Internal control functions
The control functions are considered key functions of our organisational system in accordance with Solvency II and are independent from the operational functions.
As a consequence of their independance from the operational functions, they must:
- retain the responsibility for taking the necessary decisions for the proper performance of their duties without interference from others,
- be able to report their results and any concerns and suggestions to the Board without restrictions as to their scope or content from anybody else.
The control functions report directly to the Board and operate in a coordinated way, avoiding overlaps.They also ensure, each with their own decision-making autonomy, the most effective coverage of the main business risks.
The structure supports the Board and the Top Management in devising risk management strategies and defining and measuring monitoring tools, and provides the information required to evaluate the soundness of the ICRMS as a whole by means of an adequate reporting system. The role and position of the Risk Management function is defined in the Group risk management policy, on the basis of the “Group Internal Control and Risk Management System Directives”.
In particular, the Risk Management function:
- assists in establishing the risk management policy and supports the definition of the risk strategy and risk tolerance;
- establishes the risk assessment criteria and methodologies and the results of the evaluations, subsequently notified to the Top Management and the Board;
- for the activities falling within his sphere of responsibility, supports the definition and implementation of the risk policies and the main business processes, including planning, capital management, asset liability management and product development;
- proposes risk operating limits assigned to the operational structures regarding investment and liquidity risks, and establishes the procedures for timely checks on those limits;
- monitors the implementation of the risk management policy and the general risk profile of the Company as a whole;
- coordinates the preparation of the Group Own Risk and Solvency Assessment (ORSA) Report on an annual basis and, in the event of significant variations in the risk profile, during the year.
The need to operate in compliance with statutory and regulatory provisions and the principles laid down by the Group Code of Conduct is an integral part of the culture of our business organisation, which is required to introduce, at each level, controls designed to prevent the risk of penalties, pecuniary losses or damage to reputation resulting from non-compliance with legislation, regulations, orders of the Regulators or provisions of CG codes (known as compliance risks). Within the System, the Group Compliance function has the task of ensuring that the ICRMS is adequate to protect the Company and the Group against such risks.
In particular, Group Compliance pursues the following main objectives:
- supporting the Board in the field of compliance with legislative, regulatory and administrative provisions;
- assessing the possible impacts on the Company’s business of changes in the legislative scenario;
- identifying and assessing compliance risks;
- helping to preserve the Company’s integrity and reputation;
- consolidating awareness of compliance, transparency and responsibility to Generali’s stakeholders;
- supporting the Company’s operations and business to create a sustainable competitive advantage, integrating compliance risk management into everyday activities and strategic planning;
- assessing the appropriateness of the compliance risk management system in terms of the size, complexity, structure and business of the Subsidiaries.
The main task of the Group Actuarial function is to coordinate, monitor and validate the calculation of technical reserves as required by Solvency II. In this context, the head of the actuarial function must submit to the Board, at least annually, his opinion on the adequacy of the calculation of the technical reserves, the underwriting policy and reinsurance agreements, reporting any critical areas identified and recommending suitable corrective measures, if appropriate. Finally, the function contributes to the effective implementation of the risk management system, also in liaison with the risk management function.
Group Audit is an independent function set up by the Board at GHO, with assurance and advisory tasks. The function supports the corporate bodies in achieving their objectives by establishing a disciplined, systematic approach, in order to evaluate and improve the efficacy of the risk management, governance and control processes. The primary role of Group Audit is to assist the Board and the management in protecting the assets, reputation and sustainability of the organisation.
Group Audit has full and prompt access to all the Company’s structures and to the documentation relating to the areas audited, ensuring the confidentiality and protection of corporate data.
At least once a year, after consultation with the RCC, the Group Audit manager submits an Audit Plan to the Board for approval, including the planning of audits for the year to come, the budget and the necessary resources for execution of the plan. The Audit Plan also comprises checks on the reliability of the information systems and the accounting systems, and is developed on the basis of identification of priority areas for audit, using a risk-based method and considering any suggestions from the management and the Board.
Before the Plan is submitted to the Board, it may be discussed with the relevant management. The Audit Plan may be revised and adapted in response to significant changes in the Company’s organisation, the risks to which the Company is exposed, the systems used and the controls. The Board is informed of any significant revision of the Audit Plan as part of the periodic reporting process. The 2017 Audit Plan was approved by the Board at its meeting held on 15 February 2017 after examination by the RCC, and was most recently reviewed at the meeting held on 13 December 2017.
The Group Audit manager reports at least on a quarterly basis to the RCC, submitting a document summarising the audit activities performed and the weaknesses or deficiencies identified during the period in question, and the
progress made in implementing the corrective measures agreed with the management. After examination by the RCC, this document is sent to the chairs of the Board and to the Statutory Auditors and to the ICRM Director. Should particularly serious events occur within the normal reporting cycle, the Group Audit manager immediately informs the management, the RCC, the Board of Directors and the Board of Statutory Auditors.