Internal Control System and Risk Management

in

With regard to internal controls, since December 2006, on the basis of the preventive instructions given by the Internal Control Committee (now the Control and Risk Committee), the Board of Directors has:

  • defined the "Terna Group Internal Control System" (now the "Internal Control and Risk Management System of the Terna Group" or the "ICRMS"), taking its inspiration from national and international best practices such as the set of rules, procedures and organisational structures, which, through a suitable identification, measurement, management and monitoring process of the main risks, enable correct, coherent business management with the objectives established by the Company;
  • established the guidelines for the Internal Control and Risk Management System of the Terna Group, describing the rules, procedures and organisational structures prepared in such a way that the main risks relating to Terna and its subsidiaries are correctly identified and suitably measured, managed and monitored according to criteria of compatibility with a healthy, correct management, coherent with the strategic objectives identified (Articles 7.P.1, 7.P.2, and 7.C.1, letter a) of the Governance Code).
    More specifically, these guidelines were updated by the Board of Directors - also considering the new provisions of the Governance Code - by resolution of December 19, 2012 and upon seeking an opinion of the Control and Risk Committee. At the same time and in accordance with the provisions of the mentioned guidelines, upon seeking the opinion of the Control and Risk Committee, the board defined the nature and level of risk compatible with the strategic objectives of Terna and its subsidiaries.

The Internal Control and Risk Management System of the Terna Group helps, with reasonable certainty, to guarantee the achievement of strategic objectives, the safeguarding of the company assets, the efficiency and effectiveness of the business processes, the reliability of the financial operations, compliance with the law, regulations, Bylaws and internal procedures and the reliability of the company reports and financial disclosure. Moreover, it is constructed considering the specific nature and type of activities carried out and the connected risks and corporate interest of the activities carried out with special attention paid to the part of the ICRMS that has the objective of safeguarding continuity of the electrical service and the guarantee of impartial behaviour in carrying out the activities granted under concession.

The ICRMS is based on the following elements: control environment; risk management system; control activities; information, communication and monitoring. The coordinated implementation of these elements makes the ICRMS effective overall.

  • "The control environment", the basis of all other elements, consists of the set of ethical and cultural values, the governance and organisational model, the leadership style exercised by the company's senior management and by the management and staff management policies.
  • The "risk management system" implemented by the company senior management and management starts from the definition of the business objectives (strategic plans, budget, key performance indicators, risk appetite) and enables the various levels of the organisation to identify the main risks of the individual processes to which the plans of action are related for the prevention and management of risk in order to keep it within acceptable limits, monitoring the results over time. The risk management models adopted, the roles and responsibilities within the organisation are defined in specific business procedures and policies. In order to implement an integrated "risk management system", in 2007 Terna created a Corporate Security Department significantly integrating its security tools and defining a transversal system for identifying, analysing and controlling Corporate risks. Moreover, in accordance with the provisions of the guidelines of the Internal Control and Risk Management System of the Terna Group, the figure of the Chief Risk Officer (CRO) has been envisaged (Comment to Article 7 of the Governance Code), to whom the main responsibility is assigned for supporting company management in the effective implementation and management of the risk management process on a Group level, with reference to all financial, operational, business and sundry risks.
    In addition to ensuring absolute compliance with legal provisions, this integrated model allows reaching corporate security levels that exceed the regular standards attainable through a sectoral and fragmented security management.
  • The “control activities” are carried out by management and employees to achieve specific objectives on the basis of principles, such as self-control, hierarchical control, accountability, opposing interests and segregation of duties.
  • The “communications and information processes” ensure that the Company’s expected objectives, culture, values, roles, responsibilities and conduct are clearly disclosed internally, while guaranteeing that disclosures to stakeholders outside the Company are correct and transparent.
  • Monitoring” aims at constantly verifying the effectiveness of the Internal Control and Risk Management System of the Terna Group through continuous activities carried out by personnel in the performance of their work, and through separate assessments that are regular, but not continuous, and typical, but not exclusive, of the Audit Department.

Terna has indeed an appropriate structure dedicated to preventing and managing Corporate fraud activities also aimed at spreading the culture of legality and respecting Corporate regulations. Continuously monitoring processes, verifying and managing reports of illegalities have led to introducing specific controls aimed at reducing such risks and at defining, for certain critical processes, specific procedures aimed at preventing illegal conduct.

Upon completion of the resolutions passed on the ICRMS as described above and on the basis of the positive opinion of the Control and Risk Committee, during the meeting of December 19, 2012, the Board of Directors expressed a positive opinion on the suitability of the Internal Control and Risk Management System with respect to the characteristics of the business and the risk profile assumed, as well as its effectiveness.

Terna's Board of Directors' meeting of March 15, 2013, in compliance with the opinion rendered by the Internal Control Committee on the basis of the analyses made during 2012 and when approving the draft financial statements for FY 2012, confirmed the positive assessment given and judged the Terna Group's Internal Control System suitable to achieve an acceptable risk profile, in consideration of the field in which Terna operates, of its size, organizational and Corporate structure (Article 1.C.1, letter c) and 7.C.1 letter b) of the Governance Code).

In its report, the Control and Risk Committee also reported on the report of the Supervisory Body appointed in accordance with Italian Legislative Decree no. 231/01 on the implementation of the Organisational Model in place at Terna and at the other Group companies.

Attachment 1 to this report includes the principal characteristics of existing risk management and internal control systems with respect to the financial information note, also consolidated (ex Article 123-bis, paragraph 2, letter b) of the Consolidated Law on Finance).