Internal Control Officer

The Board of Directors, following its renewal, with the favourable opinion of the Committee for Internal Control, Risks and Corporate Governance and in line with best practices, based on the proposal made by the Director responsible for the internal control system, has confirmed that the Internal Control Officer is the head of the Internal Audit Department (Mr. Maurizio Bonzi), and the Internal Control Officer reports to the Committee for Internal Control, Risks and Corporate Governance and to the Board of Statutory Auditors (to which the Officer reports functionally).

The Internal Control Officer is responsible for verifying that the internal control system is always adequate and fully operational.

The internal control system is completed by a planning and control system structured by sector and operating unit that produces a detailed monthly report for the Executive Office to provide the Office with a useful tool to supervise specific activities.

Furthermore, the Directors with strategic business responsibilities and Directors responsible for specific services and functions sit on the Boards of Directors of the principal subsidiary companies in order to pursue the strategies and policies adopted by the Parent Company.

Moreover, the Group Compliance Function has been fully implemented and reports to the Director of Legal and Corporate Affairs and Group Compliance, which is therefore separate from the Internal Audit Department, called on to collaborate with the other group departments to assure the constant alignment of the internal standards, processes, and more in general, the Company’s business activities with the applicable regulatory framework.

In line with best practices the Group Compliance function is responsible for monitoring the risk of not complying with the laws, regulations and in general, with legislation, also self-regulatory, in order to avoid legal and administrative sanctions, or significant financial losses or damage to reputation.

The internal control system is rendered even more effective by the procedure to notify breaches, suspected breaches and induction to breach laws and regulations; the principles sanctioned in the Ethical Code; the internal control principles; company standards and procedures and/or any other action or omission that may directly or indirectly give rise to an economicequity loss, or also reputational damage for the Group and/or its companies.

The Procedure envisages an express protection concerning any kind of reprisal against persons that identify such breaches or employees who collaborated to investigate the validity of the notification.

Internal Audit Department

The Internal Audit Department (managed by Maurizio Bonzi as has been mentioned) plays a significant role in the internal control system with the principal task of assessing the adequacy and functional operation of Pire lli’s control and corporate governance processes through independent insurance and consultancy activities, also in relation to the activity performed for the subsidiaries. The Internal Audit Department’s activity is performed in line with the mandate received and duly approved by the Committee for Internal Control and Corporate Governance, in relation to the following aspects:

  • mission;
  • targets and responsibilities (independence, complete access to information, field of activity, disclosure of results);
  • improving the quality of the internal audit activities; principles of professional conduct;
  • professional reference standards.

The Internal Audit Manager reports hierarchically to the General Counsel and functionally to the Committee for Internal Control, Risks and Corporate Governance and to the Board of Statutory Auditors and at the Date of the Report the Department includes 16 persons of five different nationalities with an average of 6 years experience in the Department (excluding the Internal Audit Manager).

The Internal Audit Department operates on the basis of an annual Audit Plan approved in advance by the Committee for Internal Control, Risks and Corporate Governance.

The Audit Plan referred to the 2012 financial year envisages audits in 22 countries in all the various continents, involving more than 20 thousand hours work.

The companies and corporate departments “subject” to possible audits are identified once a year to define the Audit Plan and these are subsequently classified in relation to the need to ensure “coverage” and their respective degree of risk. The following factors are involved in defining the ranking: (i) the level of control identified in the previous audits performed in the specific company and/or organisational unit; (ii) the “vulnerability” factor in relation to specific assessments which take into account, by way of example, country risk, market risk, the size and organisational complexity, recent organisational changes made, the extent of any critical aspects identified, the time that has elapsed since the last audit (iii) the Company’s impact on the Group in relation to the consolidated data, in terms of the operational results or the invested capital, as well as (iv) the risk assessment activities performed during the previous financial year.

The Audit Plan evidently does not have a rigid structure, since the Plan can be integrated during the financial year in relation to specific control requirements.