HUGO BOSS considers governance and compliance risks, IT risks, personnel risks, and facility risks to be among its main organizational risks.
Governance and compliance risks
All HUGO BOSS employees are required to comply with the Code of Conduct applicable throughout the Group and the compliance rules applicable in specific areas. The Group companies are subject to regular risk analyses and detailed audits where applicable. Adherence to the compliance rules is monitored by the central Compliance division and breaches are reported to the Managing Board and Supervisory Board. Corporate Governance and the Corporate Governance Statement, Combined Non-Financial Statement, Anti-Corruption and Bribery Matters
Breaches of data protection laws represent a substantial compliance risk. The Group counters this risk using a system that complies with data protection laws and through appropriate technical and organizational measures. All employees are educated on data protection matters through activity-related training courses, the obligation to adhere to the Code of Conduct, and a separate duty of confidentiality. All internal processes and systems for processing personal data are measured on an ongoing basis and continually improved to ensure compliance with legal data protection requirements. Combined Non-Financial Statement, Social Matters
IT risks
Smooth business operations with efficient processes are strongly dependent on a powerful and secure IT infrastructure uniformly implemented throughout the Group. Serious failures of the Group’s IT system may result in significant business interruptions. In addition, cyber attacks can lead to major system interruptions, loss of confidential data, and the ensuing loss of reputation and liability claims. In order to reduce these risks, preventative system maintenance and security checks are carried out by the central IT department on a regular basis, multilevel security and antivirus concepts are implemented, and job-related access rights are assigned. In addition to this, access control systems, daily data backups of the Group-wide ERP system, an uninterrupted power supply, as well as regular online training sessions for staff all aim at increasing IT security within the Group. The Internal Audit department regularly monitors the security and reliability of the IT systems as well as the effectiveness of the implemented control mechanisms.
HUGO BOSS assumes that global cyber attacks will continue to increase in the future, and consequently regard them as an “emerging risk.” With the objective of further improving the ability to respond to potential attacks, the Company aims to keep working on the continuous development of its information security program. In this context, the Company has implemented a dedicated security information and event management system, which is intended to provide a complete overview of the Group’s IT security.
Personnel risks
Achieving our strategic and financial ambition is largely dependent on the know-how, commitment, and performance of our employees. Ensuring a fair and value-based corporate culture is intended to provide a strong foundation for this. Personnel risks mainly relate to recruitment bottlenecks, shortages of specialists, and excessive employee turnover. HUGO BOSS counters this risk with a forward-looking personnel planning, comprehensive development and training measures, the continuous development of its performance-based remuneration system, and flexible working models to better combine work and private life and to promote employer attractiveness. To measure employee engagement on a regular basis, HUGO BOSS conducts an annual employee survey in cooperation with Great Place to Work Germany. In this context, in 2022, the overall satisfaction improved further to 78% (2021: 76%). The Company has set itself the goal to maintain a strong level of at least 75% of overall satisfaction also in the years to come. Employees and Teams
Facility risks
The global business operations of HUGO BOSS are subject to facility risks that may result from physical interruptions of operational processes, in particular at the Group’s own production sites. These interruptions could be caused, among others, by natural disasters, fire, terrorist attacks, or vandalism. In order to be able to respond promptly and appropriately in such an event, HUGO BOSS has established a central emergency management system, aimed at ensuring efficient coordination with clear decision-making paths. For the Group’s largest production site in Izmir (Turkey), contingency plans are in place to transfer production to external suppliers, for example, in the event of an earthquake. In addition, the risks associated with such events are partially covered by insurance policies. Risk Report, External Risks Risk Report, Operational Risks