Avon 2015 Annual Report Download - page 27

Download and view the complete annual report

Please find page 27 of the 2015 Avon annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 140

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140

A failure, disruption, cyberattack or other breach in the security of an IT system or
infrastructure that we utilize could adversely affect our business and reputation and increase
our costs.
We employ IT systems to support our business, including systems to support financial reporting, web-based tools, an enterprise resource
planning (“ERP”) system, and internal communication and data transfer networks. We also employ IT systems to support Representatives in
many of our markets, including electronic order collection, invoicing systems, shipping and box packing, social media tools, mobile
applications and on-line training. We have e-commerce and Internet sites, including business-to-business websites to support
Representatives. We use third-party service providers in many instances to provide these IT systems. Over the last several years, we have
undertaken initiatives to increase our reliance on IT systems which has resulted in the outsourcing of certain services and functions, such as
global human resources IT systems, call center support, Representative support services and other IT processes. For example, we recently
announced that we intend to outsource four areas of the Company’s IT infrastructure. Our IT systems and infrastructure, as well as those of
third parties, are integral to our performance.
Any of our IT systems and infrastructure, or those of our third-party service providers, may be susceptible to outages, disruptions, destruction
or corruption due to the complex landscape of localized applications and architectures as well as incidents related to legacy or unintegrated
systems. These IT systems and infrastructure also may be susceptible to cybersecurity breaches, attacks, break-ins, data corruption, fire,
floods, power loss, telecommunications failures, terrorist attacks and similar events beyond our control. We rely on our employees,
Representatives and third parties in our day-to-day and ongoing operations, who may, as a result of human error or malfeasance or failure,
disruption, cyberattack or other security breach of third party systems or infrastructure, expose us to risk. Furthermore, our ability to protect
and monitor the practices of our third-party service providers is more limited than our ability to protect and monitor our own IT systems and
infrastructure.
Our IT systems, or those of our third-party service providers may be accessed by unauthorized users such as cyber criminals as a result of a
failure, disruption, cyberattack or other security breach, exposing us to risk. As techniques used by cyber criminals change frequently, a
failure, disruption, cyberattack or other security breach may go undetected for a long period of time. A failure, disruption, cyberattack or
other security breach of our IT systems or infrastructure, or those of our third-party service providers, could result in the theft, transfer,
unauthorized access to, disclosure, modification, misuse, loss, or destruction of Company, employee, Representative, customer, vendor, or
other third-party data, including sensitive or confidential data, personal information and intellectual property. For example, the Company
uses a newswire service that has been subject to the hacking of not-yet-issued press releases by hackers in order to trade on securities using
the information contained in such press releases.
We are investing in industry standard solutions and protections and monitoring practices of our data and IT systems and infrastructure to
reduce these risks and continue to monitor our IT systems and infrastructure on an ongoing basis for any current or potential threats. Such
efforts and investments are costly, and as cyber threats continue to evolve, we may be required to expend significant additional resources to
continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. As a
company that operates globally, we could be impacted by commercial agreements between us and processing organizations, existing and
proposed laws and regulations, and government policies and practices related to cybersecurity, privacy and data protection.
Despite our efforts, our and our third-party service providers’ data, IT systems and infrastructure may be vulnerable. There can be no
assurance that our efforts will prevent a failure, disruption, cyberattack or other security breach of our or our third-party service providers’ IT
systems or infrastructure, or that we will detect and appropriately respond if there is such a failure, disruption, cyberattack or other security
breach. Any such failure, disruption, cyberattack or other security breach could adversely affect our business including our ability to expand
our business, cause damage to our reputation, result in increased costs to address internal data, security, and personnel issues, and result in
violations of applicable privacy laws and other laws and external financial obligations such as governmental fines, penalties, or regulatory
proceedings, remediation efforts such as breach notification and identity theft monitoring, and third-party private litigation with potentially
significant costs. In addition, it could result in deterioration in our employees’, Representatives’, customers’, or vendors’ confidence in us,
which could cause them to discontinue business with us or result in other competitive disadvantages.
In addition, there may be other challenges and risks as we upgrade, modernize, and standardize our IT systems globally. For example, in the
past in Brazil, we experienced challenges in implementing an ERP system which impacted service levels, which in turn negatively impacted
average order and Active Representative and revenue growth during 2011.
A V O N 2015 15
7553_fin.pdf 17