The risk governance system

The Board evaluates the acceptable riskIn July 2009, the Board of Directors examined and approved a new model to monitor and manage the risks which are liable to prejudice the achievement of Pirelli’s strategic objectives, also in line with international best practices and with the suggestions which emerged from the self-evaluation process referred to the 2008 financial year.

The Board deemed it appropriate to adopt a structured risk management process that, on the one hand, enables the risks to be identified promptly and completely, and on the other hand, permits the adoption of adequate measures to “manage” the risks in terms of anticipating the risks and pro-active measures, rather than simply taking reactive measures, considering the accelerating pace of economic changes, the complexity of management activities and the recent changes in laws and regulations relating to corporate governance and internal control.

In particular, the Board evaluated the importance of identifying the risks before they manifest themselves and the adoption of business choices and suitable tools to avoid such risks, to reduce their impact, and more in general, “to manage them”, granted that the assumption of risk represents a key component of business. In line with this philosophy, the new integrated risk governance model (Enterprise Risk Management) has the following aims:

  • “to manage” risks in terms of prevention and mitigation;
  • “to seize” proactively the opportunity factors;
  • to disseminate the “culture” of the value of risk within the Company, in particular, in the strategic planning and operating processes and in the most significant business choices;
  • to assure transparency in relation to the risk profile assumed and the management strategies implemented, based on periodic and structured reporting to the Board of Directors and to the Top Management and adequate information to the shareholders, and more in general, to the so-called stakeholders.

In harmony with these aims, Pirelli’s Enterprise Risk Management is:


  • enterprise-wide: extended to all types of potentially significant risks/opportunities;
  • value-driven: focused on the more significant risks/opportunities in relation to their capacity to prejudice the achievement of Pirelli’s strategic objectives or to erode critical corporate assets (so-called Key Value Drivers);
  • top-down: the Top Management identifies the priority risk areas and the events of greatest impact for the business;
  • quantitative; where possible, based on an accurate measurement of the impacts caused by the risks on the expected economic/financial results in relation to their probable occurrence.
  • integrated in the decision-making/business processes and, in particular, in the strategic planning and operational process.

It is important to observe that the Board of Directors plays a central role with reference to the “governance” of the new model. Indeed, the Board is responsible for supervising the risk management process so that the risks assumed in the business are consistent with the strategies (so-called monitoring action). Furthermore, the Board defines the attitude to risk (so-called identification of the “acceptable risk threshold”) and establishes the guidelines to manage the risks which may “interfere with” or prejudice achieving the business objectives or erode critical corporate assets, in line with its top management and strategic policy-making mission.

In view of the above, the Board redefined the responsibilities and composition of the Committee for Internal Control and Corporate Governance in 2009, and the Committee was renamed as follows: “Committee for Internal Control, Risks and Corporate Governance” and the Committee’s composition was extended to 5 Board Members.

In particular, the Committee for Internal Control, Risks and Corporate Governance supports the Board (i) in the periodic identification and assessment of the principal risks relating to the Company and its subsidiaries, at least once a year, to ensure these risks are monitored correctly (Annual Risk Assessment) (ii) in defining the mitigation plans, and in general, the “risk governance” and updating them periodically, at least once a year (Annual Risk Management Plan) in order to maintain the overall levels of exposure to risk within the risk threshold assessed by the Board of Directors as being “acceptable” (risk appetite), based on the proposal made by the Committee concerned).

The Board of Directors is supported by the Risk Management Committee (chaired by the General Counsel and composed of the Chief Operating Officer; Finance Manager; Group Control Manager; Internal Audit Manager; Legal and Corporate Affairs and Group Compliance Manager; Investor Relations Manager and the Senior Advisor Human Resources).

The Risk Management Committee has the following responsibilities (i) to adopt and promote a systematic and structured process to identify and measure the risks; (ii) to examine the information concerning internal and external, existing and future risks to which the Group is exposed; (iii) to propose strategies to respond to the risk in relation to the overall and detailed exposure to the various categories of risks; (iv) to propose the implementation of a risk policy in order to guarantee that the risk is reduced to “acceptable” levels; (v) to monitor the implementation of the strategies adopted in response to the risk defined and compliance with the risk policies adopted.

The Managerial Committee avails itself of the Sustainability and Risk Governance Department (managed by Filippo Bettini) that includes the Risk Officer (Ms. Alessia Carnevale) who coordinates the assessment process and guarantees the on-going monitoring of the Company’s and the Group’s exposure to the principal risks, while monitoring the effective implementation of the mitigation plans in the individual company departments and organisational units.

Pirelli’s Enterprise Risk Management model forms part of three key phases in the decisionmaking process:

  • strategic planning (medium/long term);
  • operational planning (annual and quarterly);
  • new investment projects.

Risk analysis in strategic planing

Risk analysis and risk measurement accompany the medium/long term planning process that is concluded with the presentation of the threeyear plan to the investors.

The methodology adopted is structured into three macro-phases:

  • (i) definition of the risk model;
  • (ii) risk analysis;
  • (iii) risk management.

Pirelli’s Risk Model is a model that is used to represent the risk portfolio to which the Group is exposed, and is based on two key areas:

  • Strategic Risks, which are closely linked to Pirelli’s objectives and to the strategic choices. This category includes the risks associated with the developments of the “external scenario” in which Pirelli operates and some risks stemming from internal factors (financial risks, risks associated with typical business processes and risks associated with human resources and the organisation).
  • Transversal Risks, which can always impact the operational activities, regardless of the strategies currently implemented. This area includes the business interruption risks, risks associated with the IT systems, risks linked with compliance with laws and regulations and the risks linked with the financial reporting process.

The Managerial Committee identifies the priority risk areas in relation to the industrial plan’s objectives and the strategic lines (key value driver) with reference to the Risk Model (for example: raw materials/commodities, economic situation, competitors, exchange rates), these areas are examined in greater detail in the subsequent Risk Analysis phase. The significant production sites for the Group’s growth strategies and the information systems to support the core processes are also identified in relation to the Business Continuity and Information Technology transversal risks.

The Risk Management Committee defines the risk analysis methods and establishes the metrics to measure the risk events, in particular:

  • the economic and financial reference parameters to measure the risks and their impacts (PBIT, Cash Flow and financial/tax charges);
  • the probability scales;
  • the references to assess the maturity level of the existing risk management systems (referred to the level of protection from risk in relation to the existence of management and control procedures/ processes, monitoring/reporting tools and the responsibility and “ownership” of the defined risk).

The priority risk areas are analysed and discussed with the Senior Management in order to identify specific risk scenarios/events for which the region/country and business function Managers are required to assess the exposures. Statistical inference techniques are applied to some risk events which are especially significant for Pirelli to build possible development scenarios as an alternative to the scenarios considered when the industrial plan was defined in order to evaluate the “strength” of its assumptions and the possible impacts on the expected results.

The use of quantitative metrics to measure the impact permits an aggregation of the risks and a representation of the Group’s overall exposure to risk (so-called Profit@Risk).

The Risk Management Committee assures that the following aspects are defined in relation to the so-called Profit@risk:

  • the target levels of exposure to priority risks;
  • the risk management strategies, in line with the existing risk appetite (transfer, reduce, eliminate, mitigate the risk);
  • the plans of action and the “management” policies to maintain the levels of exposure within the “target” limits.

The Board of Directors takes into account the quantified risks and opportunities during the phase to approve the three-year plan and verifies that the volatility of the economic and financial results falls within the defined tolerance threshold.

The causes of risk and the existing risk management structure are analysed in relation to the most significant risk events, in terms of the following aspects:

  • risk management strategies, policies and processes;
  • organisational protections;
  • supporting monitoring/reporting tools and information systems in order to define targeted risk mitigation plans.

The three-year plan targets and the strategic choices which the plan reflects are also submitted to “stress tests” to verify the Group’s economic, financial and equity “capacity” at the occurrence of uncertainty phenomena which cannot be readily “weighed” using probabilistic factors.

The Group’s overall exposure to priority risks and the respective mitigation strategies and actions are contained in the Annual Risk Assessment and Management Plan.

The Risk Officer assures the implementation of the agreed mitigation plans and the on-going monitoring of the exposure to priority risks and the Risk Officer can also propose a redefinition of the current recovery plans (if they are inadequate) and an analysis of any possible emerging risks.

Risk analysis in the annual and quarterly operational planning

The high volatility of the principal economic and financial variables (price of raw materials, exchange rates, trend of reference markets, pricing trend) has entailed supplementing the “traditional” reporting tools with a quarterly measurement of the volatility of the expected profit in relation to the risk events or opportunities which may produce a change compared to the targets or the best renewed forecasts.

The profit@risk review is subject to a quarterly report to the Top Management and supports the Top Management in the timely identification of the market trends and a possible “realignment” of the strategic actions.

The review is submitted to the Committee for Internal Control and Corporate Governance during the year.

Risk analysis in investment projects Pirelli’s risk model was developed further during 2011, becoming a support tool in the decision- making process relating to investment initiatives.

The set of characteristic information for the traditional analysis of investment projects was supplemented with the “risk dimension” based on:

  • a detailed analysis of the economic, political, safety and operational risk of the country where the investment is intended to be made;
  • the estimate of the “risk adjusted” cash profiles generated by the investment and the degree of volatility of the Net Present Value (NPV@risk) in relation to the events which are able to generate changes to the business plan results.

The inclusion of the risk variable in the analysis of investment projects and the possibility of comparing them with the expected returns, will contribute to:

  • enhance further the Top Management’s awareness and guide the risk management strategies;
  • permit a comparative evaluation of the investment initiatives to be made. Pirelli’s Risk Model was evaluated as the best-inclass in 2011 in the “Autoparts and Tyres” sector by the SAM Group in an assessment for the Dow Jones Indexes in 2011.

Risk Management and internal control system in relation to the financial reporting process

The Company has implemented a specific and structured risk management and internal control system supported by a dedicated IT application, in relation to the process to prepare the separate and consolidated half-yearly and annual financial reports.

In general, the internal control system implemented by the Company is designed to assure the protection of the Company’s assets, compliance with the laws and regulations, the efficiency and effectiveness of the Company’s operations in addition to the dependability, accuracy and timeliness of the financial reporting.

In particular, the process to prepare the financial reports is based on adequate administrative and accounting procedures, performed in compliance with the criteria established by the Internal Control – Integrated Framework issued by the Committee of Sponsoring Organisations of Tradeway Commission.

The administrative and accounting procedures involved to prepare the Financial Statements and every other financial communication are prepared under the responsibility of the Responsible Officer assigned to prepare the corporate and accounting documents (F. Tanzi), who, together with the Chairman of the Board of Directors certifies their adequacy and effective application at the time of the annual and consolidated Financial Statements and the halfyearly financial report.

The significant Companies and Processes which supply and generate economic, equity or financial information have been mapped out to permit certification by the Responsible Officer.

The significant Group Companies and Processes are identified annually on the basis of quantitative and qualitative criteria. The quantitative criteria consist in identifying the Group Companies which represent a higher aggregate value at a given materiality threshold in relation to the selected processes.

The qualitative criteria consist in an examination of the processes and companies which may present potential areas of risk, even though they do not meet the quantitative parameters described above, based on the assessment performed by the Chief Executive Officers and by the Chief Financial Officer of the business sectors involved.

The control risks and targets associated with preparing the Financial Statements and the respective information and the effectiveness and efficiency of the internal control system, in general, were identified for each process selected.

Precise audit activities were identified and specific responsibilities were assigned for each control objective.

A system to supervise the controls performed was implemented based on a mechanism involving a chain of certifications; any critical situations which may emerge in the evaluation process become the subject of plans of action for which implementation is verified in the subsequent year-end activities.

Lastly, a procedure has been envisaged in which, once every quarter, the Chief Executive Officers and the Chief Financial Officer of the subsidiary companies issue a declaration of reliability and accuracy of the data transmitted for the purposes of preparing the Group’s consolidated Financial Statements.

The results of the audit activities are discussed by the Chief Financial Officers of the respective Sectors with the Responsible Officer prior to the date of the Board of Directors’ meetings which approve the consolidated data as of 30 June and 31 December.

In essence, a system of on-going and systematic controls has been adopted that provides a reasonable degree of certainty regarding the dependability of the information and the economic and financial reporting.

The Internal Audit Department performs periodic audits to determine the adequacy of the design and operation of the controls on companies and processes chosen randomly, selected on the basis of materiality criteria.

On the basis of the periodic reports the Responsible Officer reported on the System’s efficiency to the Board of Directors through the Committee for Internal Control, Risks and Corporate Governance. Moreover, the same Officer, together with the Chairman of the Board of Directors provided the certification envisaged under Article 154-bis, paragraph 5 of the Unified Finance Law (TUF).