Internal control and compliance
Italgas has adopted an internal control and risk management system that ensures compliance with laws and company procedures, safeguards company assets and contributes to the management of activities, providing solidity to the accounting and financial data processed.
In 2016, our Board of Directors, with the support of the Control, and Risk Committee and Related Party Transactions Committee, adopted the internal control and risk management system, understood as the set of rules, procedures and organisational structures aimed at enabling the identification, measurement, management and monitoring of the main risks. The system is periodically updated in order to guarantee its constant suitability to monitor the main risk areas of the business.
Objectives of the internal control system
Ensure
Ensure compliance with laws and company procedures.
Protect
Protect Italgas’ assets.
Manage
Manage activities optimally and efficiently.
Provide
Provide accurate and complete accounting and financial data.
Enterprise Risk Management and business risks
The Enterprise Risk Management (ERM) unit oversees the integrated enterprise risk management process for all group companies. The main objectives of ERM are to define a homogeneous and transversal risk assessment model, identify priority risks, ensure the consolidation of mitigation actions and develop a reporting system. The ERM methodology adopted by the Italgas Ggroup is in line with reference models and international best practices (COSO Framework and ISO 31000).
In order to ensure that the corporate population is increasingly aware of the need to develop a culture attentive to the identification, monitoring and management of the main risks of the company’s business (Risk Based Thinking), training activities on Enterprise Risk Management issues are organised on a regular basis.
Bodies and departments involved
Our internal control and risk management system is based on an integrated model, which clearly identifies the tasks of all the bodies and departments involved and the concrete ways in which they coordinate with each other.
Structure of the system
Risk management is divided into three levels of internal control.
First level
Identification, assessment and monitoring of risks inherent to the individual Group processes. The group departments, which own the individual risks, are responsible for identifying, measuring and managing them, as well as implementing the necessary controls.
Second level
Monitoring of the main risks in order to ensure the effectiveness and efficiency of the management and treatment of said risks, and the adequacy and operability of the controls; support for the first level in defining and implementing adequate systems for managing the main risks and related controls. The staff departments in charge of coordinating and managing the main control systems operate within the second level.
Third level
Independent and objective verification of the operating effectiveness and adequacy of the first and second levels of control and in general ofn the overall risk management procedures. This activity is carried out by the Internal Audit department.