What is it and how does it work?
The Company adopted an internal control and risk management system, represented by a set of rules, conducts, policies, procedures and organisational structures, designed to ensure, by means of an appropriate process of identification, measurement, management and monitoring of key risks, that the company is run in a manner that is sound and proper and which is aimed at achieving the company’s objectives, with a view to create value for its shareholders in the medium-long term.
The internal control and risk management system contributes to ensure the safeguarding of corporate assets, the efficiency and efficacy of corporate processes, the reliability of information provided to corporate bodies and to the market, compliance with laws and regulations as well as with the Articles of Association and internal procedures.
In this respect, therefore, the internal control system, defined with the purpose of guaranteeing the reliability, accuracy, integrity and timeliness of financial information, must be considered as an integrated element and not a separate one, with respect to the general risk management system adopted by the Company.
This system is integrated into the more general organisational and corporate governance structures adopted by the Company, duly taking into account the existing national and international best practices and relevant reference models, also in light of the evolution of this subject matter.
In particular, the planning, implementation and monitoring activities of the internal control and risk management system defined by IGD are guided by the CoSo Framework method. The Company continuously plans and carries out activities regarding the development and fine-tuning of the system’s components, in order to achieve continuous improvement.
The internal control and risk management system involves, each with their own duties:
- The Board of Directors;
- The Director in charge of establishing and maintaining an effective internal control and risk management system;
- The Control and Risk Committee, an element of the Board of Directors established in accordance with the Corporate Governance Code, whose duty is to support, with adequate preparatory work, the assessments and decisions made by the Board of Directors with regard to the internal control and risk management system, as well as the decisions made regarding the approval of periodic financial reports;
- The Person in charge of internal audit, responsible both for verifying that the internal control and risk management system is adequate and working correctly and for coordinating the Enterprise Risk Management (“ERM”) process;
- The Officer in charge of drawing up corporate financial reports, who by law is responsible for establishing appropriate administrative and accounting procedures for the preparation of financial information documentation;
- The Board of Statutory Auditors, also inasmuch as it is the committee for internal control and financial audit, which supervises the efficacy of the internal control and risk management system;
- The other corporate functions and roles with specific tasks regarding internal control and risk management, organised according to size, complexity and risk profile of the undertaking, including, for example, the Compliance Committee established in accordance with Legislative Decree 231/2001.