Control and risk management

Innovatec’s internal control and risk management system

Innovatec is committed to maintaining an adequate internal control and risk management system, in line with best practices, to ensure that laws, regulations and rules are implemented and followed.

Innovatec’s internal control and risk management system is based on an integrated control model, with identification of the tasks of each body and function involved and concrete methods of coordination between them.

The application of the control and risk management system is entrusted to the primary responsibility of management, since control activities are an integral part of the management and control processes that individual operating units or companies carry out on their own processes.

The Board of Directors is responsible for verifying the adequacy and effectiveness of the control and risk management system of Innovatec and is carried out on a half-yearly basis, with the approval of the Annual Financial Statements and the Financial Report, ensuring that the main corporate risks are identified and managed.

The Board of Statutory Auditors of Innovatec verifies the effectiveness of the system.


The Chief Executive Officer is the director appointed by the Board of Directors for the internal control and risk management system.

A System is articulated on three levels of control

1st level control Identification, assessment and monitoring of risks within the scope of individual Group processes. This level includes the individual offices that are responsible for identifying, measuring and managing them, as well as implementing the necessary controls.

  2nd level control Support to 1st level in the definition and implementation of adequate management systems for the main risks and related controls.

  3rd level control Verification and Summary by the Chief Executive Officer in coordination with the Board of Statutory Auditors and reporting to the Board of Directors.

  4th level control To be established soon, an Internal Audit office for independent and objective assurance on the adequacy and effectiveness of operations (1st and 2nd level control) and in general on overall risk management methods (3rd level).

Bodies and functions responsible for the Risk Management and Control System

Risks are managed, through the three levels of control indicated, by the following corporate bodies: Board of Directors, Board of Statutory Auditors, Chief Executive Officer and Supervisory Body and the following departments, offices or functions:

Operations, Legal Office, Corporate Office, Administration, Finance and Control Department, Investor Relations.

Main risk factors

Innovatec operates in highly regulated businesses. Group companies therefore pay particular attention to keeping abreast of relevant legislation, so as to adopt, where possible, the best application solutions in response to regulatory amendments.

In its operations, Innovatec incurs risks arising from external factors related to the regulatory and macroeconomic environment of its reference sectors, including legislative, financial, credit.

In particular, the activities of the companies operating in the Integrated Environmental Services business are subject to environmental protection legislation in force in Italy. Moreover, because of the peculiar nature of the industry in which it operates, the Group is potentially subject to a broad range of legal and administrative proceedings involving environmental issues.

Innovatec is therefore significantly affected by the trend of scenario variables that are beyond Innovatec’s control, including the issuance and/or revocation of administrative authorizations and the evolution of the legal and regulatory framework.

The Group and Innovatec S.p.A. constantly monitor such risk factors in order to assess in advance their potential negative effects and take appropriate actions to mitigate them.