The Leonardo risk governance, in line with the Corporate Governance Code adopted by Listed companies on a voluntary basis, the Organisation, Management and Control Model as per Leg. Decree 231/01 and the Leonardo’s Anti-Corruption Code, as well as in line with national and international standards and best practices, provides that:
- Board of Directors oversees internal control system and risk management system and define their guidelines;
- Control bodies (Control and Risks Committee, Board of Statutory Auditors, Surveillance Body) have access to information and an adequate overview over risk management control systems, consistently with their monitoring responsibilities;
- Second tier functions define processes, procedures and methodologies so that company activities be deal with a “risk based” approach;
- Business units, technical and support functions identify, evaluate and treat project and enterprise risks, with reference to defined objectives and managed processes, giving adequate information to higher reporting levels;
- Internal Audit systematically acquire the results of the activities of risks assessment and monitoring, to perform the related evaluations so as to plan the control activities under their responsibilities.
In the Leonardo organisational model, the Risk Management unit, in close collaboration with the Corporate and Division structures, ensures the dissemination of methodologies, metrics and tools for the correct analysis and management of risks, with the aim to guarantee the creation and protection of the value of projects and to preserve over time the business value, the business operations and the interests of the stakeholders.
The operational management of risks in Leonardo:
- involves continuously the whole organisation in the areas of Enterprise Risks and Project Risks
- is supported by the Enterprise Risk Management (ERM) and Project Risk Management (PRM) processes;
- is structured in the phases of Identification, Evaluation, Treatment and Monitoring of risks and related response plans.
For the management of Project and Enterprise risks, Leonardo uses TERRA (Tool For Evaluating Risks and Response Actions), a proprietary IT tool that supports the process implementation, including Reporting, allows the involvement of all internal stakeholders and guarantees the archiving of risks historical information.