Short Explanation of the System

The Company’s Internal Control and Risk Management System (“ICRMS”) consists of a set of instruments, organizational structures and company procedures aimed at contributing, through a process of identification, management and monitoring of the main risks the Company is exposed to, in order to achieve a management system which is proper and consistent with the objectives set by the Board of Directors. 

The Company’s ICRMS is integrated within the more general organizational and corporate governance structures implemented by the Company and takes into account relevant models and recommendations provided for by the Corporate Governance Code of listed companies issued by Borsa Italiana S.p.A., as well as any relevant national and international best practices on the matter. 

Fincantieri has adopted the framework “CoSO – Internal Control Integrated Framework” and “COBIT – Control Objectives for Information and related Technology” as the main company-wide instruments for the assessment of the Internal Control and Risk Management  System, with particular reference to financial reporting. 

The ICRMS allows for, at the same time, the identification, measurement, management and monitoring of the main risks, as well as the soundness, accuracy, reliability and timeliness of financial reporting. 

Fincantieri is well aware that an effective ICRMS contributes toward managing the business in line with corporate objectives set by the Board of Directors, facilitating informed decisions. In particular, the ICRMS contributes toward ensuring the safeguarding of corporate assets, efficiency and effectiveness of corporate processes, the reliability of financial information, compliance with laws and regulations, as well as the respect of the Company’s By-laws and procedures. 

Such System, which is defined on the basis of international leading practices, is comprised of the following three levels of control: 

  • 1st level: the operating functions identify and assess risks and implement specific actions for their management;
  • 2nd level: the functions in charge of risk management define methods and instruments for managing risks and perform monitoring activities;
  • 3rd level: the Internal Auditing function provides independent assessments on the entire System.