Risk control and management
Sisal considers a ‘risk’ to be any event that could adversely affect the achievement of a goal, whether strategic, operational, reporting or compliance-related. To reduce the possibility of such an event occurring, Sisal S.p.A. has defined and implemented an Internal Control System consisting of various functions and bodies that allow the company to identify, analyze and assess the risks associated with company activities and objectives, to establish suitable countermeasures to manage these risks, and to monitor ongoing activities constantly.
The Board of Directors is responsible for the Internal Control System, determines its guidelines and ensures that it functions properly and effectively.
This System testifies, amongst other things, to Sisal’s commitment to sustainability, as well as making a significant contribution to implementing the Group’s mid to long term strategies.
The activities performed by and the relationships between the main players in the Control System comply with Risk Management requirements and the organizational model pursuant to Legislative Decree 231/2001.
Sisal has implemented its own Internal Control System by adopting a risk management model defined according to the principles established by international best practice as set out by the Committee of Sponsoring Organizations of the Treadway Commission (C.O.S.O.). The Board of Directors has approved the guidelines and drawn up a risk management policy to define the model on which the Enterprise Risk Management (ERM) operating process is based.
The Sisal internal Control System ensures constant interaction and therefore effective and efficient integration between all control bodies. On 30 April 2009 the Board of Directors, in an additional measure that goes beyond the provisions of the Self-Regulation Code issued by Borsa Italiana, appointed a Risk Committee tasked with analysing and assessing the main corporate risks and expressing their opinion to the Executive Director.
The organizational model pursuant to Legislative Decree 231/2001
Legislative Decree no. 231/2001 (hereafter also “Decree”) establishes that a company can be held directly accountable, and is therefore subject to sanctions, if a person related to the organization commits certain offenses in the interest or for the benefit of the company.
In the framework of its risk management activities, in 2006 Sisal therefore drew up and introduced an Organizational, Management and Control Model (hereafter also “Organizational Model”) aimed at reducing the risk of the offences envisaged by the Decree.
This Organizational Model consists of the following fundamental and interdependent elements:
- Code of Ethics
- Set of internal protocols and procedures, acting as countermeasures to prevent the risk of crimes being committed
- Supervisory Board, tasked with monitoring the suitability and effective implementation of the Organizational Model
- Map of powers conferred
- Penalty system
The members of the Supervisory Board are chosen from highly professional candidates with complementary skills, in such a way as to guarantee the Board’s autonomy and independence, which are essential requirements for it to function properly.
The Supervisory Board reports directly to the Board of Directors to avoid the possibility of bias towards any corporate division.
All the employees and associates of Sisal are provided with the necessary information and training to ensure full compliance with internal rules and procedures. The Supervisory Board has developed a training program, directed in particular at newly hired managers, with the aim of testing their awareness of the principles and content of the Organizational Model and the risks that exist.