Internal control and compliance
Italgas is fully committed to maintaining an internal control and risk management system that equals international best practices. Compliance includes communication, education, training and monitoring to ensure that laws, regulations and rules are understood and followed.
What is the internal control and risk management system
The internal control and risk management system is all the necessary or useful tools to address, manage and check activities in the company, aimed at
- ensuring compliance with corporate laws and procedures
- protecting corporate assets
- efficiently managing activities
- providing precise and complete accounting and financial information
How Italgas’ internal control and risk management system works
Italgas’ internal control and risk management system is based on an integrated model of controls, with the duties of all involved, and cleary identified procedures for coordination between the control body and operations. Management is primarily responsible for applying the internal control and risk management system, since control activities are an integral part of managerial processes.
Verifying if control and risk management system is adequate and effective
Responsibility lies with the Board of Directors, which, with the assistance of the Control, Risk and Related Parties Transactions Committee, sets rules and periodically verifies the system’s adequacy and effective operation that the main business risks are identified and managed. In its capacity as the “internal control and audit committee”, Italgas’ Board of Statutory Auditors oversees the system’s effectiveness.
The chief executive officer (CEO) has been named by the board as the director responsible for the internal control and risk management system, giving him the duty for its planning, implementation and management.
Risk managed through three organisational levels of internal control
Italgas’ risk management system is comprised of three levels of internal control. Various operating units are involved based on specific allocations of responsibility. These units are set within the corporate structure shown below.
Bodies and Control levels of the control and risk management system
- Process Owner (1° Level)
- Monitoring Unit (2° Level)
- Internal Audit (3° Level)
1° Level This level involves:
Identification, evaluation and monitoring of risks inherent to individual group processes. Located at this level are the departments that bear the individual risks. They are responsible for identifying, measuring and managing them as well as for implementing the necessary controls.
2° Level – This level involves:
- Monitoring of the main risks to ensure they are effectively and efficiently managed and processed
- Monitoring of adequacy and functioning of controls put in place to protect against these main risks
- Support for Level 1 in defining and implementing adequate management systems for the main risks and related controls
This level contains employees responsible for co-ordinating and managing the main control systems including anti-corruzione, antitrust, corporate administrative liabality, disclosure.
3° Level – This level involves:
Independent and objective verification of the operating effectiveness and adequacy of Levels 1 and 2, and of all risk management methods in general.