Print page

Risk management

Group-wide standards ensure successful 
risk management

Successful risk management is founded on Group-wide standards for systematically handling risks. These are set for the HUGO BOSS Group by the Managing Board as part of the risk policy and documented in a risk manual that is applicable throughout the Group and is available for all employees online. Risks are defined as potential, negative deviations from the planned operating result (EBIT) or, in the case of tax and interest risks, cash flow. Clear thresholds describe the risk-bearing capacity of the HUGO BOSS Group and permit a classification of risks into four levels from “low” to “high”. Risks are identified and assessed at regular intervals. Whenever there are critical topics, the regular reporting process is supplemented by ad hoc reporting in order to allow timely analysis of new developments and notification to the Managing Board and Supervisory Board, where appropriate. In addition, the employees of the HUGO BOSS Group are obliged to be aware of risks in their behavior, especially regarding those risks that may threaten the existence of the Group. All risks and the actions taken are systematically recorded using risk management software. This ensures reliable version management and audit trails. The HUGO BOSS Group’s risk management system is designed in accordance with and complies with the recommendations of the international standard ISO 31000.

A dedicated team at the headquarters of HUGO BOSS AG is responsible for the coordination of Group-wide risk management in order to be able to identify risks early and subsequently analyze and monitor them. The team is dedicated to developing the tools of the risk management system further and ensuring that risks are identified Group-wide and recorded at regular, predefined intervals. All information concerning the risks identified in the subsidiaries worldwide converges here allowing its timely aggregation and analysis at Group level. The team continuously communicates with all risk owners so that it is always informed of the latest developments. In another direction, it regularly reports to the Managing Board, supports it in the implementation, execution and monitoring of the risk management and internal control system as well as in the process of reporting to the Audit Committee of the Supervisory Board.

Decentralized risk management in the divisions

Responsibility for risk identification and assessment, adequate handling of uncertainties and the implementation of effective risk mitigation measures is locally assigned to the respective divisions or subsidiaries where risks occur. To this end, a risk expert and a risk owner are defined in each case.

HUGO BOSS risk policy

HUGO BOSS risk policy (graphics)

Risks are handled in four ways: avoidance, mitigation, transfer and acceptance. Consequently, one of the elements of risk management includes the transfer of risks to insurers. This allows the financial consequences of insurable risks to be largely neutralized.

Differentiated risk quantification based on a multiple scenario analysis

The current status of all identified risks is assessed at least once a year or at more frequent half-yearly, quarterly or monthly intervals, depending on the extent of the financial effect. In this process, new developments are documented and the risk assessment is revised if necessary. To this end, an estimate is made of the likelihood of occurrence of risks and the associated effects on the operating result (EBIT) or cash flow. Any net risk as an actual risk potential is defined as the gross risk reduced by measures taken to mitigate the risks identified.

Measurement criteria for business risks

Likelihood of occurrence




Extent of financial impact





≤ 20%




≤ 2.5% of planned EBIT



> 20–40%




> 2.5–5% of planned EBIT



> 40–60%




> 5–15% of planned EBIT

very likely


> 60%




> 15% of planned EBIT

To obtain a more precise view of the potential effects of identified risks, alternative risk scenarios are analyzed for the best, medium and worst case. This permits the inclusion of the potentially substantial effects from extreme scenarios that are unlikely to occur but which could have severe ramifications. The risk owner assigns a weighting to each of the three scenarios to calculate the average impact of a risk occurring on a general basis. This approach allows not only a differentiated view of potential effects, but also thorough analysis of unlikely extreme scenarios that could potentially have a significantly stronger impact on the ability of the HUGO BOSS Group to achieve its objectives. In the latter case, the focus is not so much on preventive measures but on the development of disaster recovery plans to support the rapid restoration of operations after an occurrence actually happens. In addition to the quantification of risk based on a 12-month planning period, a medium-term risk trend is also determined. This indicator is used be able to initiate the development of adequate countermeasures for growing risks promptly. In addition to this trend indicator and scenario assessment, for certain risks there is the option of incorporating a medium- and long-term risk assessment into the risk management software.

The continuous monitoring of early warning indicators enables the Group to identify possible deviations from the budget at an early stage. Reporting chains and the adoption of suitable countermeasures defined in advance ensure timely response in the event of occurrence. All of this information is compiled in the Group-wide risk management software and is available at all times.

This allows the HUGO BOSS Group to identify risks at an early stage and to respond quickly and in a targeted manner. The risk management system is reviewed at regular intervals by the internal audit department to ensure its proper functioning and appropriateness. The Audit Committee set up by the Supervisory Board regularly monitors the effectiveness of the systems of internal control, risk management and internal audit. In the course of the audit of the annual financial statements, the external auditors verify whether the Managing Board has suitably implemented the measures prescribed by Sec. 91 (2) Aktiengesetz (AktG – German Stock Corporation Act).

Risk categories and structure of the risk atlas

A uniform risk atlas is used as a basis for identifying and aggregating risks worldwide. This bundles individual risks by topic into risk areas. The latter are in turn allocated to one of the main risk categories: external risks, strategic risks, financial risks, operative risks and organizational risks.

Risk categories










Overall economy


Collection and industry


Financing and liquidity


Suppliers and sourcing markets



Geopolitical developments


Brands and corporate image


Changes in interest rates





Product piracy









Environment and health






Sales and distribution



Competitive environment








Governance and compliance





Provisions for pensions




Health and safety









Print page