Control system

Risk control and management

Sisal considers a ‘risk’ to be any event that could adversely affect the achievement of a goal, whether strategic, operational, reporting or compliance-related. To reduce the possibility of such an event occurring, Sisal S.p.A. has defined and implemented an Internal Control System consisting of various functions and bodies that allow the company to identify, analyze and assess the risks associated with company activities and objectives, to establish suitable countermeasures to manage these risks, and to monitor ongoing activities constantly.

The Board of Directors is responsible for the Internal Control System, determines its guidelines and ensures that it functions properly and effectively.

This System testifies, amongst other things, to Sisal’s commitment to sustainability, as well as making a significant contribution to implementing mid to long term strategies.

The activities performed by and the relationships between the main players in the Control System comply with Risk Management requirements and the organizational model pursuant to Legislative Decree 231/2001.

Risk Management

Sisal has implemented its own Internal Control System by adopting a risk management model defined according to the principles established by international best practice as set out by the Committee of Sponsoring Organizations of the Treadway Commission (C.O.S.O.). The Board of Directors has approved the guidelines and drawn up a risk management policy to define the model on which the Enterprise Risk Management (ERM) operating process is based.

The Sisal internal Control System ensures constant interaction and therefore effective and efficient integration between all control bodies. On 30 April 2009 the Board of Directors, in an additional measure that goes beyond the provisions of the Self-Regulation Code issued by Borsa Italiana, appointed a Risk Committee tasked with analysing and assessing the main corporate risks and expressing their opinion to the Executive Director.

The organizational model pursuant to Legislative Decree 231/2001

Legislative Decree no. 231/2001 (hereafter also “Decree”) establishes that a company can be held directly accountable, and is therefore subject to sanctions, if a person related to the organization commits certain offenses in the interest or for the benefit of the company.

In the framework of its risk management activities, in 2006 Sisal therefore drew up and introduced an Organizational, Management and Control Model (hereafter also “Organizational Model”) aimed at reducing the risk of the offences envisaged by the Decree.

This Organizational Model consists of the following fundamental and interdependent elements:

• Code of Ethics
• Set of internal protocols and procedures, acting as countermeasures to prevent the risk of crimes being committed
• Supervisory Board, tasked with monitoring the suitability and effective implementation of the Organizational Model
• Map of powers conferred
• Penalty system

The members of the Supervisory Board are chosen from highly professional candidates with complementary skills, in such a way as to guarantee the Board’s autonomy and independence, which are essential requirements for it to function properly.

The Supervisory Board reports directly to the Board of Directors to avoid the possibility of bias towards any corporate division.

All the employees and associates of Sisal are provided with the necessary information and training to ensure full compliance with internal rules and procedures. The Supervisory Board has developed a training program, directed in particular at newly hired managers, with the aim of testing their awareness of the principles and content of the Organizational Model and the risks that exist.

Internal Audit

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The Mission of the IA of Sisal, is to “Assist the Board of Directors, Control Risk & Sustainability Committee, Board of Auditors, Supervisory Body and the Top Management of Sisal S.p.A. with the definition and improvement of the efficiency, effectiveness, economic, integrity and sustainability of the risk management, control, and governance processes, through an independent assessment that shall create added value. The goal is to be the Trusted Advisor for the Organization.”

As an International Team, Internal Audit developed a Risk-Based Audit Plan for FY 2021 composed by 51 projects (assurance services 80% and 20% consulting services) to be performed across 5 different Countries (Italy, Morocco, Turkey, Spain and Albania). In addition, Internal Audit planned to visit more than 200 Point of Sales during 2021.

The Internal Audit Plan has been defined using the ERM Methodology, ensuring that in 3 years all most risky processes will be audited by the Internal Audit Team, having also external consultants support on the more critical regulations impacting the business (e.g. AML, Anticorruption, Data Protection-GDPR, Law 231/01 Antibribery, HSE and Italian Law 81/08) for which each year Internal Audit perform extensive analysis over the compliance aspects. The Internal Audit projects are focused on Operational Processes and Strategic (20% of the Audit Plan), Financial (24%), IT and Cyber (18%) and Compliance (39%). The inspection visit performed on the PoS are mainly focused on Compliance with the Internal Policy and Procedures and also with the most relevant national regulation in terms of gaming (including responsible gaming).