Internal Control and Risk Management System

The Company has adopted an internal control and risk management system with the aim of ensuring that the main risks concerning Group companies are correctly identified as well as measured, managed and monitored, also determining the degree of compatibility of such risks with a management in line with the strategic objectives identified.

This system undergoes regular assessment and review in relation to the development of business operations and the reference context.

Within the scope of the internal control and risk management system, the Company is equipped with corporate control Functions (Audit, Risk Management and Compliance), which are separate from one another in organisational terms, answer directly to the Board of Directors and operate under the coordination of the Manager in Charge of the Internal Control and Risk Management System.

The Group CEO and General Manager of the Company has been identified as the Manager in charge of supervising the overall functioning and adequacy of the internal control and risk management system, pursuant to the Corporate Governance Code for listed companies.

The corporate control Functions established within the Company carry out their duties for the Company itself and are responsible for the direction and coordination of direct or indirect subsidiaries, pursuant to Article 2359 of the Italian Civil Code.

Other bodies and entities are involved in the Company’s internal control and risk management system, including: the Board of Statutory Auditors, the Board Committees, Senior Management, the Supervisory Board (pursuant to Legislative Decree 231/2001), the Manager in Charge of Financial Reporting, the Anti-Money Laundering Function and the Actuarial Function.

Monitoring activities may not be exclusively assigned to specific departments or the supervisory and control bodies. All operational structures must play a role in verifying the operations carried out, according to different levels of responsibility.

The main roles of the corporate control Functions are described in the relevant sections. 

Key pillars

Audit Function
The Audit Function has the role of assessing the completeness, functionality, reliability and adequacy of the internal control and risk management system.
Risk Management
The Risk Management Function has the role of ensuring the integrated assessment of the various risks, at a Group level.
Compliance
The Compliance Function has the role of assessing, according to a risk-based approach, the adequacy of procedures, processes, policies and internal organisation.