Annual Report 2023

Topics filter


HUGO BOSS is exposed to a variety of risks. Its risk management system comprises all measures of a systematic and transparent approach towards risks. It aims at identifying risks as early as possible, evaluating them adequately, limiting or avoiding them through suitable measures, as well as monitoring and documenting them. In this context, risks are defined as possible future developments or events that may lead to negative deviations from the planned operating result. All types of risks are grouped into five categories: external, strategic, financial, operational, and organizational risk. The systematic handling of opportunities, on the other hand, is not part of risk management. Opportunities Report

Risk management system

The Managing Board of HUGO BOSS AG has overall responsibility for an effective risk management system. On its behalf, the central Risk Management & Internal Controls department coordinates the execution and continuous development of the risk management system. In this context, it is responsible for the centrally managed risk management process and is in close contact with the respective central departments and Group companies. The relevant risk owners and risk experts are responsible for identifying and evaluating risks, adequately dealing with identified risks, and implementing effective risk mitigation measures. Monitoring the effectiveness of the risk management system is the responsibility of the Supervisory Board of HUGO BOSS. This task is exercised by the Audit Committee of the Supervisory Board with involvement of the Internal Audit department. In this context, risk management at HUGO BOSS is subject to regular internal auditing. As part of the audit of the consolidated financial statements, the external Group auditor assesses the adequacy of the measures implemented in the Company for the early identification of risks to the Company’s ability to continue as a going concern.

Group-wide standards for the systematic handling of risks form the basis of an efficient risk management system. They are set by the Managing Board and documented in a risk manual that is applicable throughout the Group and available to all employees on the Company-wide intranet. All employees of HUGO BOSS are obliged to be aware of the risks posed by their behavior, especially regarding those risks that may threaten the going concern of the Group. The use of a modern risk management software allows for recording and evaluating all identified risks, as well as related measures, in a uniform way throughout the Group. The risk management system of HUGO BOSS is designed in accordance with the international standard ISO 31000.

Main features of the HUGO BOSS risk management system

Risk management process 1. Risk identification 2. Risk evaluation 3. Risk handling Risk owner/Risk expert Managing Board and Supervisory Board Central Risk Management

The risk management process at HUGO BOSS consists of the following four steps: risk identification, risk evaluation, risk handling, as well as risk monitoring and reporting.

To ensure risks are identified at the earliest possible stage, the Group continuously monitors the macroeconomic environment, the competitive landscape in the premium and luxury goods industry, and all internal processes. The central risk management supports all risk owners across the Group with regular identification and efficient categorization of risks using a risk catalog, as well as the risk manual that is available throughout the Group.

Risk owners delegate the regular evaluation of identified risks to the defined risk experts and give their assessment after a thorough evaluation. Risk experts are supported by the central risk management, which also includes regular training, at least once per year, on risk management principles and topic-specific focus areas. Individual risks are evaluated by assessing their likelihood of occurrence and systematically analyzing their potential impact on the planned operating result (EBIT). Tax risks and interest rates, however, are evaluated based on their potential impact on cash flow. Outlook

Risk matrix

(aggregated risks)

Likelihood (within 1 year) Potential impact (in % of planned EBIT) remote unlikely probable certain possible high very high essential moderate low Competition, financing and liquidity Currencies Taxes Changes in interest rates, legal >15% – 30% >30% >5% – 15% >2.5% – 5% 2.5% 10% >10% – 25% >50% – 90% >90% >25% – 50%

The two valuation criteria of likelihood of occurrence and potential impact make up the risk matrix, within which the significance of the risks presented increases from the bottom left to the top right. This is intended to create transparency regarding the Company’s current risk situation and provide support in prioritizing risks. Classification is done by means of summing up all individual risks’ weighted averages of the impact scenarios within the respective risk category (potential impact) as well as the weighted average of likelihoods of all individual risks (likelihood). Any net risk as an actual risk potential is defined as the gross risk reduced by the impact of the respective mitigation measures.

Preparing and implementing appropriate risk mitigation measures is the responsibility of the respective risk owner. In general, risks are handled in four different ways: risk avoidance, risk reduction, risk transfer to third parties, and risk acceptance. One component of risk management is thus the transfer of risk to insurance companies, which is intended to offset the financial impact of insurable risks as far as possible. The costs of the respective measures in relation to their effectiveness are also taken into consideration when deciding how to implement the respective risk management strategy. In close cooperation with the risk owners, the central risk management monitors the progress and effectiveness of planned and already implemented measures.

The current status of all identified risks is assessed twice a year. However, depending on their extent, some risks may be assessed at a higher frequency of up to once a month. As part of the risk monitoring, insights into the latest trends are documented, and risk evaluation as well as risk handling are revised if necessary. The continuous monitoring of early warning indicators is intended to allow possible deviations from the budget to be identified at an early stage. Reporting chains and the adoption of appropriate countermeasures defined in advance aim to ensure a timely response in the event of a risk occurring. Group Management

As part of the regular risk reporting, risk owners report all risks identified to the central risk management, including the respective likelihood of occurrence, the potential financial impact, as well as the risk mitigation measures. The central risk management aggregates the information reported and regularly presents a consolidated report to the Managing Board as well as to the Audit Committee. Substantial individual risks and aggregated risk categories are given particular emphasis. When critical or urgent issues arise, the regular reporting process is supplemented by an ad hoc report.

Assessment of the risk situation by the Managing Board

Development and composition of the total risk exposure

External risks Strategic risks Financial risks Operational risks Organizational risks Risk category Trend¹ Share of total risk (expected value) 12% 18% 47% 8% 15%

As compared to the prior year.

The individual risks are aggregated using two methods to obtain the most accurate possible overview of the total risk position of HUGO BOSS. On the one hand, the expected loss values of all assessed risks within the five risk categories are added together. On the other hand, the probability distributions of all identified risks are aggregated to form a single probability distribution for a possible total loss by means of a Monte Carlo simulation and thus determining maximum annual loss values. The Monte Carlo simulation encompasses risks of all categories, also including non-financial risks. The result of this simulation for fiscal year 2024 shows that, as in the prior year, the Group’s equity is in excess of all simulated risk-dependent loss values, even within the tightest confidence intervals.

The implemented risk management system forms the basis for the assessment of the risk situation by the Managing Board, which reviews the system on a regular basis. Risks with a potential impact classified as at least essential are discussed and evaluated by the Managing Board at regular intervals. While the assessment of individual risks in fiscal year 2023 has changed, mainly due to the development of external conditions as well as the impact of our own countermeasures, the overall risk situation for HUGO BOSS has not changed significantly as compared to the prior year. The Managing Board did not identify any individual or aggregate risks that could jeopardize the continuation of the Company as a going concern at the time this report was prepared.

Illustration of risks

Risks that have been assessed in the risk management process having an at least essential potential impact for HUGO BOSS are explained in more detail below. In general, it is possible that further latent risks or risks currently assessed as immaterial may have a greater adverse effect on the Group’s development in the future than indicated. Regardless of the measures implemented to manage the identified risks, business activity is always exposed to residual risks that cannot be entirely avoided even by a risk management system such as that implemented at HUGO BOSS.

Risk categories

External risks


Strategic risks


Financial risks


Operational risks


Organizational risks

Overall economy






Suppliers and sourcing markets


Governance and compliance

Politics and society






Sales and distribution



Environment and health


Brand and corporate image









Vision and direction


Financing and liquidity





Product piracy




Changes in interest rates













Occupational health and safety

Risks that have an at least essential impact according to the risk matrix are shown in bold and are explained in more detail below. In contrast, risks assessed as only having a low or moderate potential impact are not explained in more detail.