how the CRMS works

The ICRMS, which reflects the recommendations of the Corporate Governance Code and takes account of national and international best practice, is divided into three separate levels of internal control, involving all departments, management and corporate governance bodies

“FIRST LEVEL CONTROLS” OR “LINE CONTROLS” (RISK OWNERSHIP)

The set of control activities that the individual organisational units of the Group perform for their own processes in order to ensure that operations are conducted correctly. These control activities are carried out under the primary responsibility of management and are considered an integral part of every corporate process. The Heads of the individual organisational units are therefore the primary entities responsible for the internal control and risk management process. In the course of their daily operations, these officers are required to identify, measure, evaluate, manage, monitor and report the risks arising from ordinary business operations in accordance with applicable law, regulations and internal procedures.

“SECOND-LEVEL” CONTROLS

These are entrusted to units specifically responsible for these duties (such as the Financial Reporting Officer Integrated Compliance and Risk Management, Planning and Control) which are hierarchically and functionally independent of the “first level” organisational units, with specific control duties and responsibilities for different areas/types of risk. The heads of these units monitor the corporate risks pertaining to their specific areas, propose guidelines for the associated control systems, verify their adequacy in order to ensure the efficiency and effectiveness of risk control and management operations and support the integration of the risks related to their specific areas of responsibility.

“THIRD-LEVEL” CONTROLS

These are performed by Internal Audit, which provides independent and objective assurance and advisory on the adequacy and actual operation of the first and second level controls and the ICRMS in general. Internal Audit is therefore responsible for verifying the structure and operation of the overall ICRMS, including through monitoring the line controls and second-level controls, for ENAV and the Group as a whole.

gr