The Control and Risks Committee consists of three independent, non-executive directors:
Members of the committee hold office until the expiry of their mandate as directors and, therefore, until approval of the financial statements for the year ending 31 December 2017.
The Control and Risks Committee has consultative and advisory functions vis-à-vis the Board of Directors, with the task of supporting, through adequate preliminary analysis, the assessments and decisions of the Board of Directors with regard to adequacy of the internal control and risk management system and definition of its guidelines, as well as those regarding approval of the periodic financial reports.
Within the terms of its competence, the Committee coordinates its activity with that of the following persons and bodies: the Board of Statutory Auditors; the external audit firm; the Head of Internal Audit; the Director in charge of the system of internal control and risk management; and the Manager in charge of financial reporting.
In particular, the committee was assigned the following tasks:
- to assess the action plan drawn up by the head of Internal Audit, and examine the periodic reports that the latter prepares based on the assessment of the system of internal control and risk management, as well as any other reports of particular relevance that are prepared by the Internal Audit function;
- to assess the proper implementation of the accounting standards in use, as well as their suitability for the preparation of the consolidated financial statements. This is to be done in conjunction with the Manager in charge of financial reporting, after consulting with the external auditor and the Board of Statutory Auditors;
- to assess the proposals formulated by the external auditors in order to secure the instruction, the work plan drawn up for the audit and the results presented in the report, as well as oversee the effectiveness of the auditing process;
- to monitor the independence, adequacy, effectiveness and efficiency of the Internal Audit function;
- to ask the Internal Audit function to carry out checks on specific operational areas, and inform the Chairman of the Board of Statutory Auditors of such requests at the time they are made;
- to periodically report to the Board of Directors on the adequacy of the system of internal control and risk management, at least every six months in conjunction with the annual and semi-annual financial reports;
- to provide counsel on specific aspects regarding identification of the company’s main risks and on the design, implementation and supervision of the internal control and risk management system;
- to provide counsel to the Board of Directors on the findings of the external auditors, presented in the letter of recommendation and in the audit report on the key issues that emerged during the audit;
- to provide counsel to the Board of Directors on the appointment and removal of the Head of Internal Audit, as well as on the resources made available to him/her and his/her remuneration.
The Control and Risks Committee held 9 meetings in 2017, each duly recorded in their respective minutes. The meetings were attended at different times by members of the Board of Statutory Auditors, the Head of Internal Audit, the Supervisory and Oversight Body and the Head of Legal and Corporate Affairs, as well as by the audit firm Deloitte & Touche and the Heads of some corporate functions.
As far as the 2016 fiscal year is concerned, the Control and Risks Committee carried out the following activities worthy of note:
- it approved the 2017 Annual Internal Audit Plan for the Company and its subsidiaries – prepared by the Head of Internal Audit – and it checked its implementation.
The 2017 Annual Internal Audit Plan for the Parent Company and its subsidiaries is structured around five types of audits:
1. Operational audit: an analysis of business processes and an assessment of their effectiveness (success rate in reaching objectives) and efficiency (costs, timing, resources employed);
2. Compliance audit: the application of some operational guidelines on the part of the Parent Company and companies in the Group;
3. Compliance 231 audit: the application of Italian Legislative Decree 231/2001, in support of Supervisory Bodies in the Parent Company and its subsidiaries;
4. Financial Audit: the application of Italian Law 262/05, in support of the Financial Reporting Officer;
- it examined the activities carried out by the Internal Audit department in 2017, agreeing with the recommendations made and proposing recommendations of its own; within this context, follow-ups to the Internal Audit inspections were reviewed;
- it examined the activities and structure of the Internal Control Department, not only insofar as the internal audit as per the point above, but also to support the Supervisory Bodies of the Parent Company and the subsidiaries, risk management activities and operating processes;
- it acknowledged the operational guidelines implemented by the Company during the year;
- it examined the preliminary analysis presented by company management, and it approved the impairment testing methodology for the financial statements as at 31 December 2016 adopted by the company. It took cognizance of the fact that the impairment tests’ definitive findings on the potential decline in value of property, plant and equipment, intangible assets and/or equity investments would be subject to specific review and approval on the part of the Board of Directors;
- it reviewed the 2016 annual report and the report for July 2017 prepared by the Risk Management Committee, which did not contain any irregularities;
- it analysed the results of the year’s Risk Assessment process along with the relative Report on the matter, prepared and presented by the Head of Internal Audit. The activity focused on both the Parent Company and its associate companies in Italy and France;
- it took cognizance of the report prepared by the Head of Internal Audit on the self-assessment of the Internal Control and Risk Management system of the Mondadori Group;
- it analysed the findings of the independent auditor as presented in the report on the key issues that emerged during the audit; no failings were observed in the internal control system in terms of financial disclosure, and there were no uncertainties worthy of note regarding business continuity;
- it discussed the document presented by the Head of Internal Audit concerning Italian Legislative Decree 254/2016 – Non-Financial Reporting;
- it shared information with other Board committees and presented updates on projects coordinated by the Independent Directors Committee:
- European General Data Protection Regulation No. 679/2016;
- Non-Financial Reporting, Italian Legislative Decree 254/2016;
- Update on training activities on the Law 231 Frameworks of the subsidiaries;
- it met with the Company’s IT Director to discuss the issue of cyber security;
- it examined the acquisitions and the relative integration processes carried out by the Mondadori Group during 2017;
- it approved the updating of the operating provisions in force within the Mondadori Group.