Code of ethics

The internal control and risk management system

The internal control and risk management system of the Reno De Medici Group is understood as the set of procedures, organisational structures and related activities aimed at ensuring, through an adequate process of identification, measurement, management and monitoring of the main risks, a correct company management consistent with the objectives set.

The System contributes to ensuring the protection of the company assets, the efficiency and effectiveness of business process operations, the reliability of financial information, compliance with laws and regulations, as well as with the Articles of Association and internal procedures.

This system is integrated into the more general organisational and corporate governance structures adopted by the issuer and takes into due consideration the reference models and the best practices existing at national and international level.

The guidelines on the internal control and risk management system refer to the principles provided by the Enterprise Risk Management (ERM), an international standard developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO Report).

Below are the objectives assigned that the Group’s internal control system aims to pursue:

  • ensure the implementation of company activities in an effective and efficient manner;
  • guarantee the reliability and correctness of accounting records and the safeguarding of company assets;
  • ensure compliance with the external and internal regulations of the company.

The basic elements of the internal control system prepared by the Company, subject to continuous monitoring and updating, are as follows:

  • separation of roles and functions in carrying out key operations;
  • traceability of operations;
  • management of decision-making processes based on the most objective criteria possible.

This system is implemented through procedures, organizational structures and controls implemented by RDM Group and by the Group’s operating companies with respect to the most significant corporate processes in terms of risk.

For a detailed description of the Internal control system, see the Report on Corporate Governance and Ownership Structures.

Director in charge of the internal control and risk management system

The Board of Directors has identified the Chief Executive Officer as the director in charge of the internal control and risk management system.

The Director in charge of supervising the functionality of the internal control system and risk management;

  • identifies the main business risks, taking into account the characteristics of the activities carried out by the issuer and its subsidiaries, and submits them periodically for the review of the Board of Directors;
  • implements the guidelines defined by the Board of Directors, overseeing the planning, implementation and management of the internal control system and of the risks, constantly verifying its overall adequacy, effectiveness and efficiency;
  • handles the adaptation of this system to the dynamics of operating conditions and the legislative and regulatory framework;
  • may request the Internal Audit function to carry out checks on specific operating areas and compliance with internal rules and procedures in the execution of company operations, communicating simulatenously with the Chairman of the Board of Directors, the Chairman of the Control and Risks Committee and the Chairman of the Board of Statutory Auditors;
  • promptly reports to the Control and Risks Committee (or to the Board of Directors) regarding problems and critical issues that emerged during the performance of its activities or of which it became aware, so that the Committee (or the Board) can take the appropriate initiatives;
  • is in charge of coordonating the various entities involved in the internal control and risk management system, monitoring and participating in the activities assigned to each.

Internal Audit Manager

An important role in the internal control system is played by the Internal Audit, which is in charge of:

  • ensuring supervisory activities pursuant to Legislative Decree 231/2001;
  • updating the identification, classification and evaluation system of risk areas for the pupose of planning control interventions;
  • verifying on an ongoing basis and in relation to specific needs, and in compliance with international standards, the operation and suitability of the internal control and risk management system, through an audit plan, approved by the Board of Directors, based on a structured process of analysis and prioritization of the main risks;
  • carrying out planned (Plan approved by the Supervisory Body and by the Control and Risks Committee) and random control interventions, identifying any gaps with respect to the adopted models and formulating proposals on the corrective actions to be taken;
  • preparing special reports on events of particular relevance and Audit reports reporting on the activities and the methods by which the risk management is conducted, as well as any recommendations and suggestions for their containment, along with an assessment on the suitability of the internal control and risk management system. These reports are also sent to the Supervisory Body, to the Board of Statutory Auditors, to the Control and Risk Committee, and to the director in charge of the internal control and risk management system;
  • maintaining business relationship with the audit firm;
  • maintaining relations and ensuring information flows with the Supervisory Body, the Internal Control Committee and the Board of Statutory Auditors.