Internal Control and Risk Management
Integrated risk control and management system aimed at safeguarding the Group's reliability, transparency and solidity
The Internal Control and Risk Management System (ICRMS), is the set of rules, procedures and organisational structures aimed at enabling the identification, measurement, management and monitoring of key business risks within the Group.
Our Risk Framework identifies specific roles and responsibilities across different organizational structures and ensures an adequate information flow to guarantee its effectiveness. Additionally, to mitigate our exposure to risk, we have established proper corporate governance controls and effective management and control mechanisms.
These procedures are the result of management based on the values of the Code of Ethics: integrity, fairness and transparency, professionalism, sustainability and business continuity, attention to people and stakeholders, while also pursuing sustainable growth targets for stakeholders.
We pay particular attention to compliance and the fight against corruption, developing several activities to verify compliance with external and internal regulations, aimed at preventing the risks of non-compliance, which could result in sanctions, financial losses, harmful administrative measures and reputational consequences.
231 Model
The Organisational and Management Model pursuant to Legislative Decree 231/2001 (231 Model) regulates the administrative liability of collective entities, i.e. the principle according to which companies may be held liable, and consequently subject to financial penalties, in relation to certain offences committed or attempted, in their interest or to their advantage, by their directors or employees.
Sesa has had this Model in place since 2013, adopting it as a fundamental tool for preventing the risk of predicate offences being committed and for promoting responsible and transparent management of company activities. Our 231 Model is part of the broader context of the company's internal control system, constituting one of its characteristic components. The adoption of the Model, in addition to acting as a deterrent to any illegal activities, is intended to support a culture oriented towards fairness and transparency in the business conduct.
The Model also acts as a link between the several areas of the Internal Control and Risk Management System (ICRMS) adopted by the main Group companies.
Supervisory Body
In implementation of the provisions of Legislative Decree 231/2001 and in accordance with the Articles of Association, the Board of Directors of Sesa has appointed a Supervisory Body (“SB”), which is responsible for supervising the functioning and compliance with 231 Model and ensuring its updating.
The SB supervises the functioning and compliance with 231 Model and monitors and assesses the implementation status of preventive measures, reporting periodically to the Board of Directors and the Management Control Committee.
For any reports to the Supervisory Body, please write to: [email protected]
as of April, 30 2025
0 reported cases
(of corruption, unfair competition, monopolistic practices
or antitrust involvement)
Whistleblowing
To ensure management consistent with the values of the Group's Code of Ethics, any irregularities or violations of applicable regulations or procedures can be reported through the internal reporting system (known as whistleblowing).
Our 231 Model included a dedicated channel for reporting violations, including anonymously, with protection for whistleblowers and total confidentiality of their identity.
Below is the link for details on the reporting process, the relevant regulations and access to the dedicated IT platform: https://whistleblowing.sesa.it/Whistleblowing?code=SESA
as of April, 30 2025
0 reports
Code of conduct
The Group has adopted its own Code of Conduct containing guidelines on legal and professional obligations, customer relations and other business relationships, organisational and administrative provisions, and personal conduct.
The Code is based on values and principles of conduct, both professional and personal, which guide the operations of our organisation.
Together with and in support of the Code of Ethics, it also defines the fundamental principles underlying the Group's reputation and the values that inspire its daily operations, representing the standard of conduct required of all Sesa employees and collaborators.
as of April, 30 2025
0 sanctions
(for non-compliance with laws and regulations
in the social and economic area)
Risk Framework
The risks associated with climate change are closely related to Sesa's operational and strategic activities. Therefore, the process of identifying, assessing and managing these risks is integrated into the general corporate risk management process, described below, and into the day-to-day management of the company's activities.
Risk governance involves, in support of the Board of Directors' assessments and decisions regarding the Internal Control and Risk Management System, the contribution of a specific internal committee, composed of independent directors – the Control, Risk and Related Parties Committee – which periodically interfaces with the company structures most directly involved in these processes.
The Committee also has a direct relationship with the Internal Auditor, the Legal & Compliance Officer and the Chief Financial Officer, who support senior management in the effective implementation and management of the Risk Management process at Group level, as well as ensuring adequate coordination of the structures responsible for control activities.
Below is a breakdown of the oversight bodies:
The Board of Directors is also responsible for the definition of the Code of Ethics, values and the preparation of this Annual Report, which outlines policies, risks and performance on financial, environmental, people-related, social, human rights and anti-corruption issues. The composition of the Board of Directors complies with the pro tempore regulations on gender balance (out of a total of ten members, the number of women is four, all independent), and the average age of the Board members is 57. As per best practice, the role of Chairman of the Board of Directors is separate from the role of Chief Executive Officer.
It is responsible for supporting the Board of Directors’ assessments and decisions relating to the internal control and risk management system.
By virtue of its role in monitoring the adequacy of the organisational, administrative and accounting structure adopted by the company, it oversees the effectiveness of the ICRMS as the ‘head’ of the company’s supervisory system.
Verifies the adequacy of 231 Model, paying particular attention to its effectiveness in preventing unlawful conduct, and constantly monitors the application of and compliance with 231 Model.
Systematically verifies the effectiveness and efficiency of the Internal Control and Risk Management System as a whole (third-level control body), reporting the results of its activities to senior management and coordinating with other corporate control bodies.
As a second-level control body, it carries out periodic checks on companies’ compliance with regulations, verifying, in accordance with best industry practices, that their activities comply with legal provisions, supervisory authority measures, self-regulatory rules and contractual commitments made with customers.