Risk control and management system

The control system is the set of rules, procedures and organizational structures that, through an adequate process of identification, measurement, management and monitoring of risks, allows to guarantee the correct performance of Sogin.

Targets

Effectiveness and efficiency of business processes

Safeguarding the value of assets

Reliability and integrity of accouting and management information

Regulatory compliance and consistency with internal procedures

Defined by the Statute and the Company's Organization, Management and Control Model, the Internal Control System involves:

  • Board of Directors
    to which the powers concerning the strategic and internal control policies of the Company and the Group are reserved, in particular, defining the guidelines of the internal control system, periodically verifying the adequacy and effective functioning, ensuring that the main business risks are identified and managed in an adequate manner and that the necessary controls exist to monitor the performance of the Company.
  • Chairman of the Board of Directors
    to which the Board of Directors has delegated powers, giving him, inter alia, the power to supervise, in accordance with the provisions of the law and the Statute, the Internal Auditing activities, reporting periodically to the Board of Directors Administration and the Board of Statutory Auditors.
  • Internal Control Function
    which, among other things, are entrusted with third-level control tasks and which, managed by the Internal Audit Manager, is configured as a "top management unit" which reports hierarchically to the Chairman of the Board of Directors and functionally to the Chief Executive Officer (CEO).
  • Head of Internal Audit
    who is responsible for proposing to the Chairman of the Board of Directors the guidelines of the Internal Control System to be submitted to the approval of the Board of Directors, to take care of updating proposals and to implement the internal verification programs, monitoring the improvement actions to follow, as well as reporting to the Board of Directors.
  • Functions with second-level control tasks
    which are entrusted with tasks such as monitoring risk management, the safety and environmental quality system, and management control.
  • Operating structures
    which are responsible for line controls aimed at guaranteeing the correct performance of activities within the sphere of the processes of competence.
  • Manager in charge of preparing the company's accounting documents
    who is responsible for preparing adequate administrative and accounting procedures, both for the preparation of the financial statements and the consolidated financial statements, and to certify, together with the Chief Executive Officer, the adequacy, effective application and suitability to provide a true and fair view of the equity, economic and financial situation.
  • Supervisory Board
    entrusted with the task of supervising compliance with the law and the Statute, compliance with the principles of correct administration and in particular the adequacy of the organizational, administrative and accounting structure adopted by Sogin and the actual functioning.
  • Supervisory Body
    which, with independent powers of initiative and control, has the task of supervising the functioning, effectiveness and observance of the Organizational, Management and Control Model, as well as taking care of updating them.
  • Statutory Auditing firm
    which verifies the regular keeping of the accounts and the correct recording of the management facts in the accounting records as well as the compliance of the financial statements and the consolidated financial statements with the law, expressing an opinion on both the financial statements and the consistency of the management report with the financial statements.
  • Head of Corruption and Transparency Prevention
    which processes and monitors the effective implementation of corruption prevention measures pursuant to law no. 190/2012 and monitors the obligations of the Company with reference to the obligations of publicity, transparency and dissemination of information pursuant to Legislative Decree no. 33/2013 and no. 39/2013.
  • Head of Personal Data Protection or Data Protection Officer (DPO)
    which has support, control, consultative, training and information functions relating to the application of the EU Regulation 679/2016, concerning the protection of personal data. It also cooperates with the Control Authority, establishing, for the same, the contact point for questions related to the processing of personal data.

Risk management involves both processes (Enterprise Risk Management) and company projects (Project Risk Management) with the aim of defining and implementing a structured process for the analysis and management of the main risks and uncertainties.

In particular, the Enterprise Risk Management assesses and monitors on an ongoing basis the current and future risks to which the Company could be exposed and the related interdependencies. In this scenario, the Risk Management Function is responsible for designing the processes, implementing and maintaining the tools necessary for measuring the risks. The Risk Management Function is also involved in spreading the culture of risk and in monitoring and controlling the quality of data and the assessment of impacts from operational risk.