6.4 Key features of the internal control and risk management system in relation to corporate reporting
(i) Introduction
The internal control and risk management system for the financial reporting process is an element of the “System” (the Corporate Reporting Control System) aimed at ensuring the dependability38, accuracy39, reliability40 and timeliness of the Company’s financial reporting and the capacity of the main relevant corporate processes to produce the reports pursuant to the accounting standards.
The reporting consists of all data and information – financial and non-financial (the latter aims to describe the relevant aspects of the business, comment on the economic and financial results for the year and/or describe the outlook) – contained in the periodic accounting documents required by law, as well as in any other accounting document or external communication subject matter of the statements provided for by Article 154-bis of the TUF41.
The CRCS model adopted by Snam and its Subsidiaries was defined pursuant to the provisions of Article 154-bis of the TUF, and is based, in terms of methodology, on the “COSO Framework” (“Internal Control – Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission), which is the international benchmark model for the establishment, updating, analysis and assessment of internal control systems, an update to which was published in May 2013.
The Corporate Reporting Control System of the Snam Group is regulated by a procedure on the “Corporate Reporting Control System of the Snam Group” and a series of operating instructions.
(ii) Phases of the CRCS
The planning, establishment and maintenance of the CRCS is carried out through the following activities:
1. Scoping
Identification of the scope of analysis in relation to Group companies which apply the CRCS on the basis of the financial statement items and information that are significant for this purpose and the significance of the companies in relation to processes and specific risks
2. Risk assesment
Identification of specific activities likely to generate risks of unintentional error or fraud, which may have a significant impact on the financial statements or potential events whose occurrence might compromise the achievement of control objectives relating to corporate reporting
3. Identification of controls
For companies, processes and the relevant risks that are regarded as significant, the system is based on two fundamental principles: (i) the dissemination of controls to all levels of the organisational structure, in line with the operational responsibilities assigned, and (ii) sustaining the controls over time, so that they are integrated and compatible with operating requirements. The structure provides controls at entity level that operate across the reference entity, and controls at process level, i.e., specific controls carried out within the relevant corporate processes
4. Assessment of controls
The controls are assessed regularly to ensure that they are adequate, both through line monitoring by management and through independent monitoring. The outcomes of assessments are the subject of a regular information flow (reporting) on the basis of which the Executive responsible for preparing corporate accounting documents draws up a half-year report and an annual report on the adequacy and effective implementation of the CRCS, which is shared with the Chief Executive Officer and sent to the Board of Directors and subsequently notified to the Control, Risk and Related-Party Transactions Committee and the Board of Statutory Auditors, at the time of approval of the draft separate and consolidated financial statements and the consolidated half-year financial report
(iii) Positions and functions involved
The Executive Responsible For Preparing Corporate Accounting Documents is assisted in control and assessment activities by various persons (e.g., the risk owner, the department head) at various levels of the organisational structure of Snam and its Subsidiaries.
Furthermore, the senior managers and CEOs of the individual Group companies over time are responsible for establishing, designing and maintaining the Company’s control system; they receive the results of the checks performed on all the controls and draw up dedicated Company half-year and annual reports that they submit to their own Boards of Directors, having informed the Board of Statutory Auditors, and to the parent company.
38 Dependability (of the reporting): reporting that is correct, complies with generally accepted accounting standards and fulfils the requirements of the applicable laws and regulations.
39 Accuracy (of the reporting): reporting that does not contain any errors.
40 Reliability (of the reporting): reporting that is clear and complete, thereby allowing investors to make informed decisions.
41 Snam has established a body of rules that define standards, methods, roles and responsibilities for planning, establishing, maintaining over time and assessing the effectiveness of the Group’s CRCS - which is applied to Snam and the Subsidiaries, taking account of their significance.