6.4 Internal Auditor
The role, duties and responsibilities of the Internal Auditor are defined and formalised by the Board of Directors within the Guidelines.
Having received the approval of the Control and Risk Committee and the opinion of the Board of Statutory Auditors, upon the proposal of the director in charge of the internal control and risk management system and in agreement with the Chairman, the Board of Directors appoints the Internal Auditor36. The Internal Auditor’s appointment is open-ended and may be revoked by the Board of Directors. At least once during the term of office determined by the Shareholders’ Meeting, the Board of Directors assesses whether the Internal Auditor should be confirmed in the role, based inter alia on rotation criteria.
The Board of Directors has appointed Silvio Bianchi as Internal Auditor.
As part of a team reporting to the CEO, the Internal Auditor performs fully independent audit activities in accordance with guidelines from the Board of Directors37; his/her activities are supervised by the Control and Risk Committee.
The Internal Auditor performs his activities whilst maintaining the necessary independence and due objectivity, competence and professional diligence, as set forth in the International Standards for the Professional Practice of Internal Auditing and in the Code of Ethics issued by the Institute of Internal Auditors38, and in compliance with the principles set forth in the Code of Ethics39.
As part of the process of approving the audit schedule, once a year the Board of Directors approves the budget required for the Internal Audit department to fulfil its responsibilities. The Guidelines stipulate that the Internal Auditor shall have autonomous spending powers in order to scrutinise, analyse and assess the internal control and risk management system and/or perform related activities, and that the Internal Auditor, in exceptional and urgent situations that require the availability of funds exceeding the budget, may propose that the Board of Directors approve the extra budget of the Internal Audit department so that it may carry out the duties assigned to it.
The Internal Auditor (i) verifies, both on an ongoing basis and in relation to specific needs and in compliance with international standards, the functioning and suitability of the internal control and risk management system, via an audit schedule approved by the Board of Directors and based on a structured process of analysing and prioritising the main risks faced; (ii) is not responsible for any operational area and has direct access to all useful information for performing his duties; (iii) draws up periodic reports containing adequate information on his activities, the ways in which risk management is carried out and compliance with the risk reduction plans defined. The periodic reports contain an assessment of the suitability of the internal control and risk management system; (iv) draws up reports on events of particular significance in a timely manner; (v) submits the periodic reports to the Chairmen of the Board of Statutory Auditors, the Control and Risk Committee and the Board of Directors, and to the director in charge of the internal control and risk management system; and (vi) verifies, as part of the audit schedule, the reliability of the information systems, including the accounting systems.
The Director in charge of the internal control and risk management system may request that the Internal Auditor perform checks on specific operational areas and on compliance with internal rules and procedures in the execution of corporate transactions, informing the Chairmen of the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors of said request.
Furthermore, in accordance with the “Guidelines”, the Internal Auditor implements other audit activities that are not set forth in the Audit Schedule, provided they are compatible with the available resources provided for in the Internal Audit Schedule approved by the Board of Directors, based on requests from parties including:
- the Board of Directors;
- the Control and Risk Committee and the Board of Statutory Auditors, providing mutual notification of such requests;
- the Chairman of the Board of Directors and the Director in charge of the internal control and risk management system, providing notification of such requests to the Control and Risk Committee and the Board of Statutory Auditors;
- the Watch Structure.
During 2014, the Internal Audit department regularly carried out the scheduled activities, which involved, in particular: (i) drawing up the proposed audit schedule based on the identification and prioritisation of the main corporate risks carried out by the ERM unit; (ii) executing the audit schedule approved by the Board of Directors of Snam on 27 February 2014 following a favourable opinion from the Control and Risk Committee; (iii) performing the independent monitoring programme defined with the Executive Responsible for preparing corporate accounting document as part of Snam’s Corporate Reporting Control System; (iv) managing channels for reporting, including anonymously, problems relating to the internal control and risk management system, the administrative responsibility of the Company, and irregularities or fraudulent acts (whistleblowing); and (v) activities pertaining to relations with the External Auditors, with reference in particular to the adjustment of contractual references and to the preparation of corporate regulations on the assignment and management of tasks, in line with the relevant legislative and regulatory provisions.
The fixed and variable remuneration of the Internal Auditor is approved by the Board of Directors, at the proposal of the Director in charge of the internal control and risk management system, in agreement with the Chairman of the Board of Directors, in line with corporate policies and following a favourable opinion from the Control and Risk Committee. The proposal is also subject to examination by the Compensation Committee.
36 In accordance with the Guidelines, the candidate’s profile and the necessary requirements of integrity, professionalism, competence, autonomy and experience are assessed, as well as any grounds for incompatibility, including in terms of conflict of interests, with previous activities or positions held at the Company and/or its Subsidiaries. The Control and Risk Committee performs an annual check on whether these requirements are still being met.
37 Pursuant to application criterion 7.C.5 b) of the Code of Corporate Governance, the Board has used its exclusive power to issue guidelines to the Internal Auditor.