Internal Audit and Risk Management System

The internal audit and risk management system plays a key part in the overall Group corporate governance system; it comprises the set of rules, procedures and organisational structures aimed at the effective and efficient identification, measurement, management and tracking of the main risks in order to contribute to the sustainable success of the Group and the individual companies.

This system is subject to regular assessment and review in relation to developments in company operations and the frame of reference.

Within the scope of the internal audit and risk management system, the Company set up the Key Functions (audit, risk management, compliance and actuarial functions) that are separate from one another from an organisational standpoint, that report directly to the Board of Directors and operate under the coordination of the Director in charge of the internal audit and risk management system, identified as the Chief Executive Officer and Group CEO of the Company in accordance with the Corporate Governance Code.

The Key Functions in the Company are allocated to the Audit Function, the Chief Risk Officer (and the Risk Department), the Compliance and Anti-Money Laundering Function and the Actuarial Function respectively, and carry out the activities for which they are responsible for the Company and at Group level.

In its capacity as parent company, Unipol carries out activities of governance, oversight and coordination of the Group companies, in accordance with a principle of proportionality, taking account, inter alia, of the activities carried out, the individual risk profiles and the contribution of each company to the risk profile of the Group as a whole.

The Managers of the Key Functions submit the plan of activities, on an annual basis, for the approval of the company bodies of the Company, and every six months, submit, to said bodies, a report on the activities carried out, the inspections carried out and the results that emerged.

The main duties and responsibilities of the Key Functions are set out in the applicable sections. 

The Anti-Money Laundering Function falls under the Compliance and Anti-Money Laundering Function, and has the duty to continuously check to ensure that the corporate procedures adopted in the Group are in line with the goal of preventing and tackling breaches of laws relating to preventing the risk of money laundering.

Other bodies and parties take part in the internal audit and risk management system of the Company, including: the Board Committees, the Board of Statutory Auditors, the Supervisory Board pursuant to Legislative Decree 231/2001, the Manager in charge of financial reporting, the Data Protection Officer and Senior Management.

The control activities cannot be put into the hands of certain specific offices or supervisory and control bodies only. All the operating divisions have to play a part in checking the transactions they carry out in accordance with the different levels of responsibility.

Fondamental Functions

Audit
Evaluates and monitors the effectiveness, efficiency and adequacy of the internal control system and the additional components of the corporate governance system.
Risk Management
Identifies, measures, assesses and monitors on an ongoing basis the current and future risks to which the Group is or could be exposed and the related interdependencies.
Compliance
Evaluates the adequacy of procedures, processes, policies and internal organization in order to prevent the risk of non-compliance with regulations.
Actuarial Function
Coordinates the calculation of technical provisions, evaluating the adequacy of methodologies, models and assumptions as well as the quality of the data used.