Poste Italiane is progressively consolidating a Group Risk Management model (“GRM”) to form part of its Internal Control and Risk Management System (also “SCIGR”), in line with the requirements of the Corporate Governance Code for listed companies and the relevant best practices.
The GRM model aims to provide an organic, overall view of the Group’s principal risk exposures, greater consistency across the methods and tools used to support risk management and reinforced awareness, at all levels, of the fact that the adequate assessment and management of risks can play a part in achieving strategic objectives.
The GRM model involves an integrated risk management process, implemented according to a continuous and dynamic approach. It exploits the existing risk management systems applicable to each segment (financial, insurance, postal and logistics) and business process, bringing them into line with the specific methods and tools envisaged by the model, and consolidating the risk management culture at all levels throughout the Group, so as to help in developing risk management behaviours and expertise throughout the Group’s operations.
Two assessment cycles were conducted in 2015, whilst actions designed to mitigate or manage major risks were identified, in keeping with developments in the internal and external environments and the Group’s strategy.
Implementation of the monitoring process for the principal risks began, as did use of the related risk treatment plans, utilising appropriate indicators in order to analyse performance and the state of implementation of the corrective actions put in place.
The GRM model has adopted a Risk Model to support the process of identifying and describing risks. The Model allows the identified risks to be classified in uniform categories applied throughout the Group, in line with the relevant best practices and, where applicable, specific regulatory requirements.
The Risk Model provides a continuous point of reference for the management, control and integrated reporting of risks. As a result, it is periodically revised to reflect the Group’s operations and in response to the results of assessment activities.
The Risk Model has established five categories of risk: strategic, regulatory and compliance, insurance, operational and financial, as described below.
STRATEGIC RISK The risk of a deterioration in profit or capital resulting from changes in the operating environment, poor business decisions, the substandard execution of decisions or the failure to adequately respond to changes in the competitive environment.
REGULATORY AND COMPLIANCE RISK The current or future risk linked to the failure to comply with statutory or regulatory requirements imposed by legislation, industry regulations or internal rules.
INSURANCE RISK This category of risk regards technical risks resulting from insurance operations (non-life technical, health technical and life technical) and is dealt with in Poste Italiane’s financial statements for the year ended 31 December 2015 (5. Risk management) which, together with the Report on Operations, form a further section of the Annual Report.
OPERATIONAL RISK Operational risk refers to the risk of losses resulting from inadequate or failed internal processes, people and systems, or from external events. This category of risk includes the risk of workplace accidents or injuries to employees, the risk of criminal acts or attacks resulting in damage to operating assets or activities, fraud, including online fraud (e.g., phishing), and unauthorised transactions, including errors resulting from the failure of IT or telecommunications systems.
FINANCIAL RISK The risk environment is defined on the basis of the framework established by IFRS 7 – “Financial Instruments: Disclosures”, which distinguishes between four main types of risk (a non-exhaustive classification): market risk; credit risk; liquidity risk; cash flow interest rate risk. These types of risk are dealt with in Poste Italiane’s financial statements for the year ended 31 December 2015.