Unalbe to show flash video

Risk management systems and internalcontrol over financial reporting

Internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability1, accuracy, fairness and timeliness of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.
The guidelines on internal controls over financial reporting approved by the Board of Directors on October 29, 2007 are aimed at achieving healthy and fair business management; they define rules and methodologies on the design, implementation and maintenance of the internal control system over Saipem’s financial reporting, as well as on the evaluation of the system’s effectiveness.
These guidelines have been designed in accordance with the provisions of the aforementioned Article 154-bis of Law 58/1998 and of the U.S. law Sarbanes-Oxley Act of 2002 (SOA) which Saipem is required to comply with as a subsidiary of Eni whose securities are listed on the New York Stock Exchange (NYSE), and based on the COSO Report (‘Internal Control - Integrated Framework’ published by the Committee of Sponsoring Organisations of the Treadway Commission).
In accordance with international accounting principles, these guidelines are applicable to Saipem SpA and its direct and indirect subsidiaries, in consideration of their relevance for the preparation of financial reporting. All controlled companies, regardless of their relevance with respect to Saipem’s internal control system, use these guidelines as a reference for the design and implementation of their own internal control system in order to ensure its adequacy in relation to the size of the company and the nature of its business.

(1) Reliability (of reporting): ensuring that reporting is correct, in accordance with generally accepted accounting principles and in compliance with current laws and regulations.

Main features of the risk assessment and internal control systems for the purposes of financial reporting

The internal control system was designed in accordance with two fundamental principles: to extend control to all levels of the organisational structure, consistent with operating responsibilities; and the sustainability of controls in the long-term, so as to ensure that the performance of controls is increasingly integrated and compatible with operational requirements.
The design, implementation and maintenance of the internal control system are ensured through: risk assessment, control identification, evaluation and reporting.
The risk assessment process has a top-down approach aimed at identifying those organisational departments, processes and specific activities that bear the risk of  nintentional errors and/or fraud, which could have a material impact on the financial statements.
The identification of companies that fall within the scope of the  internal controls system is based both on their contribution to the consolidated financial statements (turnover, net revenues, profits before taxation) and their relevance in terms of processes and specific risks2. Among the companies identified as relevant for the purposes of internal controls, significant processes are then identified based on an analysis of quantitative factors (processes involved in the preparation of financial statements items greater than a certain percentage of profits before taxation) as well as qualitative factors (for instance: complexity of the accounting treatment used for an item; new items or significant changes in business conditions).
Risks are assessed for relevant processes and activities, i.e. potential events whose occurrence could compromise the achievement of the control objectives for financial reporting (for instance financial statements assertions). These risks are prioritised in terms of their potential impact and likelihood of occurrence, based on quantitative and qualitative parameters and assuming no controls. Saipem carries out a specific assessment on risks of fraud3, using a methodology based on the ‘Anti-fraud Programmes and Controls’ included in the guidelines on internal controls over financial reporting.
Controls are defined for the individual company, processes and associated risks deemed relevant. The control system comprises of entity level controls, which operate across the relevant entity (Group/individual company) and process level controls.
A checklist based on the model adopted in the COSO Report divides entity level controls into five components (control environment, risk assessment, control activities, IT systems and information flows and monitoring activities). The ‘control environment’ component includes all activities relating to the definition of time-frames for the preparation and publication of financial results (interim and annual financial statements and associated financial calendars); the ‘control activities’ component covers organisational and regulatory structures that guarantee the achievement of financial reporting objectives (for instance the review and updating by specific departments of Group rules for preparing financial statements and charts of accounts); the component ‘IT systems and information flows’ includes management controls over the consolidation process (Mastro).
Process level controls are divided into specific controls, which are all activities, both manual and automated, aimed at preventing, identifying and correcting errors and irregularities occurring during operating activities; and pervasive controls, which are structural elements of the internal control system aimed at establishing a general environment which promotes the correct execution and control of operational activities (for instance segregation of incompatible duties and general IT controls).
Specific controls are detailed in ad-hoc procedures which define company processes and the ‘key controls’, whose absence or non-implementation entails the risk of significant error/fraud in the financial statements which cannot be detected by other controls.
Entity level controls and Process Level Controls are constantly monitored to evaluate their design and operating effectiveness; this is done by means of ongoing monitoring activities carried out by the managers in charge of the relevant processes/activities, and through separate evaluations carried out by the Internal Audit Department in accordance with an audit plan provided by the Chief Financial Officer/Manager responsible for preparing financial reports4 which defines the audit scope and objectives to be implemented through agreed-upon audit procedures.
Monitoring activities highlight possible deficiencies in the control system; these are evaluated in terms of probability of occurrence and impact on Saipem’s financial reporting and, based on their significance, are classed as ‘deficiencies’, ‘significant weaknesses’ and ‘material weaknesses’.
The findings of monitoring activities regarding the state of the internal control system are periodically reported using IT tools that ensure the traceability of information relating to the adequacy of design and the operating effectiveness of controls.
The work of the CFO/Manager responsible for preparing financial reports is supported by various departments within Saipem, whose responsibilities and tasks are set forth in the aforementioned guidelines. Specifically, internal controls involve all levels of Saipem’s organisation, from operations and business managers to function and administrative managers. In this organisational context, a very important figure of the internal control system is the risk owner, who carries out line monitoring activities, evaluating the design and operating effectiveness of specific and pervasive controls and producing reports on monitoring activities.

(2 Companies subject to internal controls include those incorporated under and regulated by non-EU member state legislations, for which the provisions of Article 36 of Consob Market Regulations apply.
(3) Fraud: for the purposes of the Internal Control System, this refers to any intentional act or omission that may result in false representation or misleading reporting.
(4) Additional information on the Chief Financial Officer/Manager responsible for preparing financial reports are provided under its dedicated section.

The Board of Directors

The Board of Directors fulfils a pivotal role for the internal control system, as it defines the guidelines of the organisational, administrative and financial structure of the Company and main Group subsidiaries. It also defines, having reviewed the proposals put forward by the Audit Committee, the guidelines of the internal control system, to ensure that main risks for the Company and its subsidiaries are identified, measured, properly managed and monitored. When defining these guidelines, the Board applies sector regulations and takes into account both national and international reference models and best practices.
Finally, the Board of Directors, with the support of the Audit Committee, assesses annually the adequacy, effectiveness and efficiency of the internal control system as a whole in relation to Saipem’s characteristics. At their meeting of March 8, 2011, the Board examined the 2010 Report of the Officer in charge of the internal control system (as at March 8, 2011) and its findings on Saipem’s internal control system. Following their examination, and taking into consideration initiatives currently underway, the Board deemed Saipem’s internal control system adequate, effective and efficient.

Executive Director responsible for the internal control system

At their meeting of April 22, 2009, the Board of Directors appointed the Deputy Chairman - CEO the executive director responsible for supervising the functionality of the internal control system, always ensuring its adequacy and operating effectiveness, supported by the Audit Committee, the Internal Audit Senior Vice President and the Officer in charge of the internal control system.
The Deputy Chairman - CEO identified the Company’s main business risks, taking into account the characteristics of the activities carried out by the Issuer and its subsidiaries and periodically reporting his findings for review by the Board of Directors; implemented the guidelines for the internal control system approved by the Board; and was responsible for amending this system to suit the dynamics of the operating conditions and legislative and regulatory framework.

Board of Statutory Auditors

IlThe Board of Statutory Auditors oversees the following: - compliance with the law and Articles of Association; - adherence to fair management principles; - the adequacy of the Company’s organisational structure within each area of competence, the suitability of the internal control system and the administrative/accounting system, as well as the keeping of accurate accounting records of the company’s operations; - the implementation of corporate governance regulations contained in the Codes of Borsa Italiana to which the Company adheres; - the adequacy of directions given by the Company to its subsidiaries to ensure full compliance with legal reporting requirements; - the process of financial reporting; - the efficiency of the internal control, internal audit and risk management systems; - the legal audit of annual statutory and consolidated accounts; - the independence of the external auditors, specifically for the provision of non-audit services to the audited company.

Audit Committee

The Audit Committee assists the Board of Directors in fulfiling its responsibilities vis-à-vis the internal control system. Specifically, it assists in setting guidelines for the internal control system and periodically checks that it is adequate and operates effectively.
The Audit Committee oversees Internal Audit activities and reviews any problems emerging from the internal control system, with the support of the functions, departments and bodies involved in managing and/or ensuring compliance with the system itself.

Officer in charge of the internal control system and the Internal Audit department

Officer in charge of the internal control system
On December 14, 2006, the Officer in charge of the internal control system (hereafter the Officer), Mr. Alessandro Riva, was appointed by the Board of Directors at the Deputy Chairman and CEO’s proposal, having received the opinion of the Audit Committee. The
Deputy Chairman - CEO sets the Officer’s remuneration, in line with Company policy and at the proposal of the Audit Committee.
The Officer is responsible for ensuring that the internal control system is adequate, fully operational and effective at all times. He is not responsible for any operative area and reports to the Deputy Chairman - CEO, the Audit Committee and the Board of Statutory Auditors on the adequacy of the internal control system to achieve an acceptable overall risk profile.
The Deputy Chairman - CEO granted Alessandro Riva the powers to enter into contracts for consultancy and professional services for the purposes and in support of his responsibilities as the Officer in charge of the internal control system, having access to funds (up to € 750,000 per transaction for contracts with juridical persons and up to € 500,000 per transaction for contracts with physical persons – with no budget restrictions).
On March 8, 2011, the Officer released the annual report on the internal control system (covering the period January 1-December 31, 2010, containing information up to the date of issue) and expressed his opinion on its adequacy based on the monitoring activities carried out during the reference period by the Internal Audit department of Saipem SpA.

Internal Audit department
One of the main players operating in the complex internal control system are the Internal Audit department, whose manager is not responsible for any operating activity and reports to the Deputy Chairman - CEO; other players are the Board of Statutory Auditors and the Audit Committee.
In line with the ‘Standards for the Professional Practice of Internal Audit’ issued by the ‘Institute of Internal Auditors’, the Internal Audit department is responsible for providing independent and objective activities aimed at promoting efficiency and effectiveness improving measures in the internal control system and the Company’s organisation.
The Internal Audit Department assists the Board of Directors, the Audit Committee and the Company’s management in pursuing the objectives of the organisation through a systematic professional approach, aimed at reviewing and improving processes of control, risk management and corporate governance.
Main responsibilities of the Internal Audit Department are: (i) ensuring compliance with national and international regulations vis-à-vis: Law Decree 231/2001, independent monitoring of SAO, operational, financial, IT and fraud audit for the entire Saipem Group; (ii) updating the system for the assessment, classification and evaluation of risk areas (integrated risk assessment) in order to plan control measures; (iii) implementing planned and unplanned control audits, identifying gaps in existing models, proposing corrective measures and ensuring that follow-up activities are properly monitored; (iv) maintaining relations with the external audit company; (v) maintaining relations and ensuring proper information flows with the Compliance Committee, the Audit Committee and the Board of Statutory Auditors; (vi) managing employee notifications, including anonymous ones, in compliance with current corporate procedures, and providing support in their evaluation by the relevant corporate bodies.
During the year, the Internal Audit department carried out the Audit Plan approved by the Board of Directors and reported its progress to the Audit Committee and the Board of Statutory Auditors on a quarterly basis.
The Officer in charge of the internal control system and the Internal Audit department have full access to data, documents and information required to carry out their duties.

Organisational model, pursuant to Law Decree 231/2001

On March 22, 2004, the Board of Directors approved the Organisational, managerial and control model, pursuant to Law 231/2001 and established a Compliance Committee. The Model comprises a comprehensive set of procedures and control processes aimed at preventing the offenses detailed in the aforementioned law decree, and subsequent amendments. The current scope of application of the Saipem Model, compliant with Legislative Decree No. 231 of 2001, provides for the following: (i) offenses against public authorities and public faith; (ii) corporate crimes; (iii) crimes associated with the subversion of public order and financing of terrorism; (iv) offenses against the person; (v) market abuse (‘abuse of confidential information’ and ‘market manipulation’); (vi) offenses against individuals, Law No. 7 of 2006; (vii) transnational crimes; (viii) manslaughter and serious or very serious personal injury committed in violation of industrial accident laws and of the protection of industrial hygiene and health; (ix) crimes related to receiving stolen goods, recycling and unlawful usage of money and properties of illegal origins; (x) computer crimes and unlawful data processing.
The Chairman is responsible for devising and implementing initial activities, updating and upgrading the Model.
In May 2008, the Deputy Chairman - CEO started the process to align Model 231 to the new corporate organisation, which led to the Board of Directors approving the new Organisational, managerial and control Model 231/2001 on July 14, 2008.
In 2010, Saipem SpA and the Compliance Committee completed ‘Project 231’ aimed at updating all documentation supporting the Model and associated control procedures in terms of health and safety in the workplace, pursuant to the provisions of Law Decree 81/2008.
On October 27, 2010, pursuant to Article 7, paragraph 4 of Law Decree 231/2001, the Board of Directors of Saipem SpA updated the Model in order to be compliant with the new legal provisions introduced by Article 24-bis relating to computer crimes.
As stated at the beginning of this report, Model 231 includes the Code of Ethics which replaces the Code of Practice and is a mandatory general principle of Model 231 itself.
In 2010, the Boards of Directors of all subsidiaries adopted their own models, containing the Code of Ethics.

The Compliance Committee comprises two external members, one of whom is appointed by the Chairman of the Committee, and three internal members, namely the Legal, Human Resources and Internal Audit Managers of the Company. The members of the current Compliance Committee are: Marco Elefanti, Chairman (external member), Pietro Galizzi (Legal), Luigi Rinaldi (external member), Alessandro Riva (Internal Audit) and Sebastiano Massimo Roccuzzo (Human Resources).

The Compliance Committee, which now is also the Guarantor of the Code of Ethics, is responsible for implementing its action plans and informs the Deputy Chairman - CEO on activities carried out. The Compliance Committee’s independence is safeguarded by its position within the Company’s organisation and reporting lines, pursuant to Article 6, paragraph 1, letter b), of Law 231/2001.

In 2010, the Compliance Committee convened on fourteen occasions and: promoted and monitored all initiatives aimed at Saipem SpA employees to ensure adequate knowledge of the Model; it defined the Compliance Programme for the year and ensured that it was implemented alongside the scheduled and ad-hoc control activities; contributed to updating the new Model; coordinated and maintained communication channels with the Compliance Committee.

Anti-corruption procedures

In line with the values that underpin Saipem’s activities, namely its ability to conduct business ethically, with loyalty, fairness, transparency, honesty and integrity and its respect for, and compliance with the laws, the Board of Directors on February 10, 2010 approved the adoption of procedures aimed at preventing the corruption of both Italian and foreign public officials, by improving the current compliance system. Specifically, the Board of Directors approved the ‘Anti Corruption Compliance Guideline’ and associated procedure entitled ‘Intermediary Agreements’ and ‘Joint Venture Agreements - Prevention of Illegal Activity’. These documents are in line with international Best Practices.

In tale contesto è stata costituita l’Anti Corruption Legal Support Unit per fornire a tutti i dipendenti di Saipem supporto legale in tema di anticorruzione.

External auditing company

In compliance with the law, legal audits of accounts are entrusted to an external auditing company registered in Consob’s Roll of Auditors, appointed by the Shareholders’ Meeting. The current auditing company is Reconta Ernst & Young SpA.
On April 26, 2010, the Shareholders’ meeting approved the proposal for the revocation for ‘objective’ cause of the audit assignment of PricewaterhouseCoopers SpA, in order to guarantee an efficient and effective audit performance for the Company and avoid the inefficiencies that may have arisen as a result of the misalignment of Saipem’s audit appointment with that of Eni SpA, and confer a new mandate for the years 2010-2018 on the company Ernst & Young SpA.
The financial statements of subsidiary companies are also subject to audit; these are carried out mostly by Ernst & Young.
With regard to the opinion on the consolidated financial statements, Ernst & Young is responsible for the audits carried out at subsidiary companies by other external auditors, which are immaterial in terms of consolidated assets and turnover.
The external audit company has full access to data, documents and information required to carry out their duties.

Senior Manager in charge of preparing the Company’s financial reports

Pursuant to Article 21 of Articles of Association and Article 154-bis of Law 58/1998, the Board of Directors, having heard the opinion of the Board of Statutory Auditors and at the Chairman’s proposal, appoints a Senior Manager in charge of preparing the Company’s financial reports, selected from individuals who have carried out the following for at least three years:
a) administrative and control activities in a managerial capacity at listed companies with a share capital exceeding € 1 million, in Italy, in other European Union or OCSE member states; or
b) legal audits at the companies, under letter a); or
c) having had a professional position in the field of or a university professor teaching finances or accounting; or
d) a management position at public or private companies with financial, accounting or control responsibilities.

The Board of Directors ensures that the Senior Manager in charge of preparing the Company’s financial reports is granted adequate powers and has sufficient means to carry out his/her duties; the Board also ascertains that the administrative and accounting
procedures are adhered to. The Senior Manager in charge of preparing the Company’s financial reports has the power to sign contracts, should he deem it necessary, for the provision of intellectual work and professional services up to the sum of € 750,000 per contract, without budget restrictions.
Saipem’s CFO Mr. Giulio Bozzini is the Senior Manager in charge of preparing the Company’s financial reports, pursuant to Article 154-bis of Law 58/1998.
He was appointed by the Board of Directors on July 29, 2008, having first ascertained that he met the professional criteria required by the Articles of Association.