Internal audit

Internal Audit (that functions pursuant to a mandate approved by the Board of Directors) shall have access to all information required for the performance of its duties and shall prepare periodic reports containing adequate information on its activities, the procedures through which risks are managed and compliance with plans for containing them. The periodic reports will contain an assessment of the appropriateness of the SCIGR, with regard to the audit activities established in the audit plan and any additional verifications that are requested.

The Internal Audit Department is not responsible for any operational area and reports to the Board of Directors (through the coordination of the Chairman of the Board of Directors). It shall prepare timely reports on events of particular significance, transmitting its periodic reports and those on particularly significant events to the Chairmen of the Board of Statutory Auditors, the Risk and Related Parties Control Committee, and the Board of Directors, and to the Executive Director in charge of the Internal Control and Risk Management System (SCIGR), and to the Financial Reporting Manager to the degree in which the matter involves his/her responsibility. Moreover, the audit plan will be used to verify the reliability of the Company’s information systems, including its accounting systems.

The Internal Audit Manager, who is also an internal member of the Supervisory Body, is responsible, among other things, for verifying that the internal control and risk management system is functioning and adequate; in particular:



To verify, on an ongoing basis and in relation to specific needs and in compliance with international standards, the operation and appropriateness of the SCIGR, through the audit plan and by conducting specific, unscheduled audits


To prepare, at least annually, an audit plan, based on a structured process of analysis and identification of the priorities inherent in the main risks, to be submitted for the approval of the Board of Directors


Conduct specific verifications, where he/she considers it appropriate or upon the request of the Board of Directors, the Risk and Related Parties Control Committee, the Executive Director in charge of SCIGR or the Board of Statutory Auditors