Over time, we have structured various controls that support management in defining and implementing adequate management and monitoring systems for the main risks and controls (Risk Management, the Anti-Bribery & Corruption Unit, Compliance and Data Protection).
In this context, our Risk Management organisational structure, in line with the FS Italiane Group’s Risk Management Framework, ensures at a corporate level the identification, classification, measurement, assessment and continuous monitoring of corporate risks with a view to creating value and disseminating a culture geared towards strengthening controls and risk assessment.
The adoption of a single Framework at Group level allows for:
Within the aforementioned single framework, risk management activities are divided into three dimensions of analysis:
The three dimensions of analysis contribute to a holistic view of risks that impact business objectives at various stages, being intrinsically linked and coherent with each other.
The Risk Control Self-Assessment contributes to improving the internal Control and Risk Management System, through an internal and privileged view of typical company processes, increasing the culture and awareness of risk in process management, developing a wealth of information of use for further in-depth analyses also with the other control functions, providing an overview to the Top Management of the main risks that could jeopardise the achievement of corporate objectives.
Risk Factors
With reference to the activities carried out by RFI, the main risks to the company are:
More information on the objectives, policies and processes for managing such risks and the methods utilised to assess them can be found in the Annual Report documents.
To support the drafting of the Business Plan, in the context of the general strategic risk assessment coordinated by the Parent Company, our Risk Management organisational structure supports the other RFI Departments in identifying the main risks associated with the Plan’s objectives and in drafting the relative mitigation plan.
In performing this activity, on the basis of a taxonomy of Group risks, the heads of the corporate functions involved by competence are called upon to identify for each corporate objective:
As the country’s largest investor in infrastructure, we manage a significant portfolio of projects on which our organisational Risk Management structure has initiated, in unison with the parent company, and with the support of Italferr, a Project Risk Management activity, with the primary objective of verifying which risks affect compliance with the time and cost objectives for the various projects analysed.
The Project Risk Management is thus an integral part of the Project Management techniques, in accordance with the International Standards (such as the PMBOK Guide, of the Project Management Institute). Use of the developed model represents a management and operational need directly recognised by the RFI Project Teams. The tools we currently employ allow predictive monitoring over major projects with operational value on the individual project and strategic value in gaining an overview of the riskiness of the portfolio for Top Management.