SNAM Report on Corporate Governance and Ownership Structure 2013

The role, duties and responsibilities of the Internal Auditor are defined and formalised by the Board of Directors in the Guidelines.

As indicated in Chapter 6.1, the Board of Directors – subject to the favourable opinion of the Control and Risk Committee and considering the opinion of the Board of Statutory Auditors, upon the proposal of the internal control and risk management system director, in agreement with the Chairman of the Board of Directors – appoints the Internal Auditor²¹. The Internal Auditor is appointed for an unlimited term and may be dismissed by the Board of Directors. At least once during the course of the mandate granted to it by the Shareholders’ Meeting, the Board of Directors assesses whether to reappoint the Internal Auditor, basing its decision on factors including rotation criteria.

The Board of Directors has appointed Silvio Bianchi as Internal Auditor.

The Internal Auditor, within an organisational structure that reports to the Chief Executive Officer, performs audit activities in full independence in accordance with the instructions of the Board of Directors²²; the Control and Risk Committee oversees the activities of the Internal Audit.

The Internal Audit activities are carried out ensuring the maintenance of the necessary conditions for independence and the necessary objectivity, competence and professional diligence provided for in the international standards for the professional practice of the Internal Audit and in the code of ethics issued by the Institute of Internal Auditors²³, as well as the principles contained in the Code of Ethics²⁴.

Within the process of approving of the audit schedule, once a year the Board of Directors approves the budget required for the Internal Audit department to perform its responsibilities. According to the Guidelines, the Internal Auditor has autonomous spending powers to assess, analyse and evaluate the internal control and risk management system and/or the related activities, and, in an exceptional and urgent circumstances that requires additional funds, he/she may ask the Board of Directors to extend the budget for the purposes of fulfilling his/her duties.

The Internal Auditor: (i) verifies, both on a continual basis and in relation to specific requirements, in compliance with international standards, the functioning and suitability of the internal control and risk management system via an audit schedule, approved by the Board of Directors, based on a structured process of analysing and prioritising the main risks; (ii) is not responsible of any operational area, and has direct access to all information that is useful for carrying out his/her duties; (iii) prepares periodic reports containing appropriate information on his/her work, on how risks are managed and on compliance with the plans set up to limit them. These reports contain an evaluation of the suitability of the internal control and risk management system; (iv) prepares timely reports on events of particular importance; (v) submits the reports to the Chairmen of the Board of Statutory Auditors, the Control and Risk Committee and the Board of Directors, as well as to the internal control and risk management system director; and (vi) verifies, in the context of the audit schedule, the reliability of the IT systems used, including the accounting systems.

The internal control and risk management system director may request to the Internal Auditor to carry out verifications on specific operational areas and on the compliance of internal rules and procedures within the execution of corporate operations, giving contextual communication to the Chairmen of the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors.

In 2013, the Internal Audit department performed regularly its scheduled activities which have concerned in particular: (i) the collection of data, information and assessments required to map corporate risks supporting the drawing up the draft audit schedule; (ii) the execution of the audit schedule, approved by Snam’s Board of Directors on 12 February 2013, following prior opinion of the Control and Risk Committee; (iii) the performing of the independent-monitoring programme drawn up with the Executive Responsible for preparing corporate accounting documents as part of Snam’s Corporate Reporting Control System; (iv) the management of the channels used to provide notification, anonymous or otherwise, of problems relating to the internal control and risk management system, to corporate administrative liability, to irregularities or to fraud (whistleblowing); and (v) the preparatory work required for the awarding of mandates to the External Auditors.

The remuneration (fixed and variable) of the Internal Auditor is approved by the Board of Directors on the proposal of the Chief Executive Officer and in agreement with the Chairman, in accordance with corporate policies and having received a favourable opinion from the Control and Risk Committee. The proposal is also subject to examination by the Remuneration Committee.

21 According to the Guidelines, the Board must assess the candidate’s profile and whether he/she meets the necessary requirements of integrity, professionalism, competence, autonomy and experience, as well as any reason for incompatibility, including conflicts of interest, with previous activities or roles held at the Company and/or its Controlled Companies. The Control and Risk Committee assesses whether these requirements continue to be met at least once a year.

22 In accordance with criterion 7.C.5 letter b) of the Code of Corporate Governance it has been valorised the exclusive power reserved to the Board of giving instructions to the Internal Auditor.

23 The International Standards for the Professional Practice of Internal Auditing are available at the following web address: http://www.unesco.org/new/fileadmin/MULTIMEDIA/HQ/IOS/temp/IPPF_Standards%20ENG.pdf.

24 See Chapter 6.1.

6.4 Internal Auditor