The Risk Management and Internal Control Committee provides its preliminary opinion to the Board of Directors on:
- The guidelines of the internal audit and risk management system;
- The suitability of the risk management and internal control system with respect to the company’s characteristics and the risk profile assumed, and its effectiveness;
- The work plan prepared by the Head of the internal audit department;
- The main characteristics of the internal control and risk management system and its suitability;
- The results presented by the external auditor in the letter of recommendations, if any, and in the report on the main issues which came up during external audit.
The Risk Management and Internal Control Committee provides its favourable prior opinion (which is binding) regarding the appointment and dismissal of the Head of the internal audit department and the allocation of adequate resources by the Board of Directors.
When assisting the Board of Directors, the Risk Management and Internal Control Committee:
- Assesses, together with the Financial Reporting Officer, and having heard the opinion of the external auditor and the Board of Statutory Auditors, the correct application of accounting standards and their uniformity for the purpose of preparing the consolidated financial statement;
- Expresses opinions on specific aspects regarding the identification of the main business risks;
- Examines the periodical reports covering the evaluation of the internal audit and risk management system, and those of particular significance prepared by the internal audit department;
- Monitors the autonomy, suitability, effectiveness and efficiency of the internal audit department;
- May ask the internal audit department to carry out checks on specific operational areas, notifying the President of the Board of Statutory Auditors at the same time;
- Examines the annual plans of the control functions and the reports on their implementation;
- Identifies and proposes, with the contribution of the Appointments Committee, the heads of the company control functions to be appointed;
- Contributes, through assessments and opinions, to defining the company’s policy on any outsourcing of company control functions;
- Ensures that all company control functions correctly in accordance with the indications and guidelines approved by the Board of Directors and assists the latter in developing the coordination document for the control functions and for the company/group internal audit and risk management system in general.
With particular reference to tasks relating to risk management and control, the Risk Management and Internal Control Committee performs support functions for the Board of Directors:
- In defining and approving strategic risk management guidelines and policies. As part of the Risk Appetite Framework [RAF], the Committee carries out assessments and makes proposals so that the Board of Directors can define and approve the risk objectives and the tolerance threshold;
- In verifying the correct implementation of strategies, risk management policies and the RAF;
- In defining the evaluation policies of business activities, including verifying that the price and terms of transactions with customers are in line with the business model and risk strategies.
The President of the Board of Statutory Auditors – or another auditor designated by the President on a case-by-case basis – assists the work of the Committee. Whenever deemed appropriate, the Risk Management and Internal Control Committee and the Board of Statutory Auditors hold joint meetings.
The Risk Management and Internal Control Committee, composed of only Independent Directors, carries out its work regarding Related-Party transactions and/or transactions with Associated Persons.