The Internal Control and Risk Management System of the ERG Group (hereafter also "CIGR System") complies with the principles contained in the current edition of the Corporate Governance Code for Listed Companies promoted by Borsa Italiana S.p.A. (hereafter "Corporate Governance Code") and more in general with existing Italian and international best practices.
These Guidelines provide, on one hand, the general principles according to which the handling of the main risks is carried out in the Group, consistently with the identified strategic objectives, on the other hand the coordinating procedures between the parties listed below, in order to maximise the effectiveness and efficiency of the CIGR System.
The CIGR System, in particular, consists of a set of rules, procedures and organisational structures aimed at proactively contributing – through an adequate process of identifying, measuring, managing and monitoring the main risks – to the protection of the ERG Group's social heritage, to the efficient and effective management of the Group in line with the corporate strategies defined by the Board of Directors, to the trustworthiness, accuracy and reliability of the information provided to the corporate bodies and to the market and, more in general, to compliance with current laws and regulations.
The CIGR System of the ERG Group is defined on the basis of Italian and international leading practices, in particular of the International Framework known as "CoSO Internal Control — Integrated Framework 2013".
This Framework identifies a direct relation between the corporate objectives (efficiency and effectiveness of operations, reporting and compliance), the components of the CIGR System and the organisational structure adopted by the Group. The CIGR System, as an integral part of the enterprise activity, involves and therefore applies to the entire organisational structure of the ERG Group: from the Board of Directors of ERG S.p.A. and of its subsidiaries (hereafter "Subsidiaries"), to the Group Management (hereafter "Management") and to the company's personnel. The CIGR System, in line with reference regulations and best practices, comprises the following levels:
- First level: entrusted to individual operating lines, it consists of the checks carried out by those who perform certain activities and by those who are responsible for their supervision; it also makes it possible to ensure the correct performance of the operating activities;
- Second level: entrusted to structures other than line structures, it contributes to the definition of the risk measurement methods, to their identification, assessment and control (Risk Management); it also makes it possible to verify compliance with regulatory obligations (Compliance);
- Third level: entrusted to Internal Audit, its purpose is to assess the functionality of the overall internal control and risk management system and to identify anomalous trends and violations of the procedures and regulations.