The Internal Audit Department works with the other parties with duties in relation to the internal control and risk management system, including the Risk Management Department and the Supervisory Body, in order to identify and evaluate the greatest areas of risk for the company and its subsidiaries as well as to ensure that the validity, effectiveness and efficiency of the Company's Internal Control and Risk Management System are monitored on an ongoing basis.
To this end, the Internal Audit department:
- carries out audit work as set out in the approved annual audit plan, identifying any shortfalls and contributing to the decisions made regarding improvements to be made with the internal control procedures;
- at the request of the Control and Risk Committee, carries out reviews of specific operational areas;
- at the request of the Director in Charge carries out reviews of specific operational areas and on the compliance of business operations with rules and internal procedures;
- at the request of the statutory auditors, carries out reviews of specific operations areas;
- together with the Risk Management Department, establishes that the methods used to identify and manage risk have been applied correctly.
As part of the Internal Audit Department, the Head of Internal Audit is, in particular, responsible for: - drafting, at least on an annual basis, a work plan (audit plan) based on a structured process of analyses and prioritization of the main risks, which is to be submitted to the Board of Directors for approval, having also been sent to the Board of Statutory Auditors and to the Director in Charge;
- verifying, via the audit plan approved by the Board of Directors, both on a continuous basis and in relation to special requirements, in conformity with international standards, the adequacy and effective functioning of the internal control and risk management system;
- arranging and supervising the additional checks that the Internal Audit Department is asked to carry out, including where in response to a report or request from the Control and Risk Committee, the Director in Charge or the Board of Statutory Auditors;
- drafting periodic reports containing adequate information on his or her own work, and on the company’s risk management process, as well as on compliance with the management plans defined for risk mitigation; such reports contain an evaluation on the adequacy of the internal control and risk management system;
- timely preparing reports on particular significant events or following additional checks requested by the Internal Audit Department;
- submitting the reports referred to above to the chairmen of the Board of statutory auditors, the Control and Risk Committee and the Board of Directors, as well as to the Director in Charge of the Internal Control and Risk Management System;
- verifying, as part of the audit plan, the reliability of the IT systems , including the accounts systems.
The Head of the Internal Audit Department is not responsible for any operational area and is subordinated to the Board of Directors.
The Head of the Internal Audit Department has direct access to all information required in order to carry out his or her role (including documents prepared by any third parties appointed by the company) and has adequate resources in order to carry out his or her duties and responsibilities.
The Head of the Internal Audit Department may exchange information with other bodies and departments in the company and may be invited to attend the relevant meetings.