The system of internal control and risk management is the set of rules, procedures and organisational structures established to enable the identification, measurement, management and monitoring of the main risks.
The guidelines for the system of internal control and risk management are defined, with the assistance of the Control and Risks Committee, by the Board of Directors. The approach of reference for the definition of the guidelines is that known as Enterprise Risk Management (ERM).
Director in charge of the system of internal control and risk management
• The Board of Directors has appointed the chief executive as the Director in charge of the internal control system and risk management. The role is to ensure, also with the coordination of the Internal Auditing function, the identification of key business risks and the management of the system of internal control and risk management, taking into account the characteristics of the Group’s activities, and reporting to the Control and Risks Committee or the Board also regarding any issues arising.
Head of Internal Auditing
Paolo De Benedetti has been appointed as Head of the Internal Auditing function, with the task of monitoring, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the operation and the adequacy of the system of internal control and risk management, through an audit plan approved by the Board of Directors, based on a structured analysis and prioritisation of key risks.
The Head of Internal Auditing has direct access to all the relevant information for the effective exercise of the role, which foresees:
· the preparation of periodic reports containing adequate information about the work, the way in which risk management is conducted, as well as compliance with the plans predisposed for their reduction; periodic reports contain an assessment of the adequacy of the system of internal control and risk management;
· the timely preparation of reports on events of major importance;
· the transmission of the above reports to the chairman of the Board of Statutory Auditors, the chairman of the Control and Risks Committee and the chairman of the Board of Directors, as well as to the Director in charge of the system of internal control and risk management;
· the verification, as part of the audit plan, the adequacy of information systems, including systems used for accounting purposes.