Report on the accounting-related internal control system and the risk management system pursuant to sec. 289 (5) and 315 (2) No. 5 HGB
The system of internal control and risk management of the HUGO BOSS Group, as applied to the financial reporting process and the financial statements closing process, aims to accurately compile, present and assess all business transactions in the accounting records. The clear definition of areas of responsibility in the finance department of HUGO BOSS AG and the proper basic and advanced training of employees together with the deployment of adequate software and issue of uniformly applicable guidelines form the basis for a professional, efficient and consistent financial reporting process. Overall, this ensures that assets and liabilities are accurately recognized, measured and disclosed in the consolidated financial statements and that a reliable statement can be made on the net assets, financial position and results of operations as well as the cash flow.
Accounting-related IT systems
Management controls across all divisions depend on accurate and up-to-date information. Business information and reporting systems are therefore of high importance. In this context, the control quality has improved considerably with the Group-wide introduction of SAP AFS, SAP Retail and the BIS system (Business Intelligence Services system). The BIS system contains numerous KPI reports both for the area of finance and controlling and for all operational areas that can be accessed daily.
The extensive monthly management reporting package is one of the most important reporting tools in the area of finance. As part of the standardized Group-wide reporting, all HUGO BOSS companies supply detailed information on the most important line items of the statement of financial position and the income statement together with KPIs and explanations. In this process, the central finance department sets binding deadlines and content for reporting. Automated and standardized reporting formats are in place for many reporting topics. The central finance and controlling departments have content responsibility in this area. Related tasks include central maintenance of master data for the chart of accounts applicable throughout the Group as well as the continuous review of reporting formats with respect to their observance of the latest applicable international financial reporting requirements. In addition, checks are performed at regular intervals to verify whether business transactions at HUGO BOSS are recorded consistently and corrections made if deviations are detected.
In order to prevent unauthorized access to data of relevance to financial reporting and to ensure the integrity, availability and authenticity of data at all times, the SAP Security Policy (a component of the IT security guideline) was implemented Group-wide. This policy also contains requirements for controls designed to ensure a properly functioning finance organization. The IT security of the accounting-related processes is supplemented by system-enabled controls and workflow-based processes that impose the dual-control principle, suitable segregation of functions and approval processes. This includes invoice verification and approval, the sourcing processes or SAP authorization management.
In addition, the user rights required by employees are defined using roles which describe jobs or positions in the Group. Since 2009, HUGO BOSS has been using a special detection software without exceptions to ensure an appropriate segregation of functions in SAP systems. This compares a user’s authorization profile with a pre-installed SoD (segregation of duties) model. Group-wide authorization management and the definition of roles are likewise performed in the central IT departments of HUGO BOSS AG in Metzingen.
Organization of financial reporting and accounting-related guidelines
All companies of the HUGO BOSS Group are legally independent entities. Apart from the managing director, who is responsible for business operations in the respective market, the finance manager is responsible for all issues of relevance to the company’s financial reporting. The finance manager is also responsible for continuous monitoring of key management indicators, monthly reporting of KPIs to the central finance reporting and the preparation of a three-year plan for the respective market. In addition, the feasibility and viability of new investment projects, particularly in the Group’s own retail business, have to be analyzed and also coordinated with the controlling department at HUGO BOSS AG.
In his capacity as technical supervisor of all finance managers, the CFO of HUGO BOSS AG is authorized to issue directives on and is thus responsible for the Group-wide financial management.
The finance managers and the managing directors of the HUGO BOSS companies confirm on a quarterly basis compliance with defined principles and the execution of management controls through what is referred to as a CFO certificate. Some of these controls are integrated in the ERP software deployed throughout the Group. Reports also have to be submitted regarding the appropriateness of controls for ensuring data integrity and data access protection as well as in the event of fraud or serious infringements of the internal control system.
In addition to providing active support to all divisions and Group companies, the central finance department in Metzingen is responsible for preparing and revising uniform guidelines and instructions for accounting-related processes. This mainly encompasses the preparation and revision of the bad debt allowance policy, an investment guideline, the IAS/IFRS accounting manual and clear intercompany reconciliation requirements.
Questions on specific accounting and valuation matters of relevance to the HUGO BOSS Group are likewise dealt with centrally, where they are analyzed, documented and communicated to the “HUGO BOSS financial community”. In addition, a central e-mail address provides staff the option to address open issues in a timely manner to the central finance and controlling department. Significant accounting and valuation matters and changes to relevant IAS/IFRS and Interpretations are discussed with the auditors of the consolidated financial statements in regular meetings held at least on a quarterly basis. Professional development events are organized at regular intervals, while updates on topics of relevance for financial reporting are communicated in an accounting newsletter and posted in the Finance Forum on the Group’s intranet. Once a year, the finance managers meet at the finance managers’ meeting. In addition, the year-end closing training is held in the fourth quarter. Here, finance and controlling employees from the entire Group are informed about current developments in international financial reporting and consensus is created in all matters relevant to the preparation of the annual financial statements.
The internal audit function is part of the system of internal control and in its oversight function reviews compliance with and the effectiveness of the defined controls. The annual audit plan and its areas of focus are discussed with the Managing Board and Audit Committee. Ad hoc audits can be performed at any time. All audit reports are submitted directly to the CFO and, if necessary, to the Managing Board as a whole. In addition, the internal audit function reports regularly to the Audit Committee.