Risk management

The guidelines for the Internal Control and Risk Management System

The Board of Directors has defined the guidelines for the Internal Control and Risk Management System (ICRMS), an articulated group of rules, procedures and organizational structures for identifying and managing risks.

An adequate Internal Control and Risk Management System facilitates company operation that is healthy, correct and coherent with the preset goals. It favors the adoption of informed decisions in the interest of all stakeholders. It contributes to ensuring the protection of company assets, the efficiency and effectiveness of company processes, the trustworthiness of the information provided to company bodies and the market, the respect of law and regulations, the bylaws and internal procedures.

The ERM approach

Our company manages risks through an ERM (Enterprise Risk Management) approach, developed in line with the best international practices and inspired by the framework developed by the “Committee of Sponsoring Organizations of the Treadway Comission” (CoSO report).

The aim of the ERM approach is the informed analysis and evaluation of risk factors that could compromise the achievement of strategic goals, at the same time identifying instruments suited to the prevention, management and mitigation of the most relevant risks.

At least once a year, during the drafting of the budget, we carry out a global evaluation of risks, quantifying them and evaluating their possible impact both on the achievement of results and the management of our portfolio of shareholdings.

The participants in the Internal Control and Risk Management System

The Internal Control and Risk Management System involves various company bodies and functions:

the Board of Directors has final responsibility for the Internal Control and Risk Management System. In particular, it defines and modifies guidelines, in line with strategic objectives and the company’s risk profile

the director with responsibility in matters regarding the Internal Control and Risk Management System ensures the functioning and adequacy of the System. Usually, this is the Chief Executive Officer

the Control, Risks and Sustainability Committee has functions of consultation, proposal and monitoring of the System

the manager responsible for the internal audit function prepares an audit plan and submits it to the Control, Risks and Sustainability Committee so that it may propose its adoption to the Board of Directors; verifies the operation and suitability of the Internal Control and Risk Management System through the audit plan; promptly prepares reports on particularly important events

The Risk Manager carries out constant activities of analysis and monitoring of key risks. In particular, he or she maps company processes, documents the principals and measures of risk management; methodically facilitates the measurement of risks in terms of probability and impact, evaluating its effects; analyzes factors of risk mitigation, monitors actions plans for a better management of risk

The Board of Statutory Auditors monitors the Internal Control and Risk Management System, exchanging information in a timely manner with the Control, Risks and Sustainability Committee

The Supervisory Body carries the tasks foreseen in the Organizational Model and exchanges information with the Control, Risks and Sustainability Committee, the Board of Statutory Auditors, and periodically reports to the Board of Directors.

the manager responsible for the drafting of the company’s accounting documents, that oversees the system of internal administrative-accounting control

Corporate Governance Code

Risk management in the subsidiaries

For KOS, the prevention and management of risk is not only a legal obligation but also an indicator of quality, a guarantee for patients and collaborators and in the company’s interests.

From 2012, KOS has equipped itself with a model of Enterprise Risk Management, which includes guidelines, annual audits, company training, constant monitoring of processes, protocols aimed at safety and risk assessment.

The group has instituted two company responsibility functions, respectively for risk management and safety. KOS’s ERM model is periodically updated to reflect the group’s growth and internal organizational changes.

FIND OUT MORE ABOUT KOS RISK MANAGEMENT

Sogefi has implemented its own model of Enterprise Risk Management since 2012. In line with best practices, since January of 2019, Sogefi has had a separate Group Chief Risk Officer function.

The identification of risks addresses the key medium-long term strategic and economic drivers, the evaluation of which allows the Board of Directors to better grasp the scenarios that could compromise the achievement of targets, and to evaluate the actions to be taken, and with which priority, to prevent, mitigate or manage the main exposures.

Choose the cookies you wish to accept

Technical cookies: are necessary to permit your navigation on this website and use of its functions. In particular, they enable functions without which the full utilization of this website would not be possible, in that their presence enables basic functions like page navigation and access to protected areas on the website.

Third party analytical cookies: analytical cookies are used to monitor performances on this website, for example, to know the number of pages visited or the number of users who have visited a certain section. The cookies’ analysis generates statistical data that are also useful to evaluate eventual changes and improvements to the website itself. This website also uses Google Analytics, as a provider of statistical cookies, a web analysis service provided by Google, Inc. ("Google"). You can obtain more information about the activities of data handling deployed by Google Analytics at the following address: https://support.google.com/analytics/answer/6004245.

ACCEPT AND CONTINUE