The Risk Management and Internal Control Committee provides its preliminary opinion to the Board of Directors on:
- The guidelines of the internal control and risk management system;
- The adequacy of the internal control and risk management system with respect to the characteristics of the company characteristics and the risk profile assumed, as well as its effectiveness;
- The work plan prepared by the head of the internal audit function;
- The main features of the internal control and risk management system and its adequacy;
- The results presented by the statutory auditor in any letter of suggestions and in the report on the fundamental issues that emerged during statutory audit.
The Risk Management and Internal Control Committee provides its favourable prior opinion (which is binding) regarding the appointment and dismissal of the Head of the internal audit department and the allocation of adequate resources by the Board of Directors.
When assisting the Board of Directors, the Risk Management and Internal Control Committee:
- Together with the Manager in charge of preparing the corporate accounting documents, after consulting the statutory auditor and the Board of Statutory Auditors, it assesses the correct use of the accounting principles and their consistency for the purposes of preparing the consolidated financial statements;
- It expresses opinions on specific aspects relating to the identification of the main business risks;
- Examines the periodic reports, concerning the assessment of the internal control and risk management system, and those of particular importance prepared by the internal audit function;
- Monitors the autonomy, adequacy, effectiveness and efficiency of the internal audit function;
- May ask the internal audit function to carry out checks on specific operational areas, simultaneously notifying the Chairman of the Board of Statutory Auditors;
- Examines the annual plans of the control functions and the reports on their implementation;
- Identifies and proposes, with the help of the Appointments Committee, the heads of the corporate control functions to be appointed;
- Contributes, by means of evaluations and opinions, to the definition of the company policy of any outsourcing of corporate control functions;
- Verifies that all corporate control functions correctly comply with the indications and guidelines approved by the Board of Directors and assists the latter in the preparation of the coordination document of the control functions and in general of the internal control system of the company and of group.
With particular reference to tasks relating to risk management and control, the Risk Management and Internal Control Committee performs support functions for the Board of Directors:
- In defining and approving strategic guidelines and risk governance policies. As part of the Risk Appetite Framework [RAF], the Committee carries out assessments and makes proposals so that the Board of Directors can define and approve the risk objectives and the tolerance threshold;
- In verifying the correct implementation of strategies, risk governance policies and the RAF;
- In defining the policies and processes for evaluating corporate activities, including verifying that the price and conditions of transactions with customers are consistent with the business model and risk strategies.
The Chairman of the Board of Statutory Auditors – and/or another statutory auditor designated by the Chairman from time to time – attends the work of the Committee. Whenever deemed appropriate, the Risk Management and Internal Control Committee and the Board of Statutory Auditors hold joint meetings.
The Risk Management and Internal Control Committee, composed of only Independent Directors, carries out its work regarding Related-Party transactions and/or transactions with Associated Persons.