Internal control & risk management
The internal control and risk management system is the set of company rules, procedures and structures that ensure the effective operation of the Company and enable it to identify, manage and monitor the main risks to which it is exposed.
The Board of Directors has approved the principles and basic characteristics of its internal control and risk management system, which describes its purposes, structure, roles and responsibilities.
Role of company functions
Under the internal control and risk management system, the company functions operate according to a “three lines of defence” approach:
- The operational department heads (risk owners) have the task of ensuring correct management of risks correlated with the activities performed and introducing suitable controls, in compliance with the organisational structure and the giudelines issued by the Group CEO, to guarantee implementation of the Internal Control and Risk Management Directives issued by the BoD. The roles and responsibilities of each organisational unit are established in the ambit of the system of delegated powers and the policies approved by the BoD which, apart from some exceptions, are applicable at Group level.
- The group risk management, group compliance and actuarial functions are the second line of defence. They meet the need to guarantee continuous monitoring of the most significant risks to the Company's business and have no operational duties and are solely devoted to guarantee effective risk control. To ensure that the said functions have the necessary independence, their heads report functionally directly to the BoD.
- The group internal audit is the third line of defence and is responsible for monitoring and evaluating the efficacy and efficiency of the Internal Control and Risk Management System. This Function is characterised by strong independence from the business and a high degree of autonomy; the head of the Function does not depend hierarchically on any head of the operational areas, but is answerable directly to the Board of Directors, with direct reporting to its Chairman.