Internal control and compliance
Internal control and compliance
Italgas has adopted an internal control and risk management system that ensures compliance with laws and company procedures, safeguards company assets and contributes to the management of activities, providing solidity to the accounting and financial data processed.
In 2016, our Board of Directors, with the support of the Control, and Risk Committee and Related Party Transactions Committee, adopted the internal control and risk management system, understood as the set of rules, procedures and organisational structures aimed at enabling the identification, measurement, management and monitoring of the main risks. The system is periodically updated in order to guarantee its constant suitability to monitor the main risk areas of the business.
Objectives of the internal control system
Ensure compliance with laws and company procedures.
Protect Italgas’ assets.
Manage activities optimally and efficiently.
Provide accurate and complete accounting and financial data.
Enterprise Risk Management and business risks
The Enterprise Risk Management (ERM) unit oversees the integrated enterprise risk management process for all group companies. The main objectives of ERM are to define a homogeneous and transversal risk assessment model, identify priority risks, ensure the consolidation of mitigation actions and develop a reporting system. The ERM methodology adopted by the Italgas Ggroup is in line with reference models and international best practices (COSO Framework and ISO 31000).
In order to ensure that the corporate population is increasingly aware of the need to develop a culture attentive to the identification, monitoring and management of the main risks of the company’s business (Risk Based Thinking), training activities on Enterprise Risk Management issues are organised on a regular basis.
Bodies and departments involved
Our internal control and risk management system is based on an integrated model, which clearly identifies the tasks of all the bodies and departments involved and the concrete ways in which they coordinate with each other.
The system involves in particular:
The Board of Directors, which plays a guiding role and assesses at least annually (and after consulting the Control, Risk Committee and Related Party Transactions Committee) the adequacy of the internal control and risk management system in relation to the characteristics of the company and the group and the risk profile assumed.
The Chief Executive Officer, identified by the Board as the “director in charge of the internal control and risk management system” pursuant to the Corporate Governance Code. The chief executive officer is called upon to establish and maintain an effective internal control and risk management system, consistent with corporate and process objectives, and is also responsible for ensuring that risk management methods correspond to the defined containment plans.
The Control, Risk and Related Party Transactions Committee, which among other things has the task of supporting, with adequate preliminary work, the evaluations and decisions of the Board of Directors relating to the internal control and risk management system.
The Board of Statutory Auditors, which supervises the effectiveness of the system, also in its capacity as the “internal control and audit committee” pursuant to Legislative Decree No. 39 of 27 January 2010.
The Head of the Internal Audit Department, responsible for checking that the system is functioning and adequate.
BoD, supported by the Control and Risk Committee
- Sets the rules.
- Checks the adequacy and effective functioning of the system.
- Ensures that the main risks are identified and managed.
Board of Statutory Auditors
Oversees the effectiveness of the system
Is in charge of designing, implementing and managing the internal control and risk management system.
Structure of the system
Risk management is divided into three levels of internal control.
Identification, assessment and monitoring of risks inherent to the individual Group processes. The group departments, which own the individual risks, are responsible for identifying, measuring and managing them, as well as implementing the necessary controls.
Monitoring of the main risks in order to ensure the effectiveness and efficiency of the management and treatment of said risks, and the adequacy and operability of the controls; support for the first level in defining and implementing adequate systems for managing the main risks and related controls. The staff departments in charge of coordinating and managing the main control systems operate within the second level.
Independent and objective verification of the operating effectiveness and adequacy of the first and second levels of control and in general ofn the overall risk management procedures. This activity is carried out by the Internal Audit department.
The officer responsible for the preparation of financial reports
In listed companies, the officer responsible for the preparation of financial reports has an essential function of control over accounting and financial reporting, which is fundamental for providing guarantees to institutional investors and savers on the reliability of the reporting.
The officer responsible is appointed by the Board of Directors on the proposal of the chief executive officer, in agreement with the chairman following the approval of the Board of Statutory Auditors. In the case of Italgas, this figure must be chosen from among people who do not hold any office in the administrative or control body or managerial functions in Eni S.p.A. and its subsidiaries, and who do not have any direct or indirect relationship of a professional or financial nature with such companies.
The Board of Directors ensures that the officer responsible has adequate powers and means to exercise the duties assigned to this role, as well as effective compliance with administrative and accounting procedures.
Since 7 May 2018, the officer responsible at Italgas is Giovanni Mercante.