The work carried out by the Control and Risk Committee is governed by regulations approved by the Board of Directors on 29 January 2007, amended on 1 April 2008, 26 November 2010 and, most recently, 18 December 2012 in order to implement the provisions of the Corporate Governance Code for listed companies (December 2011 edition) in relation to the Internal Control and Risk Management System.
The main activity of the Control and Risk Committee is to assist the Board of Directors with advice, proposals and preparation of proceedings in relation to the activities carried out for the definition of the guidelines of the internal control system and risk management and for the periodical assessment of the adequacy and actual operation of the organisational structure relevant to the internal control system and risk management.
The Committee is required to carry out all of the duties allocated by the Corporate Governance Code to the Control and risk committee and, in particular, to:
- support the assessments and decisions made by the Board of Directors in relation to the Internal Control and Risk Management System as well as those relating to approval of the periodic financial reports, carrying out adequate investigations;
- provide the Board of Directors with its opinion in relation to:
- the definition of the guidelines of the Internal Control and Risk Management System, so that the main risks concerning the Company and its subsidiaries are correctly identified and adequately measured, managed and monitored, and the determination of the level of compatibility of such risks with the management of the company in a manner consistent with its strategic objectives;
- the evaluation, at least on an annual basis, of the adequacy of the internal control and risk management system in the light of the characteristics of the company and its risk profile, as well as its effectiveness;
- the approval, at least on an annual basis, the plan drafted by the Head of Internal Audit;
- the description, with the corporate governance report, of the main features of the internal control and risk management system and the evaluation on its adequacy;
- the assessment of the findings reported by the external auditor in the suggestions letter, if any, and in the report on the main issues resulting from the legal audit;
- provide the Board of Directors with its opinion on:
- the appointment of the Head of Internal Audit and the revocation of that appointment;
- whether that person is provided with adequate resources for the fulfilment of his/her responsibilities;
- whether the Head of Internal Audit's remuneration is consistent with corporate policy;
- evaluate, together with the person responsible for the preparation of the corporate financial documents, after hearing the external auditors and the Board of statutory auditors, the correct application of the accounting principles, as well as their consistency for the purpose of the preparation of the consolidated financial statements;
- express opinions on specific aspects relating to the identification of the main risks for the company;
- review the periodic reports regarding the assessment of the internal control and risk management system, as well as the other reports by the Internal Audit Department that are particularly significant;
- with the support of the Risk Management Department, review trends in relation to the main contracts and the risks related to these on the basis of the summary schedules for those contracts;
- monitor the independence, adequacy, efficiency and effectiveness of the Internal Audit Department;
- where it considers this to be necessary or appropriate, request the Internal Audit Department to carry out reviews of specific operational areas, giving simultaneous notice of this to the Chairman of the Board of Statutory Auditors;
- report to the Board of Directors, at least every six months, on the occasion of the approval of the annual and half-year financial report, on the work carried out, as well as on the adequacy of the internal control and risk management system.
- consider the reports received from the Internal Audit and Risk Management Director on problems and issues relating to the company's Internal Audit and Risk Management System and takes the appropriate steps;
- carry out any additional duties allocated to it by the Board of Directors.
The President of the Board of Auditors or another Auditor designated by the President of the Board of Auditors participates in the work of the Committee; in addition the other members of the Board of Auditors may participate. The Committee has the right to invite to the meetings the Managing Directors and the person in charge of internal control of the Company.