Internal Control System
A structured and coherent system
The internal control system is the set of rules, procedures and organizational structures aimed at ensuring sound management of the company through an appropriate process of identification, measurement, management and monitoring of the main risks.
Model and objective
Our Internal Control and Risk Management System is structured not only to guarantee compliance with the law, regulations, the Articles of Association and internal procedures, but also to ensure the safeguard of company assets, the efficacy and efficiency of corporate transactions and the reliability of financial information.
We pay close attention to risk management. For this reason, we have introduced internal processes in line with the most advanced management systems, with best practices for the design and implementation of internal control and risk management systems and with the recommendations of the Corporate Governance Code for Listed Companies.
How it is organized
The Board of Directors is responsible for the Internal Control and Risk Management System. In particular, the Board:
- defines and updates the internal control and risk management system guidelines
- examines the main risks for the company
- appoints and revokes the Head of Internal Audit, defining its responsibilities and remuneration
- assesses the adequacy, efficacy and actual performance of the internal control system
The Director in charge of the Internal Control and Risk Management System is identified as the CEO. He oversees the design and functioning of the system, its implementation and identifies the main risks for the company. He makes use of corporate functions for managing specific risks, to pursue better assurance towards achieving the company's objectives.
The Risk Control and Sustainability Committee has the task of supporting, with suitable preliminary activity, the assessments and decisions of the Board of Directors relating to the Internal Control and Risk Management System.
The Board of Statutory Auditors has the task of supervising the Internal Control and Risk Management System by verifying its processes, both prior and after any possible fact. The outcome is brought to the attention of the Board of Directors, who may adopt any corrective measures that may be necessary.
The Head of Internal Audit, identified as the Group Risk & Compliance Officer, is in charge of verifying that the system is adequate, fully operational and functioning, also through the performance of internal audit activities. In particular, he:
- performs and facilitates the activities for identifying, assessing and managing company risks
- submits annually to the Risk Control and Sustainability Committee and subsequently to the Board of Directors, an internal audit plan, to verify the work being carried out by the Group’s companies.
In the exercise of his mandate, the Head of Internal Audit regularly meets with the Board of Statutory Auditors and the independent auditors.
The management of other corporate functions have the task of identifying, assessing, managing and monitoring the risks related to their specific areas of competence, and of identifying and implementing precise remediation actions.
The Supervisory Board is in charge of controlling the functioning, efficacy and compliance with the Organizational and Management Model.
Our Internal Control and Risk Management System and that of our subsidiaries is structured on the basis of a series of elements:
- The control environment consists of the set of values, ideas, motivations, convictions and conduct which characterize the way our group and our people operate. It forms the basis of the Internal Control and Risk Management System, generating a culture of risk and control.
- The risk assessment includes the identification and assessment of the risks that could negatively impact on the company’s ability to achieve its objectives. It constitutes the basis for the definition of the risk management actions required from the management of the companies within the group.
- Control activities consist of the set of company policies and procedures aimed at managing risks and reaching corporate objectives.
- The information and communication system is essential: relevant information must be communicated widely, disseminated and shared consistently at all company levels in a timely, accurate and complete manner so as to be a point of reference for the decision-making and operational process.
- An adequate monitoring system ultimately allows verification that the Internal Control and Risk Management System is correctly designed and functioning.
Verification of the adequacy and actual functioning of the Internal Control and Risk Management System constitutes an integral part of the structure of the system and involves the players of the system in different ways.
- The Head of Internal Audit expresses his evaluation of the Internal Control and Risk Management System based on the activities performed directly by his function, by external consultants appointed by him and from the information received from other company functions. These assessments are brought to the attention of the other players, through regular reports.
- The Risk Control and Sustainability Committee regularly assesses the actual functioning of the Internal Control and Risk Management System of Amplifon S.p.A. and its subsidiaries on the basis of information received from the Director in charge of the Internal Control and Risk Management System, the Head of Internal Audit, the independent auditors and other players. These assessments are brought to the attention of the Board of Directors.
- The Board of Directors assesses the adequacy and the actual functioning of the system on the basis of the information received from the Risk Control and Sustainability Committee, the Director in charge of the Internal Control and Risk Management System, the Board of Statutory Auditors, the Head of Internal Audit and the independent auditors.