The Board of Directors examined and approved a model to monitor and manage the risks which are liable to prejudice the achievement of Pirelli's strategic objectives, also in line with international best practices.1
1) This approach is based on the updated COSO framework “Enterprise Risk Management Integrating with Strategy and Performance”.
The Board adopts a structured risk management model that allows the Group to promptly and completely identify risks as well as manages uncertainty in a proactive way, rather than simply taking reactive stance. Such structured and proactive approach is crucial in light of the accelerating pace of economic changes, the complexity of management activities and the recent changes in laws and regulations relating to corporate governance and internal control. The Board of Directors plays a central role with reference to the “governance” of the model. Indeed, it is responsible for supervising the risk management process so that the risks assumed in the business are consistent with the strategies (so-called monitoring action). Furthermore, the Board defines the attitude to risk (risk appetite/risk tolerance) and establishes the guidelines to manage risks which may “interfere with” or prejudice achieving the business objectives or erode critical corporate tangible and intangible assets, in line with its top management and strategic policy-making mission. In this purpose it’s necessary to proceed at the identification and assessment of the principal risks relating to the Company and its subsidiaries, to ensure these risks are monitored correctly (Risk Assessment) and maintaining the overall levels of exposure to risk within the risk threshold assessed as being "acceptable" (risk appetite).
The Pirelli integrated risk governance model takes in to account three macro risk families that guide the risk management objectives, the control model and the governance bodies, as outlined below:
The Board of Directors is supported by two Risk Management Committees in relation to the various risk macro clusters. Each risk committee has specific areas of responsibility.
- The Strategic Risks Committee with expertise and responsibility for the risks related to the strategic business choices or due to the external environment in which the Group operates.
- The Operating Risks Committee focusing on preventing and managing the risks specifically related to the organisational structure, sustainability, processes and Group's systems.
The two Risk Committees have the following responsibilities (i) to adopt and promote a systematic and structured process to identify and measure the risks; (ii) to examine the information concerning internal and external, existing and future risks to which the Group is exposed; (iii) to propose strategies to respond to the risk in relation to the overall and detailed exposure to the various categories of risks; (iv) to propose the implementation of a risk policy in order to guarantee that the risk is reduced to "acceptable" levels; (v) to monitor the implementation of the strategies adopted in response to the risk defined and compliance with the risk policies adopted.
Regarding external risks, the Enterprise Risk Management department provides support on macroeconomic and geopolitical risks by reviewing key economic data, political election outcomes as well as creating econometric tool to gauge potential ramification for the tyre market.
The Risk Management Committees avail of the Sustainability and Risk Governance Department, under which the Chief Risk Officer (CRO) operates. The CRO coordinates the risk assessment process, guarantees the on-going monitoring of the Group's exposure to key risks as well as the effective implementation of the mitigation plans.