Government, mitigation and control of operational risks
Sernet operates in the field of governance, risk & compliance consulting through its own GRC area, which operates with the three ESG dimensions as a reference, also definable as Corporate Social Responsibility, or the environmental (E), social dimension (S) and the corporate governance (G):
- Dimension E, environmental: concerns the behavior of the company as a subject operating in the natural environment.
- Dimension S, social: includes relationships with employees, suppliers, clients and the communities in which it operates with particular attention to workplace safety and health, the protection of diversity and correct interpersonal relationships between employees, in terms of human rights, labor standards, gender policies and relations with the civil community.
- Dimension G, corporate governance: deals with company leadership, executive compensation, audits, internal controls and shareholder rights and includes corporate governance practices, remuneration policies, composition of the board of directors, the internal control system, corporate behavior and corporate organization in terms of compliance with laws (regulatory compliance) and deontology to achieve the implementation of an integrated governance system (“Integrated Governance”).
The Sernet consultants are qualified AIIA – Italian Association of Internal Auditors (CCSA – Certification In Control Self Assessment, CRMA – Certification in Risk Management Assurance), registered in the OIV (Internal Assessment Bodies), Auditor of ISO 37001 anti-corruption systems and operate as members of the Supervisory Body pursuant to Legislative Decree 231/01.
Goals of the GRC area
The objectives of the Area are, through the application of an Integrated Thinking approach:
- improve corporate governance models to optimize relationships between management and other stakeholders with an ESG (Environmental, Social and Governance) approach;
- assess and mitigate the risks related to regulatory compliance for competitiveness and social responsibility in ESG terms, applying the best management practices and certifiable voluntary standards;
- develop organizational systems for corporate governance and regulatory compliance (organization charts, roles, responsibilities, proxies, job descriptions, tasks) including the planning and the definition of an Internal Auditing function;
- assume management and control roles (Temporary management, Supervisory body, Internal audit function – CAE, Risk manager – CRO, Data Protection Officer – DPO, Quality Manager – RQ);
- identify and apply management approaches (best practices) for risk management with top management through:
– assessment and analysis of business risks as an obstacle to achieving objectives (compliance risk assessment);
– identification of remediation actions and operational plans to improve risk reduction (risk appetite);
- monitoring of risk trends and implementation of plans;
- develop management systems, procedural systems and regulatory compliance plans for the main regulations (Legislative Decree 231/01, Legislative Decree 81/08, GDPR, Law 190/12, Legislative Decree 152/06 – regulations environmental) in particular:
– organizational models, management and control (MOG ex law decree 231/01);
– risk assessment documents (DVR pursuant to Legislative Decree 81/08);
– GDPR System Manual (European Privacy);
– three-year anti-corruption plans for publicly controlled companies (law 190/12);
– IT Governance (Policies and Guidelines Management, ISO 27001);
– Environmental Manual – Organizational Structures for Environmental Governance (Legislative Decree 152/06).
- communication and accountability solutions for ESG activities (non-financial communication – DNF, Social Report, Sustainability Report);
- measurement systems (key indicators) and control and monitoring systems.
Assiteca | AXA | Basf | Biotest | Desmet Ballestra | Europe Assistance | Gilardoni I Prudential | RS Components | Siram I ST Microelectronics