Pirelli & C.

View your recently saved pages:
View all pages (0)

11. Internal control system

The internal control system of Pirelli & C. and the Group it heads is designed to ensure the provision of correct information and adequate cover of all the activities of the Group, with special reference to those areas that are considered to be potentially at risk.

It has developed as a process intended to achieve substantial and procedural fairness, transparency and accountability by ensuring: that transactions and, more generally, business related activities are efficient and can be known and verified, that financial information and accounting and operational data are accurate, that applicable laws and regulations are complied with, and that the assets of the business are safeguarded, not least with a view to prevent the perpetration of fraud against the Company and the financial markets.

The cardinal rules of the internal control system of the Company are:

  • the separation of roles in the performance of the principal activities involved in each operating process;
  • the traceability and constant visibility of decisions;
  • the management of decision-making processes according to objective criteria.

11.1 Director responsible for the internal control system

Responsibility for the internal control system lies with the Board of Directors, which lays down the guidelines for the system and periodically verifies that it is adequate and working effectively. To this end, the Board refers to the Committee for Internal Control, Risks and Corporate Governance, as well as to an Internal Control Officer, who is given an adequate level of independence and appropriate means in order to carry out this mandate, and who carries out typical audit functions to verify the adequacy and efficiency of this system; and, if anomalies are detected, who proposes the necessary corrective solutions.

After its renewal, the Board of Directors, in its meeting of 29 April 2008, identified the Chairman of the Board of Directors as the director charged with the internal control system to whom the following tasks have been assigned, in line with the recommendations of the Self-Regulatory Code68:

  • ensuring that the main company risks are identified, taking the characteristics of the activities performed by the issuer and its subsidiaries into account, and periodically submit them to the Board of Directors for examination;
  • executing the policy lines defined by the Board of Directors, ensuring that the internal control system is planned, implemented and managed, and constantly ascertaining its overall adequacy, efficacy and efficiency;
  • adapting the system to changes in business conditions and in the legal and regulatory frameworks;
  • propose the appointment, revocation and remuneration of one or more internal control officers to the Board.

11.2. Internal control officer

The internal control Officer – who the Board of Directors, after its renewal, with the approval of the Committee for Internal Control, Risks and Corporate Governance and in accordance with best practice, as proposed by the Executive Director charged with the internal control system, confirmed as the head of the Internal Audit Department (Dr. Maurizio Bonzi) - reports his activities to the Committee for Internal Control, Risks and Corporate Governance (to which he is operationally answerable) and the Board of Statutory Auditors and is hierarchically answerable to the Chairman of the Board of Directors.

The Internal Audit Department assumes a role of great prominence in the internal control system and also, due to the activities it performs regarding subsidiaries, it has the principal task of assessing the adequacy and functionality of the control, risk management and corporate governance processes throughout the entire Group by means of independent assurance and consultancy. The work of the Internal Audit Department is carried out in accordance with its mandate, and approved by the Committee for Internal Control and Corporate Governance, regarding the following aspects:

  • mission;
  • objectives and responsibilities (independence, complete access to information, activity framework, communication of results);
  • improvement in the quality of internal audits; principles of professional ethics;
  • professional reference standards.

The Company also has in place a planning and control system that focuses on individual sectors and work units, which produces a detailed monthly report for the General Managers, providing a useful tool for the supervision of specific activities.

In order to favour compliance with the strategies and guidelines adopted by the parent company, the relevant managers with strategic responsibilities in the business and competent section and function managers sit on the Boards of Directors of the largest subsidiaries.

11.3 Risk assessment system

In July 2009 the Board of Directors of Pirelli & C. examined and approved, also in line with international best practice and the suggestions formulated during the self-evaluation process for the 2008 financial year, a new model for the assessment and management of risks liable to prejudice the achievement of the strategic objectives of the Company’s Industrial Plan and Operational Plans.

In particular, the Board considered it advisable, in view of the accelerating economic changes, the complexity of management activities, and recent regulatory developments in corporate governance and internal control, to adopt a structured process for the management of business risks that allows them to be promptly and fully identified, and adequate measures to be adopted to manage them proactively and in advance, instead of simply reacting to events.

The Board evaluated the importance of identifying risks before they manifest themselves, and the adoption of business choices and tools that can prevent them, reduce their impact, and, more generally, “manage them”, given that the assumption of risk represents a fundamental component of business management.

In the light of this, the Board firstly redefined the attributes and composition of the Committee for Internal Control and Corporate Governance, renaming it the “Committee for Internal Control, Risks and Corporate Governance” for this purpose, and extending its composition to 5 directors.

The Board of Directors then approved the general thrust of the new risk management model (still in the process of being implemented). Specifically, the chosen model is based on a top-down and value-driven approach, based on the identification and management of those risks that might prejudice the achievement of strategic objectives and/or threaten the value-drivers of the Group. Coherently with this approach, the top management provides policy for the identification of priority risk areas, and of the specific events with potential impact on the objectives outlined in the Industrial plan, or on strategic business assets.

These events are then subjected to detailed analysis that involves the managers responsible for the business units, the central staff functions, and the regional or country managers.

In the new model, when fully operational, the Board of Directors will be responsible for “risk governance”. In particular, once the project has been implemented, the Board, with the assistance of the investigations and advice provided by Board subcommittee created for this purpose (the Committee for Internal Control, Risks and Corporate Governance) will define the “threshold of acceptable risk 69”, for the year, and the approval, each year, of a “risk assessment and management plan” in which the main relevant risks, and the consequent scheduled mitigation plans will be specifically defined. Finally, the Board will issue guidelines for the definition of risk policies to manage specific existing and prospective risk events.

The Committee for Internal Control, Risks and Corporate Governance will play a fundamental role, undertaking investigations and providing support to the Board, in the development of the “Annual risk assessment and management plan”, and then guaranteeing its effective dissemination throughout the company, and supervising its implementation. In line with its responsibilities, the Committee will also have the task of advising on the definition of the “threshold of acceptable risk”, and on risk management strategies in general.

The effective implementation of the “Annual risk management plan” will then be attributed to the Risk Management Committee (chaired by the Assistant to the Chairman and Group General Counsel, and composed of the General Manager, Tyre & Parts, the Chief Financial Officer, the Group Control Manger, the Internal Audit Manger, the Manager of Legal and Company Affairs and Group Compliance, the Manager of Investor Relations) which will report on its activities to the Committee for Internal Control, Risks and Corporate Governance at intervals to be defined during the implementation of the project.

The Risk Management Committee, which will report its work to the board Subcommittee, will be responsible for (i) adopting and promoting a systematic and structured process for the identification and measurement of risks; (ii) examining the information on internal and external risks, external and prospective, to which the Group is exposed; (iii) proposing strategies for response to the risk depending on the overall and specific exposure to the different categories of risks; (iv) proposing the application of risk policies so as to guarantee that risk is reduced to “acceptable” levels; (v) monitoring the implementation of the risk response strategies defined and the respect of the risk policies adopted.

The activity of the Risk Management Committee is supported by a specific company department for “Sustainability and Risk Management”, specially created and reporting directly to the Group General Counsel with the aim of further strengthening the Pirelli corporate governance system integrating various aspects of sustainability, including the identification, analysis and monitoring of all company risk environments.

The Risk Officer, who will guarantee a suitable link between the Director appointed to supervise the functionality of the internal control system, will be a member of this department.

Finally, a Group Compliance department has been created, separate from the Internal Audit department, reporting to the Director of Legal and Company Affairs and Group Compliance, and specifically tasked to work with the other group departments to ensure that the internal regulations and processes, and company activities in general, are constantly aligned with the applicable regulatory framework.

In line with best practice, the task of the compliance department is to ensure that the risks of non-compliance with laws, regulations and general provisions, including those originating from self-regulation, are managed, so as to prevent legal or administrative sanctions, relevant financial losses or damage to the Company’s reputation.

11.3.1 “The risk management and internal control system in relation to the financial reporting process”

The Company has implemented an articulated risk management and internal control system, supported by a dedicated IT system, for the process of creating the separate and consolidated half-yearly and annual financial report.

Generally, the internal control system set up by the Company is focussed on safeguarding the assets of the company, respect for the laws and regulations, and the efficiency and efficacy of company operations, as well as the reliability, accuracy and promptness of the financial report.

Specifically, the process of formulating the financial report occurs through adequate administrative and accounting procedures, developed in coherence with the criteria established by the Internal Control – Integrated Framework issued by the Committee of Sponsoring Organizations of Tradeway Commission.

The administrative/accounting procedures for the formation of the financial statements and all other financial communications are drawn up under the responsibility of the Officer responsible for drawing up the accounting and company documents (Mr. F. Tanzi), who, with the Chairman of the Board of Directors, jointly attests their adequacy and effective application in the statutory and consolidated financial statements and the half-yearly financial report.

To permit declaration by the Responsible Officer:

  • the Company/relevant processes that feed and generate information of an economic-equity or financial nature have been mapped.

The relevant Processes and Group Companies are identified annually, based on quantitative and qualitative criteria; the quantitative criteria are the identification of those Group companies that, in relation to the processes selected, represent an aggregate value that exceeds a predetermined threshold of materiality.

The qualitative criteria are the examination of those processes and those companies that, in the opinion of the Chief Executive Officers and the Chief Financial Officers of the Sectors, may present potential areas of risk, although they do not fall within the quantitative parameters described above.

For each process selected, the control objectives/risks related to the formation of the financial statements and related report, and the efficacy/efficiency of the internal control system in general have been identified.

For each control objective, specific checking activities have been identified, and specific responsibilities assigned.

A system of supervision of the controls carried out by means of chain declarations has been implemented; any critical aspects that emerge from the valuation process are the object of action plans, implementation of which is verified in the next round.

Finally, a quarterly declaration of the reliability and accuracy of the date submitted for the preparation of the Group consolidated financial statements by the Chief Executive Officers and Chief Financial Officers of the subsidiary companies will now be issued.

Close to the dates of the meetings of the Boards of Directors that approve the consolidated data at 30 June and 31 December, the results of the checking activities are discussed with the Responsible Officer by the Chief Financial Officers.

To summarise, a system of continuous and systematic controls has been adopted that provide reasonable certainty about the reliability of the economic-financial reports and information.

The Internal Audit department carries out periodic audits to check the adequacy of the design and operation of the controls on a sample of processes and companies, selected using materiality criteria.

On the basis of the periodic reports, the Responsible Officer has reported on the efficacy of the System, through the Committee for Internal Control, Risks and Corporate Governance, to the Board of Directors. The same officer, with the Chairman of the Board of Directors, has also provided the declaration specified in subsection 5 of article 154-bis of the CFL.

11.4 Organisational model ex legislative decree 231/2001

The internal control system described above has been further strengthened by the introduction of an organizational model 231 that the Board of Directors approved on 31 July 2003 and which has been revised and modified according to updated regulations (most recently with a resolution of the Board of Directors on 9 November 2008). This organisational model, which is intended to ensure the development of a system that meets the specific requirements deriving from the entry into force of Legislative Decree 231/2001 on the administrative liability of companies for criminal offences committed by their employees, consists of a set of principles and procedures arranged in a pyramid that, starting from the base, can be summarized as follows:

  • the Group Code of Ethics, which formulates the general principles inspiring the conduct of business. It indicates the objectives and the values informing business activity in relation to the main stakeholders with which the Group interacts on a daily basis: As stated, during the year the Board of Directors approved some modifications to the Code of Ethics which, while the values that inspire it remain unchanged, has been supplemented and enriched with new instances which were already concrete expressions of the action of the Pirelli Group, and which, with the approved modification, are expressly reflected in the Code.
  • General principles of internal control, which qualify the Internal Control System, the field of application of which extends uniformly across the various levels of the organisation;
  • Lines of conduct which set out specific rules aiming to avoid the creation of environmental situations that favour criminal activity in general and, in particular, crimes pursuant to legislative decree 231/2001, and translate the principles expressed in the Code of Ethics into operational practice.
  • Internal control checklists, which set out the main phases of each high and medium risk operating process and, for instrumental processes, the specific checks to be made to reasonably prevent the risk of any criminal offence and the flows of information to the Supervisory Body to draw attention to situations of possible non-compliance with the procedures established in the organisational model.

A summary of the guiding principles of the organisational model is available on the Company website www.pirelli.com.

11.4.1 Supervisory Body

A specific Supervisory Body, with full economic independence, monitors the functioning of and the adherence to the organisational model. It is composed of Carlo Secchi, the Lead Independent Director and Chairman of the Committee for Internal Control, Risks and Corporate Governance, Statutory Auditor Paolo Domenico Sfameni, a member of the Board of Statutory Auditors, and Maurizio Bonzi, head of the Internal Audit Department and internal control Officer.

This assures the full autonomy and independence of this Body, and the input of the different professional skills that contribute to corporate management control.

The Supervisory Body is also charged with making ad hoc recommendations to the Board of Directors to adapt the organizational model to changes in the legal framework, and to changes in the nature of the business activities of the Company and the ways in which they are conducted. The Supervisory Body reports to the Board of Directors, the Committee for Internal Control and Corporate Governance and the Board of Statutory Auditors on the checks it has performed and their outcomes.

Each member of the Supervisory Body is paid a gross annual fee of 15,000 euros.

The mandate of the Supervisory Body appointed by the Board of Directors on 29 April 2008 expires with that of the Board that appointed it. In its meeting on 29 July 2009, the Board of Directors took note of the confirmation of the appointment of Mr. Sfameni as a statutory auditor, after expiry of his mandate due to completion of its term at the shareholders’ meeting to approve the financial statements at 31 December 2009, and confirmed his appointment as a member of the Supervisory Body.

With reference to the other Italian companies in the Group, the Supervisory Body has been identified by seeking the technical and operational solution that, while respecting the mandate and the powers reserved to this body by law, is appropriate to the size and organizational context of each company.

Lastly, a disciplinary system has been introduced to sanction non-compliance with the measures indicated in the organisational, operational and control systems.

Finally, it should be pointed out that the Internal Audit Department of Pirelli & C. and the Compliance Department, when requested by the Supervisory Bodies of Group companies, provide operative assistance in the management and analysis of information flows established pursuant to art. 6, subsection 2, letter d), of Legislative Decree 231/2001, as well as in implementation of specific audits on the basis of data received through the aforementioned information flows.

During the year, the Supervisory Body became involved in the court case that implicated two ex-heads of the Security Department of the Company, as detailed in the section entitled “Committee for Internal Control, Risks and Corporate Governance”. In this respect, the Supervisory Body has taken note of the circumstances reported in the aforementioned section.

11.5 External auditors

The audit of the company accounts is carried out by an auditing firm appointed by the Shareholders’ Meeting and chosen from the firms listed in the appropriate register kept by CONSOB.

Reconta Ernst&Young S.p.A.70. were appointed external auditors to undertake the audit of the annual statutory and consolidated financial statements and the half-yearly financial reports for the 2008 - 2016 financial years. Pursuant to the law, the appointment was made at the reasoned proposal of the Board of Statutory Auditors, which carried out an in-depth technical-economic valuation analysis. This valuation was performed based on a comparative overall analysis of the proposals received, with detailed comparison of (i) the costs and conditions of the mandate; (ii) the mix of personnel employed; (iii) the coverage of the territory and the skills and specific experience, and (iv) the fees proposed for work within the same perimeter.

Reconta Ernst&Young S.p.A. is the Italian organisation of the Ernst&Young network, which through the organisations present in the various countries in which the Group operates, has also been appointed to audit the accounts of the principal Pirelli Group companies.

After some legislative modifications of art. 123-bis of the CFL, the external auditors are called on to check the formulation of the report on corporate governance and the ownership structure, and to express an “opinion on the coherence” of some of the information reported in this Report.

The fees paid to Reconta Ernst&Young (and to the other companies that are part of its network) are reported in detail in the notes to the consolidated financial statements of Pirelli & C at 31 December 2009.

11.6. Officer responsible for preparing the company accounting documents

The Company bylaws 71 attribute the power to appoint the Responsible Officer to the Board of Directors, after having received the opinion of the Board of Statutory Auditors; they establish that this appointment expires when the term of the Board of Directors making the appointment expires. The Responsible Officer must be an expert on administration and control matters, and possess the proper requisites, as established for directors.

After its renewal, the Board of Directors, with the favourable opinion of the Board of Statutory Auditors, confirmed Claudio De Conto, Chief Operating Officer of the Company as the responsible officer; after the meeting on 16 September 2009, with the abolition of the General Operations Department, Francesco Tanzi, Director of Finance for the Group, to whom all the administrative and tax structures of the Group report, took over as the Responsible Officer.

The Board of Directors confirmed the attribution of the following principal tasks to the Responsible Officer, pursuant to the regulations currently in force:

  1. to organise adequate administrative and accounting procedures for the formation of the company financial reports and consolidated financial statements and all other communications of a financial nature;
  2. to issue a written declaration attesting that the documents and communications of the Company disseminated to the market and the related financial reports, including mid-year reports, of the Company correspond to the documentary evidence, ledgers and accounting records;
  3. to declare, with a specific report drawn up according to the model established in the CONSOB regulations, attached to the financial reports abbreviated, half-yearly report and consolidated financial statements:
    • the adequacy and effective application of the procedures specified in paragraph a) above during the period to which the documents refer;
    • that the documents are drawn up in compliance with the applicable international accounting standards recognised in the European Community pursuant to EC regulation no. 1606/2002 of the European Parliament and Council of 19 July 2002;
    • that the documents correspond with the ledger entries and accounts;
    • that the documents are suitable to provide a true and correct representation of the economic, financial and equity situation of the Company and the set of business included in the consolidation;
    • for the statutory and consolidated financial reports, that the report on operations includes a reliable analysis of their progress and operating results as well as of the situation of the Company and the set of businesses included in the consolidation, together with descriptions of the principal risks and uncertainties to which they are exposed;
    • for the abbreviated half-yearly report, that the half-yearly report on operations contains a reliable analysis of the information specified in subsection 4 of article 154-ter of the CFL.

The Board of Directors has also granted to the Responsible Officer all powers of an organisational and management nature needed to perform the tasks attributed to him by the current regulations, the Company Bylaws and the Board of Directors. To exercise the powers conferred on him, he is granted full economic autonomy.

The Board of Directors ensures that the Responsible Officer has adequate means and powers to perform the duties assigned to him, and monitors that the administrative and accounting procedures are effectively respected.

For this purpose the Responsible Officer reports, at least once a year, to the Board of Directors, either directly or through the Committee for Internal Control, Risks and Corporate Governance and to the Board of Statutory Auditors for those matters within its remit.

He promptly reports to the delegated administrative body, to the Board of Directors, also through the Committee for Internal Control, and Corporate Governance, on any matters of significant relevance that he believes must be declared in the report specified in article 154-bis of the CFL if not corrected.

The Responsible Officer is invited to attend the meetings of the Board of Directors of the Company when the examination of the economic-financial data of the company is on the agenda, and has direct access to all the information necessary for the production of the accounting data, without the need of any authorisation, shares the internal flows for accounting purposes and approves all the company procedures that have an impact on the economic, financial and equity situation of the Company.

The Responsible Officer72 has attended all the meetings of the Board of Directors of the Company for which the examination of the economic-financial data of the Company was on the agenda, and has issued the attestations and declarations specified in article 154-bis of the CFL.

The Responsible Officer reported to the Committee for Internal Control, Risks and Corporate Governance and, later on during the meeting on 10 March 2010, when the draft financial statements at 31 December 2009 were being approved, reported to the Board of Directors on the adequacy and suitability of the powers and means conferred by the Board of Directors of the Company, confirming that he had had direct access to all the information necessary for the production of the accounting data, without need of any authorisation, shared the internal flows for accounting purposes and approved all the company procedures that had an impact on the economic, financial and equity situation of the Company. During the year, the Responsible Officer had similarly reported to the Committee for Internal Control Risks and Corporate Governance, and subsequently to the Board of Directors on the occasion of their examination of the draft financial statements at 31 December 2008.

During the financial year the Responsible Officer has issued the declarations and attestations specified in article 154-bis of the CFL.

68 Also in line with the provisions of the Self Regulatory Code. Criterion of application 8.C.1, lett. b).

69 Threshold of Acceptable Risk, or Risk Appetite, are defined in the Committee of Sponsoring Organization Enterprise Risk Management Framework as “the amount of risk, on a broad level, an entity is willing to accept in pursuit of value”.

70 Cf. Minutes of the Shareholders’ Meeting of 29 April 2008, available on the Investors section of the Company website, www.pirelli.com

71 Article 11 of the company bylaws

72 Mr. Tanzi since the meeting on 16 September, and Mr. De Conto prior to that.