Risk management and internal control system relating to the financial reporting process

Annual Report on Corporate Governance

Telecom Italia is aware that financial reporting has a central role when building and maintaining positive relationships between the company and those it interacts with, contributing – in addition to the company performance – to create value for the shareholders.

The internal control system on financial reporting is aimed at ensuring the trustworthiness4, accuracy5, reliability6 and promptness7 of the financial reporting. For that purpose, Telecom Italia has prepared and constantly updates a regulatory/documentary system including accounting principles of the Group, administrative and accounting procedures, guidelines, operation instructions, accounting manuals and a chart of accounts, intended to guarantee an efficient coordination and exchange of information between the Parent company and the subsidiaries as well as the correct drafting of the individual and consolidated financial statements.

In order to guarantee compliance with the Italian law (Law No. 262/2005) and U.S. law (Section 404 of the Sarbanes Oxley Act), Telecom Italia operates a structured and documented model of detection and monitoring of risks connected to the financial reporting, which refers to the CoSo framework. The management system of risks and internal control on the financial reporting of Telecom Italia is organized in the following phases:

  • identification of the risks8 on financial reporting. For that purpose, Telecom Italia defines identification criteria of the organization limits and of the “significant” processes in terms of potential impact on the financial information (understood as the information contained in the financial statements prospectuses and the explanatory notes), as well as on the risks resulting from non-achievement of the control objectives9. Such risks, connected to financial statements accounts/financial disclosure and to the company processes represented in it, refer to possible10 unintentional error risks as well as frauds11, insofar as they are liable to significantly affect the financial reporting;
  • identification of the controls as regards the identified risks. At this stage Telecom Italia identifies and documents the checks carried out in the company for mitigating the risks over the financial reporting;
  • assessment of the controls as regards the identified risks. Periodically over the year, the checks previously identified are evaluated through specific test activities. The evaluation of the checks is the primary responsibility of the competent management, supported by the independent assessment of the offices of the Group Compliance Officer.

Evidence of the assessment process described above (and specially, the possible lack of control assessed as significant/material in terms of potential error/fraud impact on the Financial Reporting) are periodically brought to the attention of the Committee for internal control and corporate governance and the Board of Auditors. The presence of possible deficiencies activates a process of definition, scheduling and accountability of specific remediation plans.

4.Trustworthiness (of the reporting): reports that are correct and complies with the generally accepted accounting principles and with the requirements of the applicable laws and regulations. 5 Accuracy (of the reporting): reports that are neutral and precise. Financial reports are considered neutral if they do not contain pre-conceived distortions aimed to influence the decision-making process of its users in order to obtain a specific result. 6.Reliability (of the reporting): reporting that is so clear and complete that investors can make informed and aware investment decisions. Information is considered clear if it simplifies the understanding of complex aspects of the Company, without being excessive and pointless. 7.Promptness (of the reporting): reports that comply with due dates set for its release. 8.Risk: potential event that may impair the achievement of goals related to the control system on financial reporting (the System), that is to say, accuracy, reliability, trustworthiness and promptness goals of the financial reporting. 9.Control goals: set of goals that the System aims to achieve in order to assure a truthful and correct representation of the Financial Reporting. Such goals consist of "financial statement affirmations" (existence and occurrence, completeness, rights and obligations, assessment and registration, presentation and reporting) and of “other control goals” (such as compliance of authorization limits, separation of incompatible duties, controls on physical safety and assets, documentation and operations traceability, etc.). 10Error: in relation to the System, any unintentional act or omission that results in a misleading declaration in the financial reporting. 11Fraud: in relation to the System, any intentional act or omission that results in a misleading declaration in the financial reporting.