6.4 Internal Auditor
The role, duties and responsibilities of the Internal Auditor are defined and formalised by the Board of Directors within the “Internal Audit Guidelines”.
Having received the approval of the Control and Risk Committee and the opinion of the Board of Statutory Auditors, upon the proposal of the director in charge of the internal control and risk management system and in agreement with the Chairman, the Board of Directors appoints the Internal Auditor50. The Internal Auditor’s appointment is open-ended and may be revoked by the Board of Directors. At least once during the term of office determined by the Shareholders’ Meeting, the Board of Directors assesses whether the Internal Auditor should be confirmed in the role, based inter alia on rotation criteria.
The Board of Directors has appointed Silvio Bianchi as Internal Auditor.
As part of a team reporting to the CEO, the Internal Auditor performs fully independent audit activities in accordance with guidelines from the Board of Directors51; his activities are supervised by the Control and Risk Committee.
The Internal Auditor performs his activities while maintaining the necessary independence and due objectivity, competence and professional diligence, as laid down in the International Standards for the Professional Practice of Internal Auditing and in the Code of Ethics issued by the Institute of Internal Auditors52, and in compliance with the principles laid down in the Code of Ethics53.
As part of the process of approving the audit schedule, once a year the Board of Directors approves the budget required for the Internal Audit department to fulfil its responsibilities. The Guidelines stipulate that the Internal Auditor shall have autonomous spending powers in order to scrutinise, analyse and assess the internal control and risk management system and/or perform related activities, and that the Internal Auditor, in exceptional and urgent situations that require the availability of funds exceeding the budget, may propose that the Board of Directors approve the extra budget of the Internal Audit department so that it may carry out the duties assigned to it.
The Internal Auditor:
- verifies, both on a continual basis and in relation to specific requirements, in compliance with international standards, the functioning and suitability of the internal control and risk management system via an audit schedule, approved by the Board of Directors, based on a structured process of analysing and prioritising the main risks;
- is not responsible for any particular operational area, and has direct access to all information that is useful for carrying out his duties;
- prepares periodic reports containing appropriate information on his work, on how risks are managed and on compliance with the plans set up to limit them. These reports contain an evaluation of the suitability of the internal control and risk management system;
- promptly prepares reports on events of particular importance;
- submits the reports to the Chairpersons of the Board of Statutory Auditors, the Control and Risk Committee and the Board of Directors, as well as to the director in charge of the internal control and risk management system;
- verifies, in the context of the audit schedule, the reliability of the IT systems used, including the accounting systems.
The director in charge of the internal control and risk management system may request that the Internal Auditor perform checks on specific operational areas and on compliance with internal rules and procedures in the execution of corporate transactions, informing the Chairpersons of the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors of said request.
Furthermore, in accordance with the Guidelines, the Internal Auditor carries out other audit measures not set out in the audit schedule, as permitted by the available resources provided for in the Internal Audit schedule approved by the Board of Directors, based also on requests from:
- the Board of Directors;
- the Control and Risk Committee and the Board of Statutory Auditors, with reciprocal communication;
- the Chairman of the Board of Directors and the director in charge of the internal control and risk management system, with communication to the Control and Risk Committee and the Board of Statutory Auditors;
- the Watch Structure.
In 2015, the Internal Audit department performed its scheduled activities as expected. Specifically, these were:
- drawing up the draft audit schedule based on the identification and prioritisation of the main risks facing the Company, carried out by the ERM unit;
- executing the audit schedule approved by Snam’s Board of Directors on 11 March 2015 following a favourable opinion from the Control and Risk Committee;
- performing the independent-monitoring programme drawn up with the Executive Responsible for preparing corporate accounting documents as part of Snam’s Corporate Reporting Control System;
- managing the channels used to provide notification, anonymous or otherwise, of problems relating to the internal control and risk management system, to corporate administrative responsibility of the Company, to irregularities or to fraud (whistleblowing); and
- activities pertaining to relations with the External Auditors, particularly with regard to the commitments involved in managing the Framework Agreement in force with Reconta Ernst & Young and the oversight of the procedure for the allocation of additional appointments by Snam Group companies, in accordance with the provisions of the corporate regulations on the allocation and management of appointments issued in May, in line with the applicable regulatory provisions.
The fixed and variable remuneration of the Internal Auditor is approved by the Board of Directors, at the proposal of the director in charge of the internal control and risk management system, in agreement with the Chairman of the Board of Directors, in line with corporate policies and following a favourable opinion from the Control and Risk Committee. The proposal is also subject to examination by the Compensation Committee.
50 In accordance with the Guidelines, the candidate’s profile and the necessary requirements of integrity, professionalism, competence, autonomy and experience are assessed, as well as any grounds for incompatibility, including in terms of conflict of interests, with previous activities or positions held at the Company and/or its Subsidiaries. The Control and Risk Committee performs an annual check on whether these requirements are still being met.
51 Pursuant to Application Criterion 7.C.5, letter b) of the Code of Corporate Governance, the Board has used its exclusive power to issue guidelines to the Internal Auditor.
52 The International Standards for the Professional Practice of Internal Auditing are available at: http://www.unesco.org/new/ fileadmin/MULTIMEDIA/HQ/IOS/temp/IPPF_Standards%20ENG.pdf.
53 See Paragraph 6.1 above.