Suppliers Consumer protection

Governance Investors Careers

IT EN

Our business is closely involved in people lives.

We ensure residents receive essential services for their daily life.

At your side in your community

Managing your water services. Distributing energy. Selling electricity and gas. Recycling waste. Our one objective: to create value for the people and the community in which we operate.

Nowadays, innovation is at everyone's fingertips.

Acea sees innovation as the driving force to become more efficient, to raise the quality of life for our customers, to improve services for the residents and the community. Acea has used all this to create a new culture of innovation: an open culture, which everyone can share and take part in.

Our Group serves local communities and their citizens.

We are fully aware of our role of responsibility towards our stakeholders for our major economic, social and environmental impact. This is why our Sustainability Plan is part and parcel of our Business Plan.

The latest news from the Acea world

Stay up to date with the latest news, read the press releases, discover the events and follow us on our social network pages.

Our stories

Technology, sustainability, and talent development: we tell the story of Acea through our people, projects, and initiatives for the local communities.

The Internal Control and Risk Management System

An essential element of Acea’s Corporate Governance, the system makes it possible to identify, measure, manage and monitor the main risks pertaining to the business. The ICRMS takes into account the recommendations of the Corporate Governance Code and is based on national and international best practices, in particular the CoSO Internal Control model and CoSO Framework, issued by the Committee of Sponsoring Organisations of the Treadway Commission.

The "Internal Control and Risk Management System Guidelines " (Italian version), which describe the system, were revised in 2019 and were approved by the Board of Directors in January 2020.

ICRMS objectives

The formulation of an appropriate ICRMS enables:

identification of risks that may impact the pursuance of goals set by the Board of Directors;
the taking of informed decisions that are consistent with business objectives, within the scope of a widespread awareness of risks and the related level of tolerance, legality and company values;
the safeguarding of the company’s assets, the efficiency and efficacy of processes, the reliability of information reported to the corporate bodies and to the market and compliance with internal and external regulations.

The ICRMS guidelines, which are applicable to all the group’s companies, aim to:

provide guiding elements for all ICRMS players, so as to ensure that the main risks are correctly identified and adequately measured, managed and monitored;
identify the principles and responsibilities pertaining to the governance, management and monitoring of risks associated with business activities;
introduce control activities at all operational levels and clearly identify tasks and responsibilities, in order to avoid possible duplication of actions and ensure coordination between the main parties involved in the ICRMS.

Risk management in the Acea Group is a structured, continual process, created in order to assess and handle using integrated logic the risks of the entire organisation, according to the risk appetite expressed, with a view to ensuring that management is provided with the information necessary to take the most appropriate decisions for the achievement of strategic and business objectives and for the protection, enhancement and creation of business value.

Reference principles

The ICRMS is based on the following principles:

Integrated model: the ICRMS components are reciprocally coordinated and interdependent and the overall system is in turn integrated into the overall organisational, corporate governance, administrative and accounting structure
Management and coordination: Acea SpA, within the scope of its management and coordination activity vis-à-vis the subsidiaries, issues and disseminates the guidelines and related model for implementation to be adopted by the subsidiaries
Observance of legal requirements and consistency with best practices
Management accountability
Consistency with business objectives
Risk-Based approach
Importance of information flows
Maximisation of efficiency and efficacy
Ongoing and practical enhancement of excellency
Traceability
Separation of activities
Transparency

Main protagonists of the SCIGR

BoD
Determines the SCIGR guidelines so as to ensure that the main risks for Acea and its subsidiaries are identified, measured and managed

CHIEF EXECUTIVE OFFICER
Implements the ICRMS guidelines and, also utilising the Audit and Risk & Compliance Departments, ensures identification of the main corporate risks and periodically brings them to the attention of the BoD.

CONTROL AND RISKS COMMITTEE
Assists Acea’s Board of Directors, ensuring the latter receives appropriate instruction and support as regards the evaluations and decisions on the part of the Board of Directors in connection with the ICRMS, as well as in relation to the approval of periodic financial reports and the non-financial statement pursuant to Legislative Decree no. 254/2016.

BOARD OF STATUTORY AUDITORS
Monitors the legislative and procedural compliance and correctness on the part of administration, as well as the adequacy of the company’s organisational structure for the aspects within its sphere of competence, the ICRMS and the administrative-accounting system.

COMPANY STAFF
Intervenes with varying responsibilities, from management to employees, to maintain an efficient process of risk identification and management, operating in observance of procedures and performing line control activities

MANAGER RESPONSIBLE FOR PREPARING THE COMPANY’S FINANCIAL REPORTS
Responsible for setting up and maintaining the Financial Information Internal Control System.

RISK & COMPLIANCE - ERM
Defines the methodology for risk evaluation and prioritisation and coordinates management of the periodical Risk Assessment procedure.

SUPERVISORY BODY
Responsible, with powers of initiative and intervention, for the functioning of the Organisational, Management and Control model (MOG 231), relying on the collaboration of the Ethics and Sustainability Committee for the profiles of common interest.

DATA PROTECTION OFFICER
Responsible for supervising compliance with Regulation (EU) 2016/679 on the part of the business organisation via direction, control and monitoring activities.

INTERNAL AUDIT
Carries out independent audits on the operations and suitability of the IARMS, using a risk based audit plan approved by the BoD, and monitors execution of the action plans issued following the audits performed

Function Risk & Compliance

Key missions:

to design, implement, oversee and update the Group Governance model and ensure the alignment of Governance tools to the Group operating model
to identify, describe and assess the main risk factors that can compromise achievement of the Group’s strategic and business objectives
to propose risk management policies and guide the implementation and development of the Group Enterprise Risk Management (ERM) framework
to prevent the risk of corporate business non-compliance with relevant laws and regulations

Manager Responsible

The Manager Responsible for preparing the company’s financial reports (the "Manager Responsible") pursuant to Italian Law 265/05 is in charge of setting up and maintaining the system of internal control financial ireporting and issuing an appropriate certification together with the Chief Executive Officer. The system of internal control over financial reporting is subject to a specific Regulation approved by the Board of Directors and supported by the Management and Control Model in accordance with Law 262/05.

The three levels of the SCIGR

Risk management is a cross-cutting process, widespread responsibilities that involve all company levels.

First Level

Conducted by those
responsible for the
operating activities where the risk lies.

First level controls are intended to ensure business processes are correctly carried out in order to prevent risks via appropriate mitigation actions.

Second Level

Conducted by corporate
structures, with the aim of ensuring that the first level, checks are
adequate and operational

Second level controls comprise ongoing monitoring to assess the effectiveness of controls defined for the performance of business operations.

Third level

Independent checks
conducted by the Audit
function to verify the adequacy and operation of the SCIGR

Third level controls are entrusted to the Internal Audit Department and consist of independent assessments regarding the design and running of the internal control system and the monitoring of improvement plans defined management.