The Snam Group, in line with the indications of the Code of Corporate Governance and international best practices, has instituted, under the direct supervision of the General Counsel, the Enterprise Risk Management (ERM) unit, in order to manage the integrated management process of corporate risks for all Group companies. The main objectives of ERM are to define a risk assessment model that allows risks to be identified, using standardised, group-wide policies, and then prioritised, to provide consolidated measures to mitigate these risks, and to draw up a reporting system. The ERM unit operates as part of the wider Internal Control and Risk Management System of Snam.
With the spin-off of Italgas, Snam’s risk profile changed as a result of the reduction of those risks connected with the specific nature of the distribution business, which is no longer consolidated within the corporate scope, and particularly in regard to uncertainties connected to sector tender processes and end-of- concession redemption values.
INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM
The system we use across the Group to identify, assess, manage and control risk has three levels, each with different objectives and associated responsibilities. The Board of Directors charges the CEO with giving structure to and maintaining the entire system.
We use an integrated, dynamic and group-wide method of assessing risk that evaluates the existing management systems in the individual corporate processes, starting with those relating to the prevention of fraud and corruption and health, safety, environment and quality.
These same controls form an integral part of the managerial processes. Management must therefore foster an environment that encourages controls, and must specifically manage “line controls”, consisting of all the control activities that individual operating units or companies perform over their own processes.
Independent controls are performed by the Internal Audit department, which is responsible for checking that the system is functioning and adequate.
(risk monitoring and control adequacy)
Internal control system
31 May 2017 - 14:42 CEST