Control activities
The results of the risk assessment and monitoring activities and the related mitigation measures are presented regularly to the Control and Risk Committee, the Board of Statutory Auditors and the Watch Structures of Snam and its subsidiaries. They were also used by the Internal Audit department to draw up the audit schedules. In 2016, audit activities were performed by a dedicated team of 16 auditors.
Download XLS (17 kB) |
|
2014 |
2015 |
2016 |
Total number of audits performed |
93 |
64 |
42 |
Reports received |
20 |
17 |
5 |
- of which related to the internal control system |
|
2 |
1 |
- of which related to accounting, auditing, fraud, etc. |
- |
- |
- |
- of which related to administrative responsibility pursuant to Legislative Decree 231/2001 |
- |
- |
1 |
- of which relating to breaches of the anti-corruption law |
- |
- |
3 |
- of which related to other subjects (Code of Ethics, harassment, theft, security, etc.) |
18 |
15 |
- |
Reports received |
13 |
8 |
2 |
Segnalazioni concluse con interventi disciplinari, gestionali e/o sottoposte all’Autorità Giudiziaria |
1 |
3 |
- |
Segnalazioni in corso di esame (n.) |
6 |
6 |
3 |
All internal audit activities are carried out based on the international standards issued by the Institute of Internal Auditors (IIA). In accordance with the provisions of the standards, in 2016, following the specific mandate conferred by Snam on the auditing bodies, a Quality Assurance Review (QAR) was carried out of the Internal Audit function by a an independent specialised company, which included a benchmark analysis with respect to similar entities to Snam by business type and size; the analysis revealed the full compliance, of the practices adopted by Snam’s Internal Audit department, with the international auditing standards specifying, also in relation to benchmark performed, the qualifying factors and certain areas of improvement, for which Internal Audit has prepared an action plan that will be implemented during 2017.
Corporate Reporting Internal Control System
The internal control and risk management system and the corporate reporting process of the Snam Group are elements of the same “System” (the Corporate Reporting Internal Control System), which is meant to ensure the reliability, 48, accuracy49, dependability50 and timeliness of corporate disclosure with regard to financial reporting and the ability of the relevant business processes to produce this information in keeping with generally accepted accounting principles.
The reporting in question consists of all data and information contained in the periodic accounting documents required by law – the separate and consolidated annual financial report, half-year financial report and interim report on operations – as well as in any other accounting document or external communication – such as press releases and prospectuses prepared for specific transactions – covered by the statements provided for by Article 154-bis of the TUF. This reporting includes both financial and non-financial data and information, where the latter aims to describe significant aspects of the business, comment on the financial results for the year and/or describe future prospects.
Snam has adopted a body of rules that defines the standards, methods, roles and responsibilities for design, implementation and maintenance over time of the Group’s Corporate Reporting Internal Control System, which is applied to Snam and its subsidiaries, taking account of their significance in terms of their contribution to the consolidated financial statements of the Snam Group and the riskiness of the activities carried out.
The internal control and risk management model adopted by Snam and its subsidiaries with regard to corporate reporting was defined in accordance with the provisions of the above-mentioned Article 154-bis of the TUF, and is based in methodological terms on the “ COSO Framework”(“ Internal Control – Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission), the international reference model for the establishment, updating, analysis and assessment of the internal control system. Its update was published in May 2013.
The planning, institution and maintenance of the Corporate Reporting Internal Control System are achieved through the activities of scoping, identifying and assessing the risks and controls (at the business level and process level through the activities of risk assessment and monitoring) and the related information flows ( reporting).
The structure of the control system features entity-level controls (Company entity-level controls) which operate transversely across the entity in question (group/individual company) and process-level controls. The latter are subdivided into:
- specific controls aimed at preventing, identifying and correcting errors or irregularities occurring during the execution of operative activities (process-level controls);
- pervasive controls to define a general context that promotes the correct execution and control of operating activities. The pervasive controls include those related to the segregation of incompatible tasks (Segregation of duties) and general control of information systems (IT general controls).
The controls, both at the entity level and process level, are subject to regular evaluation (monitoring) to verify the adequacy of the design and actual operability over time. For that purpose, there is provision for ongoing monitoring activities, assigned to the management responsible for the relevant procedures/activities, as well as independent monitoring (separate evaluations), assigned to the Internal Audit, which operates according to a plan agreed with the Chief Financial Officer and aimed at defining the scope and objectives of its intervention through agreed audit procedures.
Snam’s Board of Directors also appointed independent auditors EY S.p.A. to examine the adequacy of the internal control system in relation to the preparation of financial information for the production of the separate and consolidated financial statements of Snam S.p.A., by conducting independent checks on the effectiveness of the design and functionality of the control system.
The results of the monitoring activities, the checks made on the controls and any other information or situations relevant to the Corporate Reporting Internal Control System are subject to periodic reporting on the state of the control system, which involves all levels of the organisational structure of Snam and its major subsidiaries, including operational business managers, heads of department, administrative managers and chief executive officers.
The assessments of all controls instituted within by Snam and its subsidiaries are brought to the attention of the Chief Financial Officer, who, on the basis of this information, draws up half-yearly and annual reports on the adequacy and effective application of the Corporate Reporting Internal Control System. These are shared with the Chief Executive Officer and communicated to the Board of Directors, after informing the Control and Risk Committee and the Board of Statutory Auditors, when the separate and consolidated financial statements, and the consolidated half-year report, are approved, to allow the Board of Directors to perform its supervisory functions and to conduct the assessments that fall to its responsibility with regard to the Corporate Reporting Internal Control System.
48 Credibility of reporting: reporting that is correct and that complies with generally accepted accounting standards and fulfils the requirements of the applicable laws and regulations.
49 Accuracy of reporting: error-free reporting.
50 Reliability of reporting: reporting that is clear and comprehensive, enabling investors to make informed investment decisions.