation and liability claims. In order to reduce these risks, preventative system maintenance and security checks are carried out by the central IT department on a regular basis, multi-level security and anti-virus concepts are implemented and job-related access rights are assigned. In addition to this, access control systems, daily data backups of the Group-wide ERP system, an uninterrupted power supply as well as regular online training sessions for staff should increase IT security in the Group. The internal audit department regularly monitors the security and reliability of the IT systems as well as the effectiveness of the control mechanisms which have been implemented.
HUGO BOSS assumes that global cyberattacks will continue to increase in future, and consequently classes it as an “emerging risk”. With the objective of further improving the ability to respond to potential attacks, the Company intends to keep working on the continuous development of its information security program. As part of this development, the Company has implemented a security information and event management system. This security management approach is intended to provide a complete overview of the Group’s IT security. Due to the measures carried out, the Management currently considers the occurrence of IT risks to be unlikely. However, the associated financial impacts could generally be high.
Personnel risks
Achieving the Group’s strategic and financial targets is largely dependent on the skills and commitment of its employees and on safeguarding a fair and value-based corporate culture. Personnel risks mainly stem from recruitment bottlenecks, a shortage of specialists and excessive employee turnover. HUGO BOSS counters this risk with a forward-looking personnel planning, comprehensive development and training measures, the continuous development of its performance-based remuneration system and flexible working models to better combine work and family life. Management therefore assesses personnel risks as unlikely overall, but also as having a significant financial impact. Employees
Governance and compliance risks
All employees of the HUGO BOSS Group are required to comply with the Code of Conduct applicable throughout the Group and the compliance rules applicable in specific areas. All Group companies are subject to regular risk analyses and detailed audits where applicable. Adherence to the compliance rules is monitored by the central compliance division and breaches are reported to the Managing Board and Supervisory Board. Corporate Governance Report including the Corporate Governance Statement, Combined Non-Financial Statement, Anti-Corruption and Bribery Matters
Breaches of data protection laws represent an increased compliance risk. The Group counters this risk using a system that complies with data protection laws and through appropriate technical and organizational measures. All employees are educated on data protection matters through activity-related training courses, the obligation to adhere to the Code of Conduct, and a separate duty of confidentiality. All internal processes and systems for processing personal data are measured on an ongoing basis and continually improved to ensure that they comply with the legal data protection requirements. With the EU General Data Protection Regulation now applicable, since 2018 more focus has been placed on data protection and on the implementation of and compliance with the new changes in the law. Management classifies risks in the context of governance and compliance as unlikely and considers the potential financial risk to be significant. Combined Non-Financial Statement, Social Matters