Elements that Characterize the System of Internal Control

  • Organisational Model Pursuant to Legislative Decree No. 231/2001 - In 2004, Edison and the main subsidiaries adopted the organisational model pursuant to Legislative Decree No. 231/2001 (the 231 Model) designed to prevent the perpetration of the unlawful acts referred to in the corresponding Decree and, consequently, shield the Company from administrative liability. The Model, which was adopted following a detailed analysis of the Company’s operations to identify activities with a risk potential, includes a series of general principles, rules of conduct, control tools, administrative procedures, training and information programs, and disciplinary systems that are designed to prevent, as much as possible, the occurrence of the above-mentioned crimes. The 231 Model includes a general section that explains the Model’s function and principles, as well as the content of Legislative Decree No. 231/2001 and other main reference statutes, and a section that represents the 231 Model’s own core and reviews the 231 Model’s content: from its adoption to the identification of at-risk activities, the definition of protocols, the characteristics and modus operandi of the Oversight Board, the information flows, the training and information activities, the penalty system and Model updates. The Model is completed by its annexes, which are an integral part of the 231 Model itself: 1) Code of Ethics, 2) Protocol to monitor the risk profiles identified in each unit, and 3) Expense Regulations and Guidelines for the management and award of powers of attorney.
    The Board of Directors appointed an Oversight Board (“OB”), which is responsible for ensuring that the 231 Model is functioning effectively and is kept up to date, and is required to report to the Board of Directors and the Board of Statutory Auditors at least once every six months. The OB is supported by the Internal Auditing Department, which established a dedicated support unit called Corporate Compliance & Ethics Function, as well as by the Legal & Corporate Affairs Division and the Human Resources & ITC Department. The General Counsel and the manager of the Internal Auditing Department also act as the Strategic Ethics & Compliance Officer and the Operational Ethics & Compliance Officer, respectively.
    Even though the law now provides the option of attributing to the Board of Statutory Auditors the functions of the OB, Edison’s Board of Directors did not find it appropriate to use this option, due to the special complexity of Edison’s organisation and the specific competencies required to perform the tasks assigned to the OB. Virtually all of the subsidiaries designated as the OB a member of their Board of Statutory Auditors, who, in the case of major subsidiaries, is supported by a qualified external consultant.
    The Oversight Boards of Edison and its subsidiaries receive information flows on a regular basis (every six months) from the individuals responsible for the Model’s implementation (“Unit Officers”).
    The 231 Models of Edison and the subsidiaries are continuously updated in light of specific risk assessment activities in relation to the new types of crime introduced over time into the group of presumed crimes for 231/2001 purposes, as well as in light of organisational changes within the Group. In 2020, Edison’s 231 Model was updated, approved by the Board of Directors on December 7, 2020, for the purpose, in particular, of the adjustment following the introduction of tax offences and a few additional offences against the Public Administration into the group of predicate offences for 231 purposes, through the integration of some rules of conduct in the Code of Ethics and in the most impacted decision protocols. In this circumstance, the existing protocols were also integrated with the reference to controls already present in Edison’s Tax Control Framework and a specific new protocol dedicated to the processing, filing and signing of tax returns was established. Edison’s 231 Model will be further updated during 2021 to take account of the legislative developments regarding the “scope of cybernetic national security”. An update of the 231 Models of the subsidiaries, based on the work carried out by Edison, is in progress.
    In addition, training programmes on the 231 Model, the Code of Ethics and the Anti-corruption Guidelines, launched in 2014 continued in 2020 with the addition of some multimedia on-line courses of a module on the “trafficking of illicit influences”, to help achieve sufficiently detailed knowledge of those documents.
    Edison’s OB, appointed by the Board of Directors on April 2, 2019, is currently composed of an external professional (Pietro Manzonetto), with the role of Chairman, and two independent directors (Paolo Di Benedetto and Angela Gamba, who succeeded Nathalie Tocci on April 28, 2020).
    On May 3, 2019, the Board of Directors, acting upon a recommendation by the Compensation Committee, confirmed for the members of the OB the same compensation amounts as in the previous mandate and confirmed the decision of awarding to the Chairman, who is not a Director, a higher compensation than the other two members.
    The OB met three times in 2020 and held a further three joint meetings with the Oversight Boards of the Subsidiaries, and a meeting in 2021. At those meetings, it primarily reviewed the findings of audit engagements, the information flows it received from the Unit Officers and the 231 training and compliance activities, as well as the other ethics & compliance initiatives undertaken, and received information on the progress made in updating the Model of Edison and the subsidiaries and the Anti-corruption Guidelines. The OB was also constantly informed of the provisions gradually assumed by the Group Crisis Committee set up in 2020 by Edison for the purposes of containing the COVID-19 epidemic. The OB also reported every six months to the Board of Directors on the 231 Model’s adequacy and actual functioning, submitting a special report.
    In 2020, the members’ average attendance at meetings of the Oversight Board was almost 100%. The average length of each meeting was about one hour and fifteen minutes.
  • Code of Ethics - In September 2003, Edison approved a Code of Ethics that is consistent with best international practices. The Code, which defines the principles and values that are the foundation of corporate ethics and the corresponding rules of conduct and implementation procedures, has become an integral part of the 231 Model. The Code, which has been approved by the Group’s subsidiaries, is binding with regard to the conduct of all Group associates (Directors, employees and anyone who acts in the Company’s name by virtue of special proxies or powers of attorney), i.e., anyone who, for any reason and irrespective of the nature of the contractual relationship, contributes to the achievement of the Company’s purposes and objectives. A copy of the Code is provided to all employees and associates of the companies that adopted it. As set out in the previous Reports, the Code of Ethics was subject to periodic revisions and updates, the last of which occurred in December 2020, with the insertion of a new provision dedicated to tax, entitled “Tax transparency and compliance”, and with the integration of some rules already present in the rules of conduct that govern “Relations with suppliers”, “Relations with other external entities” and “Relations with the Public Administration”.
  • Anti-corruption Guidelines - In May 2015, Edison’s Board of Directors, in view of the strategic choices made by the Company in recent years, which caused the Group to increase its activities outside Italy, and considering the efforts being made by national and international institutions to avert and prevent corruption crimes, adopted the “Anti-corruption Guidelines”. These guidelines play a key role within the broader policy pursued by the Group to stress and further emphasise its firm position of absolute rejection and opposition for any type of corruptive conduct, also in the case of activities carried out in foreign countries. The compliance programme thus developed, which insofar as Italy is concerned complements the 231 Model, is aimed at providing all Edison associates, as well as all those who contribute to the achievement of the Company’s purposes and objectives, with a systematic framework of the existing principles and rules that must be complied with at all times to prevent the occurrence of corruptive episodes in the areas of operating activity deemed to be most at risk. The corporate governance bodies of Italian and foreign subsidiaries independently adopted the “Anti-corruption Guidelines” and promptly ensure their timely dissemination and implementation. More recently, at a meeting held on December 7, 2019, Edison’s Board of Directors adopted an updated version of the Anti-corruption Guidelines, with the aim of including conduct that falls within the scope of the new “trafficking in illicit influences.”
  • Whistleblowing System - Edison provides employees, business partners, suppliers and other entities from outside the company organisation with the possibility of reporting, including anonymously, through various channels, including, from 2016, through a dedicated on-line platform.
    The Whisteblowing Policy, published on the company website, governs the methods of sending, receiving, managing and processing the reports received, as well as the entities involved in the preliminary investigation activity, in respect of the protection of the whistleblower and the reported person.
    The Whisteblowing Policy was revised in 2018 to take account of the changes introduced by Law no. 179 of November 30, 2017 (“Provisions for the protection of authors of reports of crimes or irregularities which they have become aware of as part of a public or private employment relationship”) which, with reference to the private sector, made provision, through amendments to art. 6 of Legislative Decree no. 231 of 2001, for the protection of the employee or associate who reports illicit conduct or violations of the entity’s organisation and management model, as well as the preparation (i) of one or more channels that allow reports to be sent, at least one of which is suitable to guarantee - using computerised methods - the confidentiality of the identity of the whistleblower in the management of the reporting and (ii) and disciplinary sanctions against those who violate the whistleblower protection measures.
  • Accounting Control Model pursuant to Law No. 262/2005 concerning financial reporting - Following the enactment of Law No. 262/2005 on the protection of investments, Edison upgraded, when appropriate, the accounting procedures it uses to prepare financial disclosures and defined the governance rules for the 262 Accounting Control Model it developed, as well as the rules to manage on an ongoing basis regular audits and certifications of the adequacy and effective operation of the 262 Model it developed and assigned responsibilities within its organisation. Additional information is provided in the paragraph of this Report entitled “Financial Statement Reporting and Risk Management and Internal Control System in Relation to the Financial Disclosure Process”.
  • Tax Control Framework - Edison has a Tax Policy which sets out the basic principles and guidelines of its tax strategy and is a means of dissemination, with the aim of ensuring the correct and timely compliance with tax obligations and more generally the compliance with tax regulations, and to ensure the correct and efficient management of the Group’s taxation system. To this end, the Group has adopted and implemented a Tax Control Framework (TCF) which is part of the broader internal control and risk management system, consisting of a system for detecting, managing and monitoring tax risks in relation to the activities falling within the processes managed by the various business areas, and based on the following key features:
    • a body of corporate regulations relating to the management of tax-relevant processes and a set of Risk & Control Matrices which describe the tax risks potentially applicable to corporate processes and the existing control mechanisms to mitigate the risk;
    • a system of information flows between Edison’s Accounting & Tax Department and the Group’s organisational units;
    • a process for the periodic control of the TCF’s adequacy and effective implementation.
    The Internal Auditing Department, supporting the CFO and the Accounting & Tax Department, has the duty of assessing, through testing activities, the effectiveness and effective application of the 262 Model and the TCF model.
  • Safety, Environmental Protection and Quality - Edison has adopted a system of procedures and organisational structures specifically designed to manage data security issues (including those related to compliance with privacy statutes), the protection of the environment, the safety of its facilities and employees, and the quality of the services it provides.
  • Compliance with Other Laws and Regulations - The task of monitoring changes in and compliance with laws and regulations has been assigned to the Legal & Corporate Affairs Division (for general legal and corporate issues) and to the Sustainability, Institutions & Regulation Division (for issues related to industry regulations), and as of May 7, 2018, to the Personal Data Protection Function (for privacy and personal data protection issues - GDPR).
  • Data Protection Officer - On May 4, 2018, Edison’s Board of Directors approved a New Privacy Management Model, defining guidelines for the management of corporate and intragroup organisational relations and for the necessary coordination of operating and compliance activities with regard to the processing of personal information. To coordinate the methods for managing personal data processing and the full implementation of the new legislative context, the Board of Directors created the post of Data Protection Officer (DPO) at its meeting on May 4, 2018, entrusting the Chief Executive Officer with the appointment of said person.
  • Ethics & Compliance Officer - To fully achieve its mission of developing sustainable energy solutions, Edison has enacted a system of policies and procedures to ensure that all of its business activities are inspired by ethics and compliance. In this context and in line with the group policy and best practices on Ethics and Compliance as of December 14, 2018, specific Ethics & Compliance Officers were introduced to supplement institutional responsibilities on the matters of ethics and compliance, to promote the guidelines and policies concerning business ethics and company compliance, and supervise the existing system of policies and regulations, encouraging their updating and dissemination within the Company, employee training on the relative content and the monitoring of their application. In order to effectively fulfil these responsibilities, Edison has identified the person of the General Counsel, member of Comex, and Head of the Legal & Corporate Affairs Division, Strategic Ethics & Compliance Officer, with the primary responsibility of identifying ethics and compliance guidelines and targets and ensuring that they are shared during meetings of the Audit and Ethics Committee as well as the Executive Committee; at the same time, the individual responsible for the Internal Auditing Department was appointed as the Operational Ethics & Compliance Officer who, within the scope of the targets and guidelines defined as noted above and under the supervision and coordination of the Strategic Ethics & Compliance Officer, ensures that the operational implementation plans are supervised and guarantees periodic reporting on their proper implementation.
  • Anti-trust Code - To supplement the compliance requirements of the Code of Ethics, the Company adopted an Anti-trust Code that sets forth rules of conduct that must be followed to comply with antitrust laws.
  • Strategic Planning, Management Control and Reporting - Edison has adopted a structured planning, management control and reporting system that it uses to define the Company’s strategies and objectives and develop its budget and business plan.
  • Enterprise Risk Management (ERM) - As mentioned earlier in this Report, Edison developed an integrated risk management model (ERM). The main purpose of ERM is to adopt a systematic approach to mapping a company’s priority risks, pre-emptively assess their potential negative effects and take appropriate actions to mitigate them. With this in mind, Edison adopted a risk mapping and risk scoring methodology that assigns a relevance index to each risk based on an assessment of its overall impact, probability of occurrence and level of control, and a Corporate Risk Model, developed in accordance with best industry and international practices that places within an integrated framework the different types of risks that characterise the business in which the Group operates:
    • risks related to the external environment, depending on market conditions, the competitive environment within which the Group operates and changes in the political, legislative and regulatory framework;
    • operational risks related to business processes, structures and management systems, in particular with regard to production and marketing activities;
    • strategic risks, relating to the definition and implementation of the Company’s strategic guidelines.
    More specifically, with the coordination of the Risk Office, the managers of the various Company departments map and assess risks within their scope of activity through a risk self-assessment process and provide an initial indication of the mitigating actions associated with those risks.
    The results of this process are then consolidated at the central level into a mapping system in which risks are prioritised based on the scores assigned to them and aggregated, so as to facilitate the coordination of mitigation plans within the framework of an integrated risk management approach. The Enterprise Risk Management process is closely linked with the medium/long-term planning process with the aim of associating the Group’s overall risk profile with the projected profitability resulting from the plan/budget document. The results produced by the ERM and risk self-assessment are communicated at scheduled intervals at meetings of the Control and Risk Committee and the Board Directors and are used by the Internal Auditing Department as a source of information for the preparation of specific risk-based audit plans.
    The ERM system is supported by a dedicated IT tool. The main risks and uncertainties affecting Edison and its subsidiaries are discussed in a separate chapter of the Report on Operations and in the notes to the consolidated financial statements.
  • Energy Risk Management - In 2006, consistent with best industry practices, the Company, based on a favourable opinion by the Control and Risk Committee (formerly the Internal Control Committee) approved an Energy Risk Policy that defines the objectives and guidelines of the Group’s risk management policy with regard to Group commodity activities. With regard to the risk tied to fluctuations in the prices of the energy commodities it uses, the derivative products and the related foreign exchange risk, the Group adopted a governance structure that includes the following:
    • approval of the overall risk ceiling for the Group by the Board of Directors of Edison;
    • the establishment of a Risk Committee, composed of the Chief Executive Officer, the Chief Financial Officer, the Risk Officer, the Manager of the Gas Midstream, Energy Management & Gas Infrastructures Division (replaced, on January 1, 2021 by the Manager of the Gas & Power Portfolio Management & Optimisation Division), the Manager of the Exploration & Production Division, as well as by the Chief Executive Officer of the subsidiary Edison Energia, with the task of supervising, at least on a monthly basis, the risk levels assumed with respect to the limits approved by the Board, and approving the appropriate hedging strategies in the event the approved limits are exceeded;
    • the separation of the organisation responsible for measuring and controlling risk exposure and defining risk-hedging strategies, which is centralised at Edison under the supervision of its Chief Financial Officer, from financial market transactions, centralised in the Gas Report on Corporate Governance and the Company’s Ownership Structure 2020 CORPORATE GOVERNANCE I 53 Midstream, Energy Management & Gas Infrastructures Division (from January 1, 2021 in the Gas & Power Portfolio Management & Optimisation Division) for commodity transactions and in the Finance & Treasury Department for foreign currency transactions. For further details on risk management, please refer to the “Risks and Uncertainties” paragraph of the Report on Operations.
  • System of Corporate Operating Procedures - In order to ensure that corporate directives are properly implemented and the risks entailed by the achievement of corporate objectives are minimised, Edison adopted a set of procedures that regulate internal processes, governing both activities that are carried out internally by each organisational entity and transactions with other entities.
  • Information Systems - Virtually all of Edison’s and its subsidiaries’ corporate processes are supported by information systems developed with latest-generation technologies and packages capable of supporting both the activities of the business areas and accounting and financial processes. The use of these systems is governed by internal procedures that guarantee safety, privacy and correct use. In addition, availability (i.e., the possibility of accessing data when needed) is guaranteed by a highly redundant hardware and software architecture to minimise the possibility of single point of failure; privacy (i.e., the availability of data and information only to authorised users) is assured by a segregation of duties implemented in the systems by means of user profiles; security is guaranteed by a hardware and software infrastructure designed specifically with this requirement in mind, which is maintained on an ongoing basis and tested periodically. In addition, since 2017, applications have been transferred to the data centre of the parent company EDF in Noé (France), with further strengthening of security and the level of redundancy in the case of a disaster. Applications are highly integrated in order to minimize any instance of multiple data entries and automate process flows. A portion of the services is provided under outsourcing contracts with top suppliers who are IT industry leaders. These contracts cover all of the tools (periodic reporting, organisation of the service, SLA, penalties) to facilitate management and control by Edison.
  • Organisational Structure - The Group’s overall organisational structure is defined by a system of Organisational Communications issued by the Chief Executive Officer, consistent with the corporate governance model. These Communications identify the managers who are responsible for the various Divisions, Departments and Business Units. In turn, the managers who are responsible for the various Divisions, Departments and Business Units develop similar Organisational Communications, which, once they are published following a review by the Chief Executive Officer, define the Group’s organisation at the operational level. Any employee can access the Organisational Communications on the Company intranet. The Board of Directors is informed on a regular basis about major organisational changes and reviews those that are particularly significant.
  • Delegation of Power and Authority - Executive powers are conveyed to managers through general or special powers of attorney that convey powers commensurate with their management responsibilities. The 231 Model includes guidelines that govern the awarding of powers of attorney.
  • Human Resources - In the area of human resources, Edison has adopted an official procedure to recruit and hire employees and to plan and manage employee training and uses a structured, multi-year system to plan for human resource needs. A process to evaluate the performance and professional potential and skills of executives, professionals and newly hired employees with college degrees and formal compensation policies that are based on an systematic comparison with best practices and on market conditions are also in use. In the case of executives and middle managers with significant business responsibilities, a portion of their compensation is variable and is commensurate with the achievement of objectives that are set each year in accordance with a structured performance management system. This system includes a long-term incentive programme for a selected group of Key Managers based on medium/long-term objectives. Edison has been providing training about internal controls for a number of years. The objectives and content of these training programmes are described in a separate section of the Report on Operations.
  • Sustainability - Sustainable development is a central element of Edison’s business model. The creation of value depends on the ability to combine economic objectives with the evaluation and mitigation of environmental and social impacts, and generating long-lasting value for all of Edison’s relevant stakeholders. For further details on this matter, please refer to the Non Financial Disclosure.
    The effectiveness of the elements characterising the internal control system outlined above is monitored directly by corporate managers, each in the area under his or her jurisdiction, and, independently, by Edison’s Internal Auditing Department, which carries out risk-based auditing and assessment activities. The findings of each audit are submitted to the Chief Executive Officer and the Company’s managers and are presented on a regular basis to the Control and Risk Committee, which, in turn, reports to the Board of Directors and the Board of Statutory Auditors.

RESOURCES

Edison Tax Policy 0.13 MB download
ZIP 0.13 MB All documents