Internal Control & Risk Management System
Safilo’s Internal Control and Risk Management System is the set of rules, procedures and operational areas of the Group designed to achieve the identification, the measurement, the management and the monitoring of the main risks, whose adequacy is subject to the control of the Global Internal Audit function.
Our Internal Control and Risk Management System also aims to safeguard the Group’s equity, the efficiency and effectiveness of our operations, the reliability of our financial information, and compliance with legislation and regulations, including the Articles of Association and internal procedures, in order to ensure a sound and efficient management, and to identify, prevent and manage the potential financial, operating and fraud risks affecting the Group.
Safilo’s Board of Directors defines the guidelines for the Internal Control and Risk Management System in accordance with the Group’s strategies and ensures that the principal risks affecting the Group and its subsidiaries are properly identified as well as adequately measured, managed and monitored. At least once a year, the Board of Directors assesses the appropriateness, effectiveness and effective operation of the Internal Control and Risk Management System with respect to the characteristics of the Group’s business.
Our Board of Directors performs its duties relating to the Internal Control and Risk Management System taking into due consideration the national and international benchmark models and best practices issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
The key components of our Internal Control and Risk Management System are the following:
Control and Risk Committee;
Board of Statutory Auditors;
Supervisory Committee;
Data Protection Officer;
Management (Planning, Administration and Control, Compliance & Sustainability);
Global Internal Audit function;
Audit Company.
FIRST CONTROL LEVEL – Risk Owners, Operational Areas. Identify, evaluate, manage and monitor the risks of related areas of competence; define and implement specific actions aimed at ensuring the correct execution of operations.
SECOND CONTROL LEVEL – Functions in charge of controlling and monitoring risks, Enterprise Risk Management (ERM). Monitor Group risks, propose guidelines regarding the related Internal Control and Risk Management System and verify their adequacy to ensure efficiency and effectiveness of operations, adequate risk control, sustainable business conduct, information reliability, compliance with laws, regulations and internal procedures. Safilo implemented an Enterprise Risk Management (ERM) framework, with the aim of identifying and monitoring critical areas of risk (business, operational and compliance). The results of these activities are discussed twice a year with the Control and Risk Committee, which provides its opinion on the adequacy of the Internal Control and Risk Management System.
THIRD CONTROL LEVEL – The Global Internal Audit function performs an important role within the Internal Control and Risk Management System, having the main responsibility for evaluating the adequacy and the functioning and the consistency with the guidelines defined by the Board of Directors of the control, risk management and corporate governance processes, through an independent assurance and consultancy activity, as well as through the involvement of the different corporate functions, so as to collect from them information, data and useful remarks.
For the main critical risk factors for the Group please refer to the Safilo Group's Annual Report.