SNAM 2015 Annual Report - Control activities

The results of the risk assessment and monitoring activities and the related mitigation measures are presented regularly to the Control and Risk Committee, the Board of Statutory Auditors and the Supervisory body of Snam and its subsidiaries. They were also used by the Internal Audit department to draw up the audit schedules. In 2015, audit activities were performed by a dedicated team of 17 auditors.

Download XLS (23 kB)

Activities performed by Internal Audit
	2013	2014	2015
Total number of audits performed	63	93	64
Reports received	16	20	17
- of which related to the internal control system	7	2	2
- of which related to accounting, auditing, fraud, etc.	-	-	-
- of which related to administrative responsibility pursuant to Legislative Decree 231/2001	-	-	-
- of which related to other subjects (Code of Ethics, harassment, theft, security, etc.)	9	18	15
Reports shelved due to lack of proof or because untrue (no)	10	13	8
Reports resulting in disciplinary or managerial interventions, and/or submitted to judicial authorities	1	1	3
Reports under examination (no)		6	6

In order to strengthen control over all issues related to criminal law, administrative responsibility of the company, anti-corruption and the internal control system in general, the Internal Control System and Anti-Corruption unit was created within the Legal and Corporate Affairs and Compliance department. Cooperation and partnership with Transparency International was also supported and developed.

Corporate Reporting Internal Control System

The internal control and risk management system and the corporate reporting process of the Snam Group are elements of the same “System” (the Corporate Reporting Internal Control System), which aims to ensure the reliability²¹, accuracy²², dependability²³ and timeliness of corporate disclosure with regard to financial reporting and the ability of the relevant business processes to produce this information in keeping with generally accepted accounting standards.

The reporting in question consists of all data and information contained in the periodic accounting documents required by Law – the Annual Report, the Half-year Report, the Interim Directors’ Report (including consolidated versions) – as well as any other document or communication for external use, such as Press Releases and Prospectuses prepared for specific transactions, which are subject to the certifications required by Article 154-bis of the TUF. The reporting includes both financial and non-financial data and information; the purpose of the latter is to describe the significant aspects of the business, comment on the financial results for the year and/or describe the outlook.

Snam has adopted a body of rules that defines the standards, methods, roles and responsibilities for design, implementation and maintenance over time of the Group’s Corporate Reporting Internal Control System, which is applied to Snam and its subsidiaries, taking account of their significance in terms of their contribution to the consolidated financial statements of the Snam Group and the riskiness of the activities carried out.

The internal control and risk management model adopted by Snam and its subsidiaries with regard to corporate reporting was defined in accordance with the provisions of the above-mentioned Article 154-bis of the TUF, and is based in methodological terms on the “COSO Framework” (“Internal Control – Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission), the international reference model for the establishment, updating, analysis and assessment of the internal control system. Its update was published in May 2013.

The planning, institution and maintenance of the Corporate Reporting Internal Control System are achieved through the activities of scoping, identifying and assessing the risks and controls (at the business level and process level through the activities of risk assessment and monitoring) and the related information flows (reporting).

The structure of the control system features entity-level controls (Company entity-level controls) which operate transversely across the entity in question (group/individual company) and process-level controls.

The latter are subdivided into:

specific controls aimed at preventing, identifying and correcting errors or irregularities occurring during the execution of operative activities (process-level controls);
pervasive controls to define a general context that promotes the correct execution and control of operating activities. The pervasive controls include those related to the segregation of incompatible tasks (Segregation of duties) and general control of information systems (IT general controls).

There are 65 Company entity-level controls provided for by the Corporate Reporting Internal Control System, 661 process-level controls performed by the Snam Group companies, 95 IT general controls and 121 Segregation of duties risks arising in the processes of individual companies.

The controls, both at the entity level and process level, are subject to regular evaluation (monitoring) to verify the adequacy of the design and actual operability over time. For that purpose, there is provision for ongoing monitoring activities, assigned to the management responsible for the relevant procedures/activities, as well as independent monitoring (separate evaluations), assigned to the Internal Audit, which operates according to a plan agreed with the Chief Financial Officer and aimed at defining the scope and objectives of its intervention through agreed audit procedures.

Snam’s Board of Directors also appointed independent auditors Reconta Ernst & Young to examine the adequacy of the internal control system in relation to the preparation of financial information for the production of the separate and consolidated financial statements of Snam S.p.A., by conducting independent checks on the effectiveness of the design and functionality of the control system.

The results of the monitoring activities, the checks made on the controls and any other information or situations relevant to the Corporate Reporting Internal Control System are subject to periodic reporting on the state of the control system, which involves all levels of the organisational structure of Snam and its major subsidiaries, including operational business managers, heads of department, administrative managers and chief executive officers.

The assessments of all controls instituted within by Snam and its subsidiaries are brought to the attention of the Chief Financial Officer, who, on the basis of this information, draws up half-yearly and annual reports on the adequacy and effective application of the Corporate Reporting Internal Control System. These are shared with the Chief Executive Officer and communicated to the Board of Directors, after informing the Control and Risk Committee and the Board of Statutory Auditors, when the separate and consolidated financial statements, and the consolidated half-year report, are approved, to allow the Board of Directors to perform its supervisory functions and to conduct the assessments that fall to its responsibility with regard to the Corporate Reporting Internal Control System.

21 Reliability of information: information that is correct, complies with generally accepted accounting standards and fulfils the requirements of the applicable laws and regulations.

22 Accurate information: information without errors.

23 Dependability of information: information that is clear and comprehensive, enabling investors to make informed investment decisions.