As noted in section 6 of this report, the board has set up a risk and control committee.
Composition and working of the risk and control committee (article 123-bis.2.d) of the Consolidated Finance Act)
The risk and control committee meets whenever the chairperson deems it necessary and in order to carry out its mandate, as there is no calendar for the year. It is coordinated by its chairperson.
It also meets when a committee member, the chairperson of the Board of Statutory Auditors or the internal control supervisor makes a documented request to the chairperson.
During the year, the risk and control committee met 14 times, with meetings averaging roughly two hours.
Seven meetings of the risk and control committee have been held in 2014.
***
The risk and control committee until 12 September 2013 comprised the following directors (all independent):
- Mario Cattaneo (Chairman)
- Alberto Giovannini
- Pietro Guindani
On 12 September 2013, the Board of Directors, given that Alberto Giovannini resigned from his post as a member of the committee in question, changed the composition of the risk and control committee as follows:
- appointing Giuseppina Capaldo to replace Alberto Giovannini who resigned;
- appointing Franco Passacantando as the fourth member of the committee in question, with effect from 15 December 2013.
This committee is currently composed of four independent directors, as indicated above. The Board, considering the personal and professional characteristics of the members of the risk and control committee, has found that the committee is composed entirely of independent directors who have suitable financial or remuneration policy knowledge and experience.
On 21 September 2012, the risk and control committee approved rules for its working which establish that its proceedings are coordinated by the chairperson and that the chairperson of the Board of Statutory Auditors or another statutory auditor designated by him participate. All the members of the Board of Statutory Auditors have standing invitations to attend meetings as does the internal audit head. Depending on the matters on the agenda, the CEO, other directors, managers of the Issuer, external consultants and representatives of the independent auditors may also be invited to attend; Moreover, the other directors may always be present at the meetings.
The risk and control committee meetings have always been attended by the chairperson of the Board of Statutory Auditors or another statutory auditor designated by him (and the other statutory auditors were also free to attend). The internal audit head participated in all meetings, except for three (two times because the committee discussed issues unrelated to the duties of the internal audit head, and the third time because the head was preparing to leave the company). Upon invitation and to make its working more efficient, the committee invited the chairperson of Salini Impregilo, the relevant internal functions, the supervisory board, external consultants and the representatives of the independent auditors to attend certain meetings.
Duties of Risk and Control Committee
As resolved by the Board of Directors on 18 July 2012 on criteria 7.C.1 and 7.C.2 of the Code, the committee has the following duties:
- providing the Board of Directors with opinions on:
- the guidelines for internal controls and risk management, so that the main risks affecting Salini Impregilo and its subsidiaries are correctly identified, properly measured, managed and monitored, defining the degree of compatibility of these risks with company management and its strategic objectives;
- assessment at least once a year of the adequacy of the internal controls and risk management considering the company’s characteristics and risk profile and their efficiency;
- approval at least once a year of the audit plan prepared by the internal audit head;
- review, discussion and approval of the findings of the main audit reports and their implementation;
- description of the main characteristics of the internal controls and risk management in the corporate governance report, expressing its assessment of their adequacy;
- assessment of the findings presented by the auditor engaged to carry out the legally-required audit in its management letter (if prepared) and in the audit report;
- appointment and removal from office of the internal audit head;
- ensuring that the internal audit head has the necessary resources to carry out his duties;
- agreement of the remuneration of the internal audit head in line with internal policies;
- assessment with the manager in charge of financial reporting, and after consulting the auditor engaged to carry out the legally-required audit and the Board of Statutory Auditors, of the correct application of the accounting policies, and in the case of a group, their consistency for the preparation of the consolidated financial statements;
- expression of opinions on specific aspects related to the identification of key business risks;
- review of the periodic reports on the internal controls and risk management, especially those prepared by the internal audit unit;
- assessment of the independence, adequacy, effectiveness and efficiency of the internal audit unit;
- it may ask the internal audit unit to carry out checks of specific operating areas and it reports thereon to the chairperson of the Board of Statutory Auditors;
- reporting to the Board of Directors at least twice a year, during the meetings held to approve the annual and interim reports, on its activities and the adequacy of the internal controls and risk management.
- performance of the other duties assigned to it by the board.
During the year, the risk and control committee reviewed and assessed the work plan and reports prepared by the internal audit head, and the reports drawn up by the supervisory board as per Legislative Decree no. 231/2001; it expressed, in agreement with the Board of Statutory Auditors, a favourable opinion, together with the manager in charge of financial reporting and the representatives of the independent auditors, on the correct application of the accounting policies and their consistency during preparation of the consolidated financial statements, reporting thereon to the Board of Directors. During approval of the draft annual financial statements and the interim financial report, the committee informed the Board of Directors about its activities and the adequacy, effectiveness and effective working of the internal controls and risk management system. This opinion was shared by the Board of Statutory Auditors. Furthermore, the committee found the organisational, administrative and accounting structure of the Issuer and its strategic subsidiaries Impregilo International Infrastructures N.V. and Fisia Italimpianti S.p.A. to be adequate. It approved the revisions of the Organisational, management and control model required by article 6 of Legislative Decree no. 231/01. It ascertained that the members of the supervisory board met the subjective requirements of the Organisational, management and control model and, therefore, that the entire body met these requirements. It examined the draft interim financial report at 30 June 2013 and the draft interim financial report at 31 March and 30 September 2013; it met certain company functions.
***
Minutes of the committee meetings are drawn up regularly.
When carrying out its duties, the risk and control committee had access to internal information and functions, as necessary, and did call on the support of external consultants.
On 11 May 2011, the Board of Directors resolved to give the internal control committee an annual budget of €50,000 to cover the costs of any necessary consultancy or other services required to carry out its duties, which can be increased to €100,000 with the documented request by the committee chairperson and approval by the Board of Directors’ chairperson. The prior authorisation of outlays is not necessary although the committee is required to document its expenses. It may also avail of internal information and functions.