The risk supervision and governance model that the Group adopted in July 2009, has the following aims:
- “to manage” risks in terms of prevention and mitigation;
- “to seize” proactively the opportunity factors;
- to disseminate the “culture” of the value of risk within the Company, in particular, in the strategic planning and operating processes and in the most significant business choices;
- to assure transparency in relation to the risk profile assumed and the management strategies implemented, based on periodic and structured reporting to the Board of Directors and to the Top Management and adequate information to the shareholders, and more in general, to the so-called stakeholders.
In harmony with these aims, Pirelli’s Enterprise Risk Management model is:
- enterprise-wide: extended to all types of potentially significant risks/opportunities;
- value-driven: focused on the more significant risks/ opportunities in relation to their capacity to prejudice the achievement of Pirelli’s strategic objectives or to erode critical corporate assets (so-called Key Value Drivers);
- top-down: the Top Management identifies the priority risk areas and the events of greatest impact for the business;
- quantitative; where possible, based on an accurate measurement of the impacts caused by the risks on the expected economic/financial results in relation to their probable occurrence.
- integrated in the decision-making/business processes and, in particular, in the strategic planning and operational process.
The Board of Directors plays a fundamental role with reference to the model’s governance. Indeed, the Board is responsible for supervising the risk management process so that the risks assumed in the business are consistent with the strategies (so-called monitoring action). Furthermore, the Board defines the attitude to risk (so-called identification of the “acceptable risk threshold”) and establishes the guidelines to manage the risks which may “interfere with” or prejudice achieving the business objectives or erode critical corporate assets, in line with its top management and strategic policy-making mission.
The CICRCG supports the Board (i) in the periodic identification and assessment of the principal risks relating to the Company and its subsidiaries, at least once a year, to ensure these risks are monitored correctly (Annual Risk Assessment) (ii) in defining the mitigation plans, and in general, the “risk governance” and updating them periodically, at least once a year (Annual Risk Management Plan) in order to maintain the overall levels of exposure to risk within the risk threshold assessed by the Board of Directors as “acceptable” (risk appetite), based on the proposal made by the Committee concerned). In particular, the CICRCG supported the Board in defining the policy guidelines for the risk management system so that the main risks concerning Pirelli were identified correctly, as well as measured, managed and monitored adequately53.
The Board of Directors is supported by two Risk Management Committees in relation to the various risk macro families, (each Management Committee has specific areas of responsibility): the Strategic Risks Committee, with expertise and responsibility for the risks related to the strategic business choices, or due to the external environment in which the Group operates and the Operating Risks Committee that focuses on preventing and managing the risks specifically related to the organisational structure, the processes and the Group’s systems.
The two Risk Management Committees have the following responsibilities (i) to adopt and promote a systematic and structured process to identify and measure the risks; (ii) to examine the information concerning internal and external, existing and future risks to which the Group is exposed; (iii) to propose strategies to respond to the risk in relation to the overall and detailed exposure to the various categories of risks; (iv) to propose the implementation of a risk policy in order to guarantee that the risk is reduced to “acceptable” levels; (v) to monitor the implementation of the strategies adopted in response to the risk defined and compliance with the risk policies adopted.
The Management Committees avail of the Sustainability and Risk Governance function (managed by Filippo Bettini) that includes the Risk Officer (Ms. Alessia Carnevale) who coordinates the assessment process and guarantees the on-going monitoring of the Company’s and the Group’s exposure to the principal risks, while monitoring the effective implementation of the mitigation plans in the individual company departments and organisational units.
Pirelli’s Enterprise Risk Management model forms part of three key phases in the decision-making process:
- strategic planning (medium/long term);
- operational planning (annual and quarterly);
- new investment projects
becoming an integral part of the decision-making process.
Risk Management and internal control system in relation to the financial reporti ng process
The Company has implemented a specific and structured risk management and internal control system supported by a dedicated IT application, in relation to the process to prepare the separate and consolidated half-yearly and annual financial reports.
In general, the internal control system implemented by the Company is designed to assure the protection of the Company’s assets, compliance with the laws and regulations, the efficiency and effectiveness of the Company’s operations, in addition to the dependability, accuracy and timeliness of the financial reporting.
In particular, the process to prepare the financial reports is based on adequate administrative and accounting procedures, performed in compliance with the criteria established by the Internal Control – Integrated Framework issued by the Committee of Sponsoring Organisations of Tradeway Commission.
The administrative and accounting procedures involved to prepare the Financial Statements and every other financial communication are prepared under the responsibility of the Responsible Officer assigned to prepare the corporate and accounting documents (Francesco Tanzi), who, together with the Chairman of the Board of Directors certifies their adequacy and effective application at the time of the annual and consolidated Financial Statements and the half-yearly financial report.
The significant Companies and Processes which supply and generate economic, equity or financial information have been mapped out to permit certification by the Responsible Officer. The significant Group Companies and Processes are identified annually on the basis of quantitative and qualitative criteria. The quantitative criteria consist in identifying the Group Companies which represent a higher aggregate value at a given materiality threshold in relation to the selected processes.
the board is responsable for supervising the risk management process so that the risks assumed in the business are consistent with the strategies
The qualitative criteria consist in an examination of the processes and companies which may present potential areas of risk, even though they do not meet the quantitative parameters described above, based on the assessment performed by the Chief Executive Officers and by the Chief Financial Officers of the business sectors involved.
The control risks and targets associated with preparing the Financial Statements and the respective information and the effectiveness and efficiency of the internal control system, in general, were identified for each process selected.
Precise audit activities were identified and specific responsibilities were assigned for each control target.
A system to supervise the controls performed was implemented based on a mechanism involving a chain of certifications; any critical situations which may emerge in the evaluation process become the subject of plans of action for which implementation is verified in the subsequent year-end activities.
Lastly, a procedure has been envisaged in which, once every quarter, the Chief Executive Officers and the Chief Financial Officers of the subsidiary companies issue a declaration of reliability and accuracy of the data transmitted for the purposes of preparing the Group’s consolidated Financial Statements.
The results of the audit activities are discussed by the Chief Financial Officers of the respective Sectors with the Responsible Officer prior to the date of the Board of Directors’ meetings which approve the consolidated data as of 30 June and 31 December.
In essence, a system of on-going and systematic controls has been adopted that provides a reasonable degree of certainty regarding the dependability of the information and the economic and financial reporting.
The Internal Audit Department performs periodic audits to determine the adequacy of the design and operation of the controls on companies and processes chosen randomly, selected on the basis of materiality criteria.
On the basis of the periodic reports the Responsible Officer reported on the System’s efficiency to the Board of Directors through the CICRCG. Moreover, the same Officer, together with the Chairman of the Board of Directors provided the certification envisaged under Article 154-bis, paragraph 5 of the Unified Finance Law (TUF).
53 Self-regulatory code: Application criterion 7.C.1., sub-section a).