Elements that Characterize the System of Internal Control

  • Organizational Model Pursuant to Legislative Decree No. 231/2001 - In July 2004, Edison and its main subsidiaries adopted the organizational model pursuant to Legislative Decree No. 231/2001 (the “231 Model”) designed to prevent the perpetration of the unlawful acts referred to in the corresponding Decree and, consequently, shield the Company from administrative liability. The Model, which was adopted following a detailed analysis of the Company’s operations to identify activities with a risk potential, includes a series of general principles, rules of conduct, control tools, administrative procedures, training and information programs, and disciplinary systems that are designed to prevent, as much as possible, the occurrence of the abovementioned crimes. The 231 Model includes a general section that explains the Model’s function and principles, as well as the content of Legislative Decree No. 231/2001 and other main reference statutes, and a section that represents the 231 Model’s own core and reviews the 231 Model’s content: from its adoption to the identification of at-risk activities, the definition of protocols, the characteristics and modus operandi of the Oversight Board, the information flows, the training and information activities, the penalty system and Model updates. The Model is completed by its annexes, which are an integral part of the 231 Model itself: 1) Code of Ethics, 2) Protocol to monitor the risk profiles identified in each unit, and 3) Expense Regulations and Guidelines for the management and award of powers of attorney. The Board of Directors appointed an Oversight Board (OB), which is responsible for ensuring that the 231 Model is functioning effectively and is kept up to date, and is required to report to the Board of Directors and the Board of Statutory Auditors at least once every six months. The OB is supported by the Internal Auditing Department, which established a dedicated support unit called Corporate Compliance & Ethics Function, as well as by the Legal & Corporate Affairs Division and the Human Resources & ITC Department. The General Counsel and the manager of the Internal Auditing Department also act as the Strategic Ethics & Compliance Officer and the Operational Ethics & Compliance Officer, respectively. Even though the law now provides the option of attributing to the Board of Statutory Auditors the functions of the OB, Edison’s Board of Directors did not find it appropriate to use this option, due to the special complexity of Edison’s organization and the specific competencies required to perform the tasks assigned to the OB. Virtually all of the subsidiaries designated as the OB a member of their Board of Statutory Auditors, who, in the case of major subsidiaries, is supported by a qualified external consultant. The Oversight Boards of Edison and its subsidiaries receive information flows on a regular basis (every six months) from the individuals responsible for the Model’s implementation (“Unit Officers”). The 231 Models of Edison and the subsidiaries are continuously updated in light of specific risk assessment activities in relation to the new types of crime introduced over time into the group of presumed crimes for 231/2001, as well as in light of organizational changes within the Group. An update of Edison’s 231 Model, approved by the Board of Directors at a meeting held on December 7, 2019, was carried out in 2019, to adapt to the new crime 231 of “trafficking in illicit influences”, through the integration of certain rules of conduct contained in the Code of Ethics and in the most impacted decision protocols. In this circumstance the anti-corruption guidelines adopted by the Company have also been integrated. Edison’s 231 Model will be updated again in 2020 to take into account two of the most recently introduced crimes in the 231 area (tax crimes and cybersecurity). An update of the 231 models and the anti-corruption guidelines of the subsidiaries, based on the work carried out by Edison, is in progress. In addition, training programs about the 231 Model, the Code of Ethics and the Anticorruption Guidelines, launched in 2014 continued in 2019 with the offering of multimedia on-line courses to all employees and help them achieve sufficiently detailed knowledge of those documents. The Board of Directors appointed Edison’s current OB on April 2, 2019. Its members include: an outside professional (Pietro Manzonetto), who serves as Chairman, and two independent Directors (Paolo Di Benedetto and Angela Gamba, appointed by the Board of Directors on April 28, 2020 to replace Natalie Tocci). On May 3, 2019, the Board of Directors, acting upon a recommendation by the Compensation Committee, confirmed for the members of the OB the same compensation amounts as in the previous mandate and confirmed the decision of awarding to the Chairman, who is not a Director, a higher compensation than the other two members. The OB met four times in 2019 and once in 2020. At those meetings, it reviewed primarily the findings of audit engagements, the information flows it received from the Unit Officers and the 231 training and compliance activities, and received information on the progress made in updating the Model of Edison and the subsidiaries, the Anti-corruption Guidelines. The OB reported every six months to the Board of Directors on the 231 Model’s adequacy and effectiveness, submitting a special report. In 2019, the members’ average attendance at meetings of the Oversight Board was 100%. The average length of each meeting was about one hour.
  • Code of Ethics - In September 2003, Edison approved a Code of Ethics that is consistent with best international practices. The Code, which defines the principles and values that are the foundation of corporate ethics and the corresponding rules of conduct and implementation procedures, has become an integral part of the 231 Model. The Code, which has been approved by the Group’s subsidiaries, is binding with regard to the conduct of all Group associates (Directors, employees and anyone who acts in the Company’s name by virtue of special proxies or powers of attorney), i.e., anyone who, for any reason and irrespective of the nature of the contractual relationship, contributes to the achievement of the Company’s purposes and objectives. A copy of the Code is provided to all employees and associates of the companies that adopted it. As already stated in previous Reports, the Code of Ethics has been subject to periodic revisions and updates, the last of which took place in December 2019, with the insertion of a new prescription within the rule of conduct governing “Relations with the Public Administration”.
  • Anti-corruption Guidelines - In May 2015, Edison’s Board of Directors, in view of the strategic choices made by the Company in recent years, which caused the Group to increase its activities outside Italy, and considering the efforts being made by national and international institutions to avert and prevent corruption crimes, adopted the “Anti-corruption Guidelines”. These guidelines play a key role within the broader policy pursued by the Group to stress and further emphasize its firm position of absolute rejection and opposition for any type of corruptive conduct, also in the case of activities carried out in foreign countries. The compliance programme thus developed, which insofar as Italy is concerned complements the 231 Model, is aimed at providing all Edison associates, as well as all those who contribute to the achievement of the Company’s purposes and objectives, with a systematic framework of the existing principles and rules that must be complied with at all times to prevent the occurrence of corruptive episodes in the areas of operating activity deemed to be most at risk. The corporate governance bodies of Italian and foreign subsidiaries independently adopted the “Anti-corruption Guidelines” and promptly ensure their timely dissemination and implementation. More recently, at a meeting held on December 7, 2019, Edison’s Board of Directors adopted an updated version of the AntiCorruption Guidelines, with the aim of including conduct that falls within the scope of the new “trafficking in illicit influences.”
  • Accounting Control Model pursuant to Law No. 262/2005 concerning financial disclosures -Following the enactment of Law No. 262/2005 on the protection of investments, Edison upgraded, when appropriate, the accounting procedures it uses to prepare financial disclosures and defined the governance rules for the 262 Accounting Control Model it developed, as well as the rules to manage on an ongoing basis regular audits and certifications of the adequacy and effective operation of the 262 Model it developed and assigned responsibilities within its organization. Additional information is provided in the section of this Report entitled “Financial Statement Reporting and Risk Management and Internal Control System in Relation to the Financial Disclosure Process”.
  • Tax Control Framework - Edison has a Tax Policy which sets out the basic principles and guidelines of its tax strategy and is a means of dissemination, with a view to guaranteeing the proper and timely fulfilment of tax obligations and more generally compliance with tax legislation, as well as guaranteeing the proper and efficient management of Group taxation. To this end, the Group has adopted and implemented a Tax Control Framework (TCF) which is part of the broader internal control and risk management system, consisting of a system for detecting, managing and monitoring tax risks in relation to the activities falling within the processes managed by the various business areas, and based on the following key features: - A body of corporate regulations relating to the management of tax-relevant processes and a set of Risk & Control Matrices which describe the tax risks potentially applicable to corporate processes and the existing control mechanisms to mitigate the risk; - A system of information flows between Edison’s Accounting & Tax Department and the Group’s Organizational Units; - A process of regular monitoring of the adequacy and effective application of the TCF. The Internal Auditing Department, supporting the CFO and the Accounting & Tax Department, has the duty of assessing, through testing activities, the efficiency and effective application of the TCF.
  • Safety, Environmental Protection and Quality - Edison has adopted a system of procedures and organizational structures specifically designed to manage data security issues (including those related to compliance with privacy statutes), the protection of the environment, the safety of its facilities and employees, and the quality of the services it provides.
  • Compliance with Other Laws and Regulations - The task of monitoring changes in and compliance with laws and regulations has been assigned to the Legal & Corporate Affairs Division (for general legal and corporate issues) and to the Sustainability, Institutions & Regulation Division (for issues related to industry regulations), and as of May 7, 2018, to the Personal Data Protection Function (for privacy and personal data protection issues (GDPR)).
  • Data Protection Officer - On May 4, 2018, Edison’s Board of Directors approved a New Privacy Management Model, defining guidelines for the management of corporate and intragroup organizational relations and for the necessary coordination of operating and compliance activities with regard to the processing of personal information. To coordinate the methods for managing personal data processing and the full implementation of the new legislative context, the Board of Directors appointed a Data Protection Officer (DPO) at its meeting on May 4, 2018.
  • Ethics & Compliance Officer - To fully achieve its mission of developing sustainable energy solutions, Edison has enacted a system of policies and procedures to ensure that all of its business activities are inspired by ethics and compliance. In this context, and in line with Group policies and best practices on ethics and compliance, as of December 14, 2018, specific Ethics & Compliance Officers were introduced to supplement institutional responsibilities on the matters of ethics and compliance, to promote the guidelines and policies concerning business ethics and company compliance, and supervise the existing system of policies and legislation, encouraging its updating and dissemination within the Company, employee training on the relative content and the management of their application. To effectively meet these responsibilities, Edison identified the General Counsel, a member of the Executive Committee, and manager of the Legal & Corporate Affairs Division, as the Strategic Ethics & Compliance Officer, with the primary responsibility of identifying ethics and compliance guidelines and targets and ensuring that they are shared during meetings of the Audit and Ethics Committee as well as the Executive Committee; at the same time, the individual responsible for the Internal Auditing Department was appointed as the Operational Ethics & Compliance Officer who, within the scope of the targets and guidelines defined as noted above and under the supervision and coordination of the Strategic Ethics & Compliance Officer, ensures that the operational implementation plans are supervised and guarantees periodic reporting on their proper implementation.
  • Antitrust Code - To supplement the compliance requirements of Code of Ethics, the Company adopted an Antitrust Code that sets forth rules of conduct that must be followed to comply with antitrust laws
  • Strategic Planning, Management Control and Reporting - Edison has adopted a structured planning, control, management and reporting system that it uses at regular intervals to define the Company’s strategies and objectives and develop its budget and business plan.
  • Enterprise Risk Management (ERM) - As mentioned earlier in this Report, Edison developed an integrated risk management model (ERM). The main purpose of ERM is to adopt a systematic approach to mapping a company’s priority risks, preemptively assess their potential negative effects and take appropriate actions to mitigate them. With this in mind, Edison adopted a risk mapping and risk scoring methodology that assigns a relevance index to each risk based on an assessment of its overall impact, probability of occurrence and level of control, and a Corporate Risk Model, developed in accordance with best industry and international practices that places within an integrated framework the different types of risks that characterize the businesses that the Group operates: -risks related to the external environment, depending on market conditions, the competitive environment within which the Group operates and changes in the political, legislative and regulatory framework; -operational risks, which are tied to processes, structures and business management systems, specifically regarding production and distribution activities; - strategic risks, which are related to the definition and implementation of the Company’s strategic guidelines. More specifically, with the coordination of the Risk Office, the managers of the various Company departments map and assess risks within their scope of activity through a risk self-assessment process and provide an initial indication of the mitigating actions associated with those risks. The results of this process are then consolidated at the central level in a mapping system in which risks are prioritized based on the resulting scores and aggregated to facilitate the coordination of mitigation plans with the aim of managing risks on an integrated basis. The Enterprise Risk Management process is closely linked with the medium/long-term planning process with the aim of associating the Group’s overall risk profile with the projected profitability resulting from the plan/budget document. The results produced by the ERM and risk self-assessment are communicated at scheduled intervals at meetings of the Control and Risk Committee and the Board Directors and are used by the Internal Auditing Department as a source of information for the preparation of specific risk-based audit plans. The ERM system is supported by a dedicated IT tool. The main risks and uncertainties affecting Edison and its subsidiaries are discussed in a separate chapter of the Report on Operations and in the notes to the consolidated financial statements.
  • Energy Risk Management - In 2006, consistent with best industry practices, the Company, based on a favourable opinion by the Control and Risk Committee (formerly the Internal Control Committee) approved an Energy Risk Policy that defines the objectives and guidelines of the Group’s risk management policy with regard to Group commodity activities. With regard to the risk tied to fluctuations in the prices of the energy commodities it uses, the derivative products and the related foreign exchange risk, the Group adopted a governance structure that includes the following: (i) approval of the overall risk ceiling for the Group by the Board of Directors of Edison; (ii) creation of a Risk Committee that comprises the Chief Executive Officer, Chief Financial Officer, Risk Officer, the manager of the Gas Midstream, Energy Management & Optimization Division, the manager of the Exploration & Production Division and the Chief Executive Officer of the subsidiary Edison Energia and, until the absorption of the company by Edison, that of Edison Trading, and is responsible for reviewing, at least once a month, the levels of assumed risks, comparing them with the ceilings approved by the Board of Directors, and approving the hedging strategies that may be appropriate if the approved ceiling has been exceeded; (iii) separation of the organization responsible for measuring and controlling risk exposure and defining risk- hedging strategies, which is centralized at Edison under the supervision of its Chief Financial Officer, from financial market transactions, centralized at Edison Trading for commodity transactions and at the Finance & Treasury Department for foreign currency transactions. For further details on risk management, please refer to the “Risks and Uncertainties” section of the Report on Operations.
  • System of Corporate Operating Procedures - In order to ensure that corporate directives are properly implemented and the risks entailed by the achievement of corporate objectives are minimized, Edison adopted a set of procedures that regulate internal processes, governing both activities that are carried out internally by each organizational entity and transactions with other entities.
  • Information Systems - Virtually all corporate processes used by Edison and its subsidiaries are supported by information systems developed with last-generation technologies and packages capable of supporting both business activities and accounting and financial processes. The use of these systems is governed by internal procedures that guarantee safety, privacy and correct use. In addition, availability (i.e., the possibility of accessing data when needed) is guaranteed by a highly redundant hardware and software architecture to minimize the possibility of single point of failure; privacy (i.e., the availability of data and information only to authorized users) is assured by a segregation of duties planned in advance and implemented in the systems by means of user profiles; security is guaranteed by a hardware and software infrastructure designed specifically with this requirement in mind, which is maintained on an ongoing basis and tested periodically. In addition, since 2017, applications have been transferred to the data centre of the parent company EDF in Noé (France), with further strengthening of security and the level of redundancy in the case of a disaster. Applications are highly integrated in order to minimize any instance of multiple data entries and automate process flows. A portion of the services is provided under outsourcing contracts with top suppliers who are IT industry leaders. These contracts cover all of the tools (periodic reporting, organization of the service, SLA, penalties) to facilitate management and control by Edison..
  • Organizational Structure - The Group’s overall organizational structure is defined by a set of Organizational Memoranda issued by the Chief Executive Officer consistent with the corporate governance model. These Memoranda identify the managers who are responsible for the various Divisions, Departments and Business Units. In turn, the managers who are responsible for the various Divisions, Departments and Business Units develop similar Organizational Memoranda, which, once they are published following a review by the Chief Executive Officer, define the Group’s organization at the operational level. Any employee can access the Organizational Memoranda on the Company intranet. The Board of Directors is informed on a regular basis about major organizational changes and reviews those that are particularly significant.
  • Delegation of Power and Authority -Executive powers are conveyed to managers through general or special powers of attorney that convey powers commensurate with their management responsibilities. The 231 Model includes guidelines that govern the awarding of powers of attorney.
  • Human Resources - In the area of human resources, Edison has adopted an official procedure to recruit and hire employees and to plan and manage employee training and uses a structured, multi-year system to plan for human resource needs. A process to evaluate the performance and professional potential of executives, professionals and newly hired employees with college degrees and formal compensation policies that are based on an ongoing comparison with best practices and on market conditions are also in use. In the case of executives and middle managers with significant business responsibilities, a portion of their compensation is variable and is commensurate with the achievement of objectives that are set each year in accordance with a structured performance management system. This system includes a long-term incentive program for management based on medium/long-term objectives. Edison has been providing training about internal controls for a number of years. The objectives and content of these training program are described in a separate section of the Report on Operations.
  • Sustainability - Sustainable development is a central element of Edison’s business model. The creation of value is predicated on the ability to concurrently pursue economic objectives and a steady reduction of environmental impacts, thereby meeting the expectations of all stakeholders. For further details on this matter, please refer to the Non-Financial Statement. The effectiveness of the elements characterizing the internal control system outlined above is monitored directly by corporate managers, each in the area under his or her jurisdiction, and, independently, by Edison’s Internal Auditing Department, which carries out risk-based auditing and assessment activities. The findings of each audit are submitted to the Chief Executive Officer and the Company’s managers and are presented on a regular basis to the Control and Risk Committee, which, in turn, reports to the Board of Directors and the Board of Statutory Auditors.


Edison Tax Policy 0.13 MB download
ZIP 0.13 MB All documents