evocative image

Over time, we have structured various controls that support management in defining and implementing adequate management and monitoring systems for the main risks and controls (Risk Management, the Anti-Bribery & Corruption Unit, Compliance and Data Protection).

In this context, our Risk Management organisational structure, in line with the FS Italiane Group’s Risk Management Framework, ensures at a corporate level the identification, classification, measurement, assessment and continuous monitoring of corporate risks with a view to creating value and disseminating a culture geared towards strengthening controls and risk assessment.

The adoption of a single Framework at Group level allows for:

  • Definition of the scope of application of the risk management process, identifying the areas of action and the decision-making processes in which it is applied;
  • Identification of tools and models for assessing and managing unequivocal and consistent risks for the Group, defining the responsibilities for their management and use between the Parent Company and the Group Companies, based on the type of activity and the field of action in which these activities are carried out;
  • Ensuring methods of interpretation, analysis and representation of the results of common risk management activities;
  • Promote a more widespread corporate culture with greater focus on risk management;
  • Foster the growth of the job family, through the diffusion of a common “language” and the adoption of paths aimed at guaranteeing the development of the skills and professionalism of the resources involved in the risk management process.

Within the aforementioned single framework, risk management activities are divided into three dimensions of analysis:

  • Risk Control Self-assessment;
  • Strategic Risk Analysis of the Business Plan;
  • Project risk analysis through the use of unique and shared Group-wide taxonomies and methods.

The three dimensions of analysis contribute to a holistic view of risks that impact business objectives at various stages, being intrinsically linked and coherent with each other.

The Risk Control Self-Assessment contributes to improving the internal Control and Risk Management System, through an internal and privileged view of typical company processes, increasing the culture and awareness of risk in process management, developing a wealth of information of use for further in-depth analyses also with the other control functions, providing an overview to the Top Management of the main risks that could jeopardise the achievement of corporate objectives.

Risk Factors

With reference to the activities carried out by RFI, the main risks to the company are:

  • Business risks;
  • Operational risks;
  • Regulatory and compliance risks;
  • Supply risks;
  • ICT (Information and Communication Technology) risks;
  • Risks associated with the spread of infectious diseases;
  • Project risks;
  • Country risk;
  • Compliance, legal and contractual risks;
  • Risks related to human resources management;
  • Risks related to corruption.

More information on the objectives, policies and processes for managing such risks and the methods utilised to assess them can be found in the Annual Report documents.

To support the drafting of the Business Plan, in the context of the general strategic risk assessment coordinated by the Parent Company, our Risk Management organisational structure supports the other RFI Departments in identifying the main risks associated with the Plan’s objectives and in drafting the relative mitigation plan.

In performing this activity, on the basis of a taxonomy of Group risks, the heads of the corporate functions involved by competence are called upon to identify for each corporate objective:

  • The main risks that may adversely affect the achievement of the objective;
  • The main opportunities that potentially positively influence the achievement of the objective itself;
  • Actions to mitigate and safeguard against the identified risks.

As the country’s largest investor in infrastructure, we manage a significant portfolio of projects on which our organisational Risk Management structure has initiated, in unison with the parent company, and with the support of Italferr, a Project Risk Management activity, with the primary objective of verifying which risks affect compliance with the time and cost objectives for the various projects analysed.

The Project Risk Management is thus an integral part of the Project Management techniques, in accordance with the International Standards (such as the PMBOK Guide, of the Project Management Institute). Use of the developed model represents a management and operational need directly recognised by the RFI Project Teams. The tools we currently employ allow predictive monitoring over major projects with operational value on the individual project and strategic value in gaining an overview of the riskiness of the portfolio for Top Management.