The Control and Risk Committee acts in an advisory role in relation to the Board of Directors, making proposals and carrying out the preparatory work in the main in relation to the work involved in establishing the internal control and risk management system guidelines and the periodic assessment of the extent to which the organisational framework is adequate and operates effectively where that system is concerned.
The Control and Risk Committee is required to carry out all of the duties allocated by the Corporate Governance Code to the Audit and Risk Committee and, in particular, to:
- support, having carried out adequate investigations, the assessments and decisions made by the Board of Directors in relation to:
- the Internal Control and Risk Management System and
- approval of the periodic financial reports;
- provide the Board of Directors with its opinion in relation to:
- the definition of the guidelines of the internal control and risk management system, so that the main risks concerning the company and its subsidiaries are correctly identified and adequately measured, managed and monitored, and the determination of the level of compatibility of such risks with the management of the company in a manner consistent with its strategic objectives;
- the evaluation, at least on an annual basis, of the adequacy of the internal control and risk management system, taking into account the characteristics of the company and its risk profile, as well as its effectiveness;
- the approval, at least on an annual basis, of the work plan drafted by the Head of Internal Audit;
- the description, within the corporate governance report, of the main features of the internal control and risk management system and the evaluation on its adequacy;
- the assessment of the findings reported by the external auditor in the suggestions letter, if any, and in the report on the main issues resulting from the audit;
- provide the Board of Directors with its opinion on:
- the appointment of the Head of Internal Audit and the revocation of that appointment;
- whether that person is provided with the adequate resources for the fulfilment of his/her responsibilities;
- whether the Head of Internal Audit's remuneration is consistent with corporate policy;
- evaluate, together with the person responsible for the preparation of the corporate financial documents, after hearing the external auditors and the Board of Statutory Auditors, the correct application of the accounting principles, as well as their consistency for the purpose of the preparation of the consolidated financial statements;
- express opinions on specific aspects relating to the identification of the main risks for the company;
- review the periodic reports regarding the assessment of the internal control and risk management system, as well as the other reports by the Internal Audit Department that are particularly significant;
- with the support of the Risk Management Department, review trends in relation to the main contracts and the risks related to these on the basis of the summary schedules for those contracts, asking the Risk Manager for further information on the most significant and problematic projects;
- monitor the independence, adequacy, efficiency and effectiveness of the Internal Audit Department;
- where it considers this to be necessary or appropriate, request the Internal Audit Department to carry out reviews of specific operational areas, giving simultaneous notice of this to the Chairman of the Board of Statutory Auditors;
- report to the Board of Directors, at least every six months, on the occasion of the approval of the annual and half-year financial report, on the work carried out, as well as on the adequacy of the internal control and risk management system;
- consider the reports received from the Director in Charge on problems and issues relating to the company's Internal Audit and Risk Management System and take the appropriate steps;
- carry out any additional duties allocated to it by the Board of Directors.
The Control and Risk Committee also carries out the duties of the Committee for Related Party Transactions as referred to in the procedure for transactions with related parties adopted pursuant to Article 4 of Consob Regulations 17221 of 12 March 2010 (as subsequently amended), and exercises the relevant powers.
In carrying out the duties assigned to it, the Control and Risk Committee may examine and discuss with management and the Head of the Internal Audit Department, the more significant findings, the reasons provided and any difficulties encountered during the course of its work, and may also be assisted by the company's employees and external consultants, on condition that they provide sufficient undertakings regarding confidentiality.
The Control and Risk Committee promptly exchanges information that is relevant in carrying out its work with the other bodies and departments in the company that have duties regarding internal control and risk management.