In order to equip itself with suitable anti-corruption principles, ENAV has:
- Appointed a special Supervisory Body in accordance with Legislative Decree No. 231/01;
- Established an organisational sector called Whistleblowing & Fraud Audit under the Internal Audit Department;
Following the best practices and indications of the main position papers (including the Confindustria Guidelines for the construction of the models of organisation, management and control according to Legislative Decree No. 231/2001) and the ISO 37001 reference standards, ENAV has established its activities according to the CoSO Framework (Committee of Sponsoring Organizations) as a Risk Management model provided by the Lines of Address of the Internal Control and Risk Management System approved by this Board of Directors, in line with what is recommended by the Self-Governance Code of the Listed Companies of Borsa Italiana. The activities for the definition of an effective anti-corruption model affecting both the activities of the Supervisory Body and the Whistleblowing & Fraud Audit sector can be summarised more specifically:
- Risk Assessment;
- Training and communication;
- Monitoring and management of reports.
Regarding Risk Assessment, a periodic activity of risk assessment is guaranteed by the internal structures, also depending on the analysis of the internal and external context. The periodic updating of risk assessments is also carried out by identifying the necessary actions to strengthen the internal control and risk management system, with particular reference to the procedural corpus and organisational principles. In particular, the following activities were carried out or completed during 2017:
Business Process Risk Assessment, coordinated by the Internal Audit Department, which has, among others, the purpose of also identifying the risks of fraud and corruption for the main mapped business processes.;;
Risk Assessment and Gap Analysis 231 for the identification of the control principles concerning those activities defined as sensitive for the purposes of the commission of the offences envisaged by Legislative Decree No. 231/01 and assessment of the supplementary requirements of Model 231 following the intervening legislative evolutions (the latest in chronological order and significant by relevance is the new whistleblowing legislation for the protection of the whistleblower, Law No. 179/2017);
Risk assessment on corruption risks established in line with the requirements of the ISO 37.001 Standard and aimed at understanding what activities should fall under the anti-corruption policy.
Regarding regulation, on March 16th 2017, the ENAV Board of Directors updated the Group's Code of Ethics and the Organisation Model in accordance with the aforementioned Legislative Decree No. 231/2001, Management and Control. Subsequently the Techno Sky Board of Directors also updated its Model 231 and adopted the Group's Code of Ethics. Management has also worked to strengthen the anti-corruption principles through the reinforcement of certain controls that have been referred to as the so-called "4-eyes principle" and the improvement of the processes, with particular reference to payments and purchases.
During the year, ENAV then defined a work plan for the setting up of an Anti-Corruption Compliance Programme, at Group level, which provides for 2018, indicatively:
- the issuing of a Regulation on Whistleblowing;
- the definition of an Anti-Corruption Policy;
- the formalisation of an Anti-Corruption Model.
In addition to these aspects, the work plans defined by the responsible structures during the year of 2017, provide for 2018 specific policies in relation to the main processes to fight the corruption, such as brokerage contracts to be valid both for Parent company and for any subsidiary affected by this risk (e.g., ENAV Asia Pacific).
Even the classroom training in the area of anti-corruption has found ample space and has been focused on topics such as: the regulatory evolution, the principles on which the need to oppose corruption is based, what emerged from the report by Transparency International, several case studies and the representation of corrupt modalities through the analysis of court judgements wich address cases of national and international character.
During 2016, training was provided in the classroom on topics relating to anti-corruption and Model 231 aspects, in addition to the Code of Ethics, for a total of 941 hours. This training, aimed at middle managers and executives of ENAV and Techno Sky, was completed during 2017, the year in which online training was also finalised on the same topics that will be extended to the remaining target population during 2018. There were 67 training hours in 2017. The reduction between 2016 and 2017 is due to the fact that the 2017 training hours are a "spill-over" of the training initiated during 2016. In 2018, the Internal Audit Department will launch on-line training courses for all employees (also in the light of the new whistleblowing regulations) and new classroom training sessions for all executives. As far as the members of the Board of Directors are concerned, the document relating to 231 topics, which also encompasses the corruption risk used during the induction seminar session, has been circulated to everyone.
Under the profile of monitoring and managing reports, various other activities have been carried out. In particular, the verification plans of the Supervisory Bodies (of ENAV and Techno Sky) which use the Internal Audit Department for the conduct of their verification activities, and the same multi-annual plan of the Internal Audit see the corruption risk examined under different profiles in the scope of the processes audited. The Group has also defined two further monitoring tools: a communication channel for the reporting of whistleblowing and a channel for the reception of information flows of the Supervisory Body. In particular, nitial actions were taken at the end of 2017 that will see, in the first part of 2018, the implementation of a system that complies with the requirements of the new legislation Law No. 179/2017. The reports received through these channels have all been analysed and for those considered to be more detailed, specific audit activities have been initiated which complete the activities envisaged in the plan. The control system (SCIGR), however, has presented several areas for improvement and, following the audit activities, the specific corrective actions aimed at acquiring the best practices in the field of fraud prevention and fraud detection have been established. There were no cases of infringement of the procedures regarding the application of controls for the prevention of fraud and corrupt acts.
Finally, the anti-corruption model, integrated with the principles guaranteed by the Supervisory Body and the Internal Audit Department, foresees specific periodic information flows regarding the Board of Directors, the Control, Risks and Related Parties Committeeand the Board of Auditors. These flows, defined on a periodic basis, include the work plans of the Supervisory Body and the Internal Audit Department, as well as a summary of the results of the activities carried out, and a detailing of the reports received and the remedial actions undertaken. In addition to these flows, ENAV has defined specific coordination modalities among the internal players, such as for example the Risk Manager, the Financial Reporting Manager responsible for the drafting of the company's accounting documents, the head of the Security Department and Internal Audit to ensure, in accordance with their roles, timely information about how to manage the risks and their recovery plans.