1. at first level operating managers, head of department/function and process owners in general are assigned to define and manage “line controls” inherent to the operational processes. Risks’ identification and evaluation are intended to identify events potentially impacting on the achieved results in terms of business goals (e.g. turnover levels, sustainable rate of return, cost saving, client satisfaction, etc.) and of management goals (e.g. security, regulatory compliance, reliability of financial information, and so on);
2. at second level, corporate functions like Risk Management, Finance, Legal, Quality, Security and other auditing bodies (e.g. ISO) are responsible to oversee the risks’ assessment and control, thus ensuring coherence with the corporate goals and the organisational segregation criteria allowing a proper and effective risk monitoring;
3. at third level the Board of Directors define business and management goals as well as risk policies while control bodies (Statutory Auditors, Internal Audit, Internal Control Committee and Supervisory Board, provide assurance on the design and the functioning of the whole system and suggest the appropriate corrective actions according to their independence and the special control tasks assigned by laws and regulations.

Back to the Internal Control System