Header Background

Internal control and risk management

The responsible directors and managers are in charge of setting up and maintaining an efficient internal control and risk management system, in line with the corporate objectives, and the process of aligning the risk management procedures with the defined containment plans. Snam’s Board of Directors has identified the Company’s Chief Executive Officer as the director responsible for the internal control and risk management system; he performs the duties stipulated in the Corporate Governance Code.

The Board of Directors, have first obtained an opinion from the Control and Risk Committee, assesses the adequacy of the internal control and risk management system at least once a year in respect of the characteristics of the Company and the Group and with the risk profile assumed, as well as the system’s effectiveness.

In particular in 2013 the Control and Risk Committee, as part of its role to assist the Board of Directors, examined the new initiatives established by the Company to implement an Enterprise Risk Management (ERM) system, designed to help senior management to systematically identify, measure, manage and monitor key risks that could affect the achievement of the strategic objectives. Risks relating to sustainability are included in the mapping of operational risks identified by the ERM system.

Applying the control system is a primary responsibility of management, as control activities are an integral part of management procedures. Management must therefore encourage the creation of an atmosphere that is actively orientated towards control and, in particular, oversee “line controls”, which are all the control activities that the individual operating units or companies carry out on their processes.

Independent control is the responsibility of the Internal Audit department, which is specifically responsible for ensuring that the internal control and risk management system is functioning properly and is adequate. The parent company performed auditing activities in 2013, with a dedicated team of 14 auditors.

  Download XLS (23 kB)

Activities carried out by Internal Audit GRI - G4: HR3, SO5









Total number of audits performed




Reports received




involving the internal control system




involving accounting, auditing, fraud, etc.




involving administrative responsibility pursuant to Legislative Decree 231/2001




involving breaches of the anti-corruption law




involving other subjects (Code of Ethics, mobbing, thefts, security, etc.)




Reports shelved due to lack of proof or because untrue (no)




Reports ending in corporate disciplinary or managerial action and/or filing with a legal authority




Reports in the process of examination (no)




Snam in line with risk management best practice

Snam’s Enterprise Risk Management (ERM) department has been active since April 2013. It is tasked with identifying, measuring and monitoring all corporate risks. Snam has always been aware of and managed its risks, but with the ERM system it has chosen a method and model for identifying, assessing, managing and controlling risks that is structured and standardised for all Group companies.

The model applies right across the corporate organisation, and the ERM system will support the Risk Owners, who are the corporate figures directly involved in managing the risks associated with their business areas. Risks are measured using the two classic parameters of operational and economic impact, and the probability of occurrence, and management and mitigation actions are then established. The Category Risk Managers, who are the department managers responsible for risks that could have cross-cutting effects, are also expected to contribute to this process. Lastly, each department has an ERM contact, serving as a reference point for all risk management activities within his/her department.

More than 100 meetings took place as part of the risk mapping process, leading to the identification of 318 risks, 77% of which have a medium-low probability of occurrence, confirming the Snam’s overall low risk profile. This analysis will be updated again in 2014, with the help of a new, ad hoc information system.

318 risks identified with a range of impact types:

  • Industrial/business – Economic – Strategic – Health, safety and environment – Financial
  • Human capital – Reputation – Market – Legal/compliance

Administrative liability and prevention of offences GRI - G4: SO3

The Board of Directors has adopted its own organisational, management and control model pursuant to Legislative Decree 231 of 8 June 2001 (“Model 231”) to prevent the crimes identified by legislation governing corporate administrative liability for crimes committed in the interest or to the advantage of the Company (Legislative Decree 231/2001). It also appointed a Watch Structure with powers of initiative and control, in accordance with the law.

A new text for the Model was thus approved by the Board of Directors on 30 July 2013, with updates introduced relating to new crimes of “private corruption”, “undue inducement to give or promise benefits” and “employment of third-country citizens whose stay is illegal”, as well as changes to Snam’s corporate and organisational structure.

Model 231 consists of an organic combination of principles, rules and measures that relate, inter alia, to the management and control of every corporate process, in order to protect the Company from any conduct that might give rise to sanctions against the Company, pursuant to Legislative Decree 231/2001, relating to crimes committed or attempted in the interest or to the advantage of the Company by individuals in “top” management positions within this structure or individuals subject to the supervision and control of these persons.

A multi-functional team was created within the Company (“Team 231”), which aims to identify and carry out the activities required to update Model 231 by the Company and its subsidiaries by incorporating new legislative developments introduced under the scope of application of Legislative Decree 231 of 8 June 2001.

The subsidiaries have also adopted their own Model 231, commensurate with their specific operations, and appointed their own Watch Structure to monitor the implementation and effective application of this Model.

In line with the principles of continuous improvement in the control system and awareness of the importance of disseminating the contents of Model 231, both inside and outside the Company, and to ensure the model’s effective application, Snam has developed a special training programme for all of its employees. As well as being an important tool for raising awareness among managers and the corporate workforce of the prevention of offences under Model 231, this training activity has led to widespread active participation by all employees in Snam’s ethics and value system.

Model 231 can be viewed on the Company website (http://www.snam.it/en/Governance/Administrative_responsability/index.html).

Watch Structure and Code of Ethics Supervisor

The Watch Structure comprises the Internal Audit Manager, the Head of Legal, Corporate Affairs and Compliance, and three external members, one of whom serves as Chairman, who are experts in legal and corporate affairs and business economics and organisation.

Among other things, the Watch Structure monitors the effectiveness of Model 231 as well as implementation and updating activities. It reviews the adequacy of Model 231 in preventing unlawful conduct and is responsible for information flows in this area with the various corporate departments and with the supervisory bodies of the subsidiaries. The Watch Structure also performs the role of Code of Ethics Supervisor.

In performing its tasks, the Watch Structure has unlimited access to corporate information for investigation, analysis and control activities. Any Company department, employee and/or member of Company bodies is subject to a disclosure obligation in the event of any request by the Watch Structure, and in the event of significant events or circumstances, for the performance of the activities falling within the remit of the Watch Structure.


Snam has been combating corruption for several years, expressly prohibiting “corrupt practices, illegitimate favours, collusion and requests for personal benefits for oneself or others, either directly or through third parties” in its Code of Ethics.

The new anti-corruption procedure, issued in October 2013 and replacing the previous MSG, prohibits bribery in any form in respect of any public or private, national or international party, and forms an integral part of a broader control system for corporate ethics adopted by Snam to ensure its compliance with national and international anti-corruption legislation, including the UK Bribery Act, and the highest international standards in anti-corruption, and to safeguard its reputation.

The anti-corruption procedure is also adopted in compliance with the tenth principle of the Global Compact, an international initiative launched in 2000 by the United Nations to support ten universal principles in the areas of human rights, labour, the environment and anti-corruption. Adoption and implementation of the procedure is mandatory for Snam and its subsidiaries, pursuant to a resolution by the Board of Directors. The Procedure can be viewed on the Company website (http://www.snam.it/en/Governance/Procedures/Anti-corruption_procedures/index.html).

to pagetop