Consolidated Financial Statements >
Directors’ Report
140
| 2012 annual report prysmian group
THE RISK MANAGEMENT AND INTERNAL CONTROL SYSTEMS RELEVANT TO
THE FINANCIAL REPORTING PROCESS
1) Introduction
Internal controls for managing financial reporting risks form
part of the overall system of internal control. Such controls
have the purpose of guaranteeing the reliability, accuracy,
completeness and timeliness of financial reporting.
In order to ensure oversight of the internal control system
and to comply with the recommendations of the Italian Stock
Exchange Self-Regulatory Code, the Board of Directors has
appointed Valerio Battista, the Chief Executive Officer, as
Executive Director in charge of supervising the operation of
the internal control system. Accordingly, he has been formally
assigned responsibility for monitoring the adequacy, efficiency
and effectiveness of the overall internal control system,
including the specific controls over financial reporting.
The Board of Directors has also appointed the Head of Internal
Audit as the Manager in charge of internal control, with
responsibility for verifying that the internal control system is
operating adequately and effectively.
The Internal Audit Department draws up an annual audit plan
based on an assessment of risks. Risk factors are analysed and
revised every year to ensure that the audit plan properly covers
the risks to which the Group is exposed.
In accordance with the Italian Stock Exchange Self-Regulatory
Code for Listed Companies - Ed. 2011 and international
best practices, the Group has developed a dynamic system
of enterprise risk management (“ERM”) which will further
enhance the audit planning activity by providing a systematic
and structured framework for risk identification and process
analysis. The planning activity also includes specific interviews
with senior management in order to identify further risks,
uncertainties or specific audit requests to be taken into
consideration. The results of previous internal audit activities
are also analysed to identify potential trends, any widespread
weaknesses in internal control and similar recommendations
which may indicate areas requiring additional focus.
The implementation status of previous internal audit
recommendations is also reviewed. During these activities,
risks related to business planning and financial reporting are
always considered as one of the main areas of risk to which
the business is exposed. Once these activities are completed,
the annual internal audit plan is submitted for approval, first
by the Control and Risks Committee and then by the Board of
Directors.
In conducting internal audit activities, the Head of Internal
Audit and the Internal Audit Department are given complete
access to all relevant data, documentation, information and
personnel to enable them to perform each audit.
The Head of Internal Audit attends every meeting of the
Control and Risks Committee. The results of internal auditing
activities are reported to the committee along with key
findings and remediation actions. The status of the audit plan
is reported during each meeting and any significant deviations
or anticipated deviations are discussed and confirmed.
The implementation status of audit recommendations or
remediation actions is reported to the Control and Risks
Committee.
2) Main features of the system of controls over the financial
reporting process
Prysmian Group maintains a system of administrative and
accounting procedures to ensure a reliable system of internal
control over financial reporting. The Company uses policies,
procedures and operating instructions to guarantee an
effective flow of information from its operating companies.
These include the Group Accounting Manual (rules for the use
and application of accounting policies), the Administrative
Processes Manual, the procedures for creating and publishing
financial information and other procedures for the preparation
of the consolidated financial statements and interim financial
reports (including the chart of accounts, the consolidation
procedures and procedures for related party transactions).
Prysmian Group head office functions are responsible for
distributing this documentation to operating companies, all
of whom can access these accounting policies, procedures
and rules through the Group’s intranet site. The operating
companies also issue local policies, procedures and rules that
comply with the Company’s guidelines.
The Company has adopted a centrally coordinated evaluation
system and attestation process for the purposes of ensuring
the adequacy and effectiveness of the internal control system,
which includes controls over the financial reporting process
also to comply with Law 262/05 (Investor Protection Act).
This system has been developed using the COSO framework
to identify key risks and thus the required key controls to be
established to mitigate the risks identified and to ensure the
internal control system operates effectively. A scoping exercise
has also been carried out to identify the Prysmian Group’s
critical processes and sub-processes and the functions to be
included within the system. This exercise was updated in 2011
further to the acquisition of the Draka business.
The Internal Audit Department implements the system and
independently tests the identified key controls for each of the
Group’s operating companies and processes.
Areas for improvement identified during the auditing activities
are reported to the Company’s senior management and also
to the Control and Risks Committee. An action plan is agreed
