REPORT ON CORPORATE GOVERNANCE AND SHAREHOLDING STRUCTURE | 35
In performing these duties, the Board works with a director charged with overseeing the functioning of the internal control system (the “Director in Charge”), with the duties listed below, and an Internal Control Committee comprising members of the Board, whose functions are described above.
The internal control system is the totality of rules, procedures and organisational structures that allow the Company, through an appropriate process of identification, measuring, management and monitoring of the main risks, to be managed in a sound and correct manner, in line with preset objectives.
To meet this macro-objective, the system focuses on:
- management control (economic viability), defined through compliance with Company strategies, compliance with objectives, compliance with Company policies, and the safeguarding of Company assets;
- administrative-accounting control (reliability), defined through the preparation of financial statements for publication and the preparation of the internal operational reporting;
- control of legal compliance (conformity with laws), defined through compliance with Law 262/05, Legislative Decree 231/01, internal procedures, the quality system, the Code of Conduct and the Code of Ethics.
***
At the meeting on March 9, 2011, the Board assessed the effectiveness and functioning of the internal control system. The Board took care to verify the existence and implementation of an Internal Control System, with a detailed examination of the structure of this system, its suitability, and its effectiveness and functioning.
For this purpose, the Board of Directors examined the reports prepared by the Internal Control Manager, already examined previously by the Internal Control Committee and the Chief Executive Officer, verifying that the existing structure of the Internal Control System at the Issuer is actually effective in the pursuit of its goals and that any weaknesses reported will not prejudice the reliability of the Internal Control System.
11.1 Executive Director in Charge of the internal control system
On December 4, 2009, the Board appointed Chief Executive Officer Federico Marchetti as the Director in Charge of overseeing the functioning of the internal control system.
***
In connection with and in implementation of the guidelines established by the Board, the Director in Charge has the following duties:
(i) to identify the main typical Company risks, in relation to the characteristics of the activities of the Issuer and its subsidiaries and the sector in which they operate;
(ii) to design, implement, manage and monitor the internal control system;
(iii) to adjust the internal control system in light of any problems that emerge during the updating and development of the Company’s organisational and operational structures, trends in Company activities and legislative and regulatory developments that may be relevant to the Issuer and its subsidiaries. In performing these functions, the Director in Charge makes use of the activities carried out by the Internal Control Manager.
The Director in Charge checked the 2011 Audit Plan prepared by the Internal Control Manager. This plan was presented and approved during the meeting held on March 3, 2011 between the Director in Charge and the Internal Control Manager. On March 4, 2011, this document was discussed with the Internal Control Committee.
11.2 Internal Control Manager
With the favourable opinion of the Internal Control Committee and with a resolution dated December 4, 2009, the Board of Directors appointed Pietro Tagliati as Internal Control Manager, for the purpose of checking that the internal control system is adequate, fully operational and functioning. The appointment of the Internal Control Manager was made at the same time as that of the Director in Charge.
REPORT ON CORPORATE GOVERNANCE AND SHAREHOLDING STRUCTURE | 36 With the favourable opinion of the Internal Control Committee and with a resolution dated December 4, 2009, the Board of Directors defined the remuneration of the Internal Control Manager, which was understood to be already covered in the employee remuneration.
The Internal Control Manager is not responsible for any operational area, and does not report to managers of any operational area, including administration and finance.
*** The Internal Control Manager:
- has direct access to all information useful for the performance of his/her duties;
- reports on his/her activities to the Internal Control Committee and the Board of Statutory Auditors; - also reports on his/her operations to the Director in Charge.
No financial resources were allocated to the Internal Control Manager, since in performing his duties, he makes use of the means and Company structures of the Issuer.
The following duties are assigned to the Internal Control Manager:
(i) to check the efficiency, adequacy and functioning of the internal control system; (ii) to assist the Director in Charge in performing functions related to internal control;
(iii) to report on his/her activities, at least every quarter, to the Director in Charge, and, at least every six months, to the Internal Control Committee and the Board of Statutory Auditors;
(iv) to immediately inform the Director in Charge, the Board and the Internal Control Committee if these management checks reveal risk profiles for the Issuer, or in any case, elements, albeit only partial, that are seriously prejudicial thereto;
(v) to contribute to the meetings of the Board and Internal Control Committee that he/she is invited to attend; (vi) to carry out further duties that the Board deems appropriate to assign to him/her, with particular reference
to the internal audit department.
Over the year, the Internal Control Manager supported the organisation in the activities necessary for compliance with regulations intended to strengthen the role to be attributed to the internal control system. The activities of the Internal Control Manager mainly involved the adaptation of the Issuer to the regulations (Legislative Decree 231/01 and Law 262/05) required by CONSOB, taking the guidelines for the formalisation of the 2010 Internal Audit plan from the latter.
The main functions performed were:
- the re-examination of the risk factors for the Company defined by the above regulations;
- an in-depth analysis of the shortcomings identified and the identification of the corrective measures to be taken;
- activation of shared initiatives for satisfying the requirements set out in Legislative Decree 231/01 (communication, training for top management and subordinates, definition of standard information flows to the Supervisory Body);
- development of activities for rectifying the shortcomings identified for the purposes of Legislative Decree 231/01 and, in certain aspects, of Law 262/05;
- adaptation of the provisions of Legislative Decree 231/07 on the subject of anti-laundering;
- analysis of conflicts and identification of possible corrective measures relating to the segregation of duties; - formalisation of the corporate procedures regarding specific areas with greater exposure for the purposes of
Legislative Decree 231/01.
The Internal Control Manager has also prepared the 2011 Internal Audit Plan in line with the activities carried out during 2009 and 2010, and in continuation of them.
REPORT ON CORPORATE GOVERNANCE AND SHAREHOLDING STRUCTURE | 37
The specific activities of the Internal Control Manager relating to the financial year are set out in the internal audit plan approved by the director in charge of overseeing internal control on February 2, 2010 and by the Internal Control Committee on February 22, 2010.
Activities aimed at regulatory compliance, as well as specific operative audit operations, were developed on the basis of the internal audit plan, specifically:
- monitoring activities aimed at compliance with Law 262/05, relating to annual information at December 31, 2009, half-year information at June 30, 2010 and related follow-ups;
- activities relating to Legislative Decree 231/01, such as the activation of regular information flows and definition of a reference policy for the management of procedures by departmental area;
- verification activities on the subject of compliance with Legislative Decree 231/01, such as checks relating to aspects on the subject of safety, checks on the subject of relations with the Public Administration, checks on the subject of anti money laundering, and checks on the subject of Investor Relations and on processes in the area of human resources;
- updating the Organisational, Management and Control Model pursuant to Legislative Decree 231/01 and related compliance documents (List of Offences pursuant to Legislative Decree 231/01, Bylaws of the Supervisory Body and Code of Ethics) with reference to new offences introduced by the Decree.
***
The Issuer has created an Internal Audit department. The head of the Internal Audit department is Internal Control Manager Pietro Tagliati.
For the operation of the Internal Audit department, in relation to the issues handled, the Issuer uses external organisations, namely: Reply Consulting S.r.l. – Via Castellanza 11 – Milan, with which Pietro Tagliati also worked in the period preceding the appointment, for the purposes of the activities set out in the Audit Plan, and in particular relating to compliance pursuant to Law 262/05, compliance pursuant to Legislative Decree 231/01 (including the updating of the Organisational, Management and Control Model pursuant to Legislative Decree 231/01 and related compliance documents with reference to the new offences introduced by the Decree) and related audit operations.
11.3. Organisational Model pursuant to Legislative Decree 231/2001
The Issuer adopted the Organisational, Management and Control Model for the prevention of the offences pursuant to Legislative Decree 231/2001 (hereinafter also the “Model”), as amended, on September 3, 2009, intended to ensure probity and transparency in the execution of company activities, to protect the position and image of Group companies, shareholders’ expectations and the work of its employees, and formulated on the specific needs determined by the entry into force of Legislative Decree 231/2001. Through the resolution of the Board of Directors of December 16, 2010, in light of the regulation updates, the Issuer adopted a new version of the Organisational, Management and Control Model pursuant to Legislative Decree 231/01 and Code of Ethics. The Code of Ethics forms an integral part of this Model, and is intended to define the fundamental ethical principles and rules of conduct to be adhered to, creating conditions suitable to ensure that the Issuer’s activity is based on the principles of probity and transparency, and reducing the risk of committing the offences set out in Legislative Decree 231/2001.
The exemption from administrative liability provides for the mandatory creation of a Supervisory Body within the Issuer, with autonomous powers of initiative and control, which is responsible for overseeing the functioning and observance of the Model, and its updating. Specifically, the Supervisory Body has, among other things, the tasks of: (i) checking the efficiency and effectiveness of the organisational model adopted, (ii) checking compliance with the methods and procedures set out in the organisational model, (iii) making proposals to the Board of Directors in relation to any updates or amendments of the organisational model adopted, (iv) proposing to the Board disciplinary measures that must be taken following the verification of a violation of the organisational model, and (v) preparing a report (every six months) for the Board of Directors on the checks and control activities undertaken and the results thereof.
The Supervisory Body, appointed on September 8, 2009, is composed of three members in the persons of Rossella Sciolti, an independent member, as Chairwoman, Gerardo Diamanti (appointed on July 1, 2010 in place of Francesco Guidotti), an independent member, and Pietro Tagliati, the Issuer’s Internal Audit Manager.
REPORT ON CORPORATE GOVERNANCE AND SHAREHOLDING STRUCTURE | 38 The offences described by Legislative Decree 231/01 are specifically those against the Public Administration (articles 24 and 25); counterfeiting money, credit cards, stamps, instruments or identifying marks (article 25 bis (new formulation)); obstructing trade or industry (article 25 bis 1); corporate offences (article 25-ter); those relating to health and safety at work (article 25-septies, Law 123/2007) – Consolidated Law on Safety; money- laundering offences (article 25-octies, Legislative Decree 231/07 in implementation of directive 2005/60/EC); offences relating to the violation of intellectual property rights (article 25 novies); computer crimes and illegal processing of data (article 24-bis, Law 48/2008 in Official Gazette 80 of April 4, 2008); market abuse and the abuse of privileged information (article 25-sexies).
The Model introduces a suitable penalty system for conduct that violates it and in particular, if the Model is breached by one or more members of the Board, the Supervisory Body shall inform the Board of Statutory Auditors and the entire Board, which will take the appropriate steps.
The Model and Code of Ethics are available in the Corporate Governance section of the Company website, www.yooxgroup.com.
11.4 Independent auditors
KPMG S.p.A., based at 25 via Vittor Pisani, Milan, was engaged to audit the Company’s accounts.
The engagement was conferred on this company by resolution of the Shareholders in their meeting dated September 8, 2009, on the proposal of the Board of Statutory Auditors, for 2009 – 2017.
11.5 Executive in charge of preparing corporate accounting documents
Pursuant to article 19 of the Issuer’s bylaws, following mandatory consultation with the Board of Statutory Auditors, the Board of Directors appoints the executive in charge of preparing corporate accounting documents, pursuant to article 154-bis of the TUF, conferring on him/her sufficient means and powers to execute the duties attributed to him/her. In addition to the requirements of honesty prescribed for statutory auditors by the laws in force, the executive in charge of preparing corporate accounting documents must meet professional requirements of at least three years’ experience in administration and control, or in performing management or consulting functions in a listed company and/or related groups of companies or organisations of significant size and importance, including in relation to the preparation and control of corporate accounting documents. The executive in charge of preparing corporate accounting documents must also meet the requirements of honesty prescribed for statutory auditors by the laws in force. The failure to uphold these requirements will result in dismissal from the position, which must be declared by the Board of Directors within 30 days of it being made aware of the fault.
On July 1, 2010, following the resignation of Paolo Fietta, the Board, with the favourable opinion of the Board of Statutory Auditors, appointed Francesco Guidotti as Executive in charge of preparing corporate accounting documents and Director of Administration, Finance and Control. With the appointment, the Board checked the existence of the requirements pursuant to the laws in force and the Company’s bylaws.
With the appointment, the Board granted the executive in charge of preparing corporate accounting documents the powers and duties pursuant to article 154-bis et seq. of the TUF.
In order to implement criteria 1.C.1. letter f), 9.C.1 and 9.C.2 of the Code, the Issuer defined and adopted dedicated procedures for important transactions and transactions with related parties, suitable to guarantee full and exhaustive information on these types of transactions for the Directors.
Procedure for Significant Transactions with Independent Parties
As provided for by criterion 1.C.1. letter f) of the Code, the Issuer has adopted an internal procedure (the “Procedure”) intended to regulate information and procedures relating to transactions that have a significant impact on the Company financial position and results of operations, with particular reference to significant transactions conducted by YOOX with independent parties, also establishing criteria to identify these