3.3 Control and Risk Committee

Duties

The Committee provides recommendations and advice to the Board of Directors by making suitable enquiries to support the Board’s assessments and decisions concerning the internal control and risk management system, as well as those relating to the approval of financial reports.

Specifically, the Control and Risk Committee performs the following functions:

1. it evaluates, together with the Executive Responsible for preparing corporate accounting documents and having consulted the External Auditors and the Board of Statutory Auditors, the proper use of accounting standards and their consistency for the purposes of preparing the consolidated financial statements;
2. it issues opinions on specific aspects relating to the identification of the main risks faced by the Company;
3. it carries out the further duties which are attributed to it by the Board of Directors concerning Transactions involving directors’ or statutory auditors’ interests and related-party transactions, according to the times and methods set out in the Procedure enclosed to the Regulations of the Committee¹⁵;
4. it examines the periodic reports relating to the evaluation of the internal control and risk management system, as well as those of particular importance prepared by the Internal Auditor;
5. it monitors the independence, suitability, effectiveness and efficiency of the Internal Audit department;
6. it may ask the Internal Auditor to carry out inspections of specific operational areas, giving notice of this to the Chairman of the Board of Statutory Auditors, the Chairman of the Board of Directors and the internal control and risk management system director;
7. it reports to the Board, at least every six months, upon approval of the annual and half-year financial reports, on the activity it carries out and on the adequacy of the internal control and risk management system;
8. it expresses its opinion on proposals to the Board of Directors submitted by the internal control and risk management system director, in agreement with the Chairman: (i) concerning the appointment, dismissal and remuneration of the Internal Auditor, in line with the Company’s pay policy; and (ii) designed to ensure that he/she is given the appropriate resources to fulfil his/her responsibilities.

The Committee expresses its opinion to the Board of Directors in order to:

1. define the guidelines for the internal control and risk management system, so that the main risks facing the Company and its subsidiaries can be correctly identified and adequately measured, managed and monitored, as well as determine to what extent these risks can be managed using a policy that is consistent with the strategic objectives identified;
2. periodically evaluate, at least annually, the adequacy and effectiveness of the internal control and risk management system with respect to the characteristics of the Company and the risk profile it has adopted;
3. periodically approve, at least once a year, the Audit Schedule prepared by the Internal Auditor;
4. describe, in the Report on Corporate Governance and Ownership Structure, the main features of the internal control and risk management system, and evaluate the adequacy of the system;
5. evaluate the conclusions presented by the External Auditors in any letter of suggestions and in the report on key matters arising from the external audit.

The Control and Risk Committee, in its composition of only independent directors, also performs the duties assigned to it as part of the Procedure entitled “Transactions in which directors or statutory auditors have an interest, and related-party transactions”. For further information about the above mentioned Procedure see Chapter 7.4 of the Report.

Composition

On 23 April 2013, the Board of Directors appointed the members of the Audit and Risk Committee.

On 12 December 2013 the Board of Directors resolved, following approval of the new Regulation of the Control and Risk Committee, the integration of the composition in order to ensure the maximization of the different competencies of the Board within the Committee¹⁶. Also as a result of this integration, the members of the Committee are the following:

The Snam Board of Directors decided that more than one member of the Committee has adequate accounting, financial and risk management experience.

The Chairman of the Company, the internal control and risk management system director and the Statutory Auditors are usually invited to attend Committee meetings. Other non-Committee members may also attend, upon invitation by the Committee Chairman, in order to provide information and express related competent evaluation on individual agenda items.

The Committee meetings are deemed valid with the presence of the majority of the members in office; the Committee resolves by an absolute majority of the attendees. In the event of a tied vote, the Committee Chairman shall represent the position adopted by the majority of the independent directors to the Board of Directors, whilst also informing the Board of the position of the other Committee members.

Activities

In 2013 the Committee met 10 times, with 93.3% of members present on average. The average duration of Committee meetings was 208 minutes.

Below is a brief description of the main issues discussed during the 2013 financial year:

• various aspects of the corporate governance system, particularly:
  - revising the Committee Regulations, which were subsequently approved by the Board of Directors;
  - analysing the draft Regulations on the performance of management and coordination activities by Snam and its Controlled Companies;
  - examining the independence of the Internal Audit department and of certain key functions of the corporate governance system (the Executive Responsible for preparing corporate accounting documents, the Compliance and the enterprise risk management system);
• the enterprise risk management system, particularly:
  - examining the initiatives put in place by the Company to implement the enterprise risk management system intended to organically support senior management in identifying, measuring, managing and monitoring the main risks that could affect the achievement of strategic objectives, paying special attention to critical and strategic risks and, in particular, the financial risks analysed in depth with the support of management;
• oversight of the Internal Audit department, particularly:
  - proposing adjustments to the Guidelines of the Board of Directors with regard to the activities of the Internal Audit department (approved by the Board of Directors most recently on 29 October 2013);
  - examining all the activities carried out to implement the audit schedule, the main results of the audits carried out during the period and the follow-up on corrective actions agreed with management based on the observations emerging from the controls carried out and the quarterly reports on notifications received;
  - proposing the 2014 audit schedule based on the chart of the main corporate risks drawn up by the Enterprise Risk Management unit and presented to the supervisory and control bodies of the Direct Controlled Companies, in order to acquire any instructions or assessments from them;
• issues relating to regulatory provisions pursuant to Law 262/2005, particularly:
  - examining, with the Executive Responsible for preparing corporate accounting documents, the report on the adequacy of the Corporate Reporting Control System and compliance with administrative and accounting procedures, including with regard to the modification of the Corporate Reporting Control System following Eni’s loss of control over Snam on 15 October 2012 and the resulting transition of the Snam Group from an SOA-compliant system to a system based exclusively on the requirements of Law 262/2005;
• the activities of the firm appointed to audit the accounts, particularly:
  - analysing issues relating to the half-year and annual financial reports with the External Auditors, together with the Head of Planning, Administration and Control, with regard both to auditing and to the checks carried out in relation to the effectiveness of the Corporate Reporting Control System pursuant to Law 262/2005;
• issues relating to regulatory provisions pursuant to Legislative Decree 231/2001, the Code of Ethics and the Anti-Corruption Procedure, particularly:
  - holding meetings with the Supervisory Body and examining the activities it carries out to fulfil the role assigned to it by Model 231;
  - examining the results of the project to update Model 231, used by Snam and its Controlled Companies, which was launched in early 2013 in view of the regulatory changes that extended the scope of application of administrative responsibility pursuant to Legislative Decree 231/2001;
  - examining the proposals to update Model 231, the Code of Ethics and the Anti-Corruption Procedure (approved by the Board of Directors on 30 July 2013);
• activities carried out concerning related-party transactions, particularly:
  - examining the procedure for “Transactions in which directors or statutory auditors have an interest, and related-party transactions” (approved by the Board of Directors most recently on 12 December 2013);
  - assessing the choices made by the Company, based on the relevant criteria set out by Consob, for defining the threshold to be used to distinguish between small and large transactions, and confirming the adequacy of these choices;
  - analysing the report drawn up by the Administration department on the related-party transactions carried out in the first half of 2013.

The Regulations governing the Control and Risk Committee were approved most recently by the Board of Directors on 12 December 2013. The Regulations are available on the Company’s website (http://www.snam.it/en/Governance/Social_bodies/Committees/control-risk-committee.html).

The Committee reported to the Board of Directors, at the Board meetings of 30 July 2013 and 27 February 2014, on the activities it carried out in the first and second halves of 2013 respectively.

The Committee has scheduled seven meetings for 2014. As at the approval date of the Report, two meetings had been held.

During 2013, several non-Committee members attended meetings of the Control and Risk Committee upon invitation by the Committee, in order to provide information and explanations. The Chairman of the Board of Statutory Auditors and/or other statutory auditors also usually attended.

The Committee Regulations state that the Committee may access any information necessary for the purposes of performing its duties and may make use of the relevant company departments and external consultants, within the terms set by the Board of Directors. The Committee has the financial resources necessary to pay independent consultants or other experts, and to fulfil its duties.

The table Annex 1 Section IV lists information about the attendance of each participant in Control and Risk Committee meetings.

Relations with other bodies and departments

The Board of Statutory Auditors and the Control and Risk Committee promptly exchange information that may be useful in carrying out their respective functions, receive and collate significant information, at least once every six months, from the control functions (the Internal Audit, Risk Management and Compliance departments) on the controls performed and on any weaknesses, problems or anomalies identified, and meet at least once every six months to assess the results.

The Committee also meets with the Supervisory Body / Code of Ethics Supervisor and the Board of Statutory Auditors when the Supervisory Body performs its examination of the half-year report.