Organizational Model pursuant to Legislative Decree 231/2001
The internal control system was further strengthened by the specific introduction of an organizational model, approved by the Board of Directors on July 29th, 2003. Intended to ensure the creation of a system responding to the specific requirements deriving from the introduction of Decree 231/2001 on the administrative liability of companies for criminal offences committed by top management or their reports, this Organizational Model consists of a detailed set of principles and procedures arranged in a pyramid that, starting from the base, can be summarized as follows:
- Group Ethical Code, which sets out the general principles (transparency, honesty and fairness) inspiring the conduct of business;
- Internal control system, meaning the set of processes aimed at providing a reasonable guarantee of the efficiency and effectiveness of operations, the reliability of financial and operational information, the compliance with laws and regulations and the safeguarding of the company’s assets, including against possible fraud. The internal control system is based on and characterized by a number of general principles defined within the framework of the Organizational Model, whose scope extends across all the different organizational levels (Business Units, Head Office Departments and Companies);
- Code of Conduct, which introduces specific rules for preventing situations that might give rise to offences in general, with particular reference to those concerned by Decree 231/2001. These represent a practical expression of the principles contained in the Ethical Code;
- Internal control procedures, which have been prepared for all high and medium-risk operational processes and related processes. These procedures have a similar structure, involving a set of rules designed to identify the main phases of each process, the criminal offences that could be committed in connection with each process and the specific checks to be performed with a view to their prevention. They also specify the reports to be sent to the Supervisory Board to draw its attention to instances of non-compliance with the procedures established in the organizational model. These internal control procedures have been prepared on the basis of three cardinal rules as follows:
- separation of duties in the performance of activities involved in each process;
- “traceability” of decisions, ie. their constant visibility (eg. through specific documentary proof), to allow identification of precise “points” of responsibility and the “reason” for the decisions themselves;
- decision-making on an objective basis, meaning that decisions should ignore purely subjective considerations, referring instead to predetermined principles.