/ 01
Internal Control And Risk Management
TOTO Holding S.p.A. executes its management and control of the Company through a sound and transparent way in fulfilment of national and international legal provisions, particularly in compliance with:
- the requisites of Legislative Decree 231/2001 containing the “Discipline of the administrative liability of legal persons”.
- the principles of Law 190/2012 containing “Provisions for the prevention and punishment of corruption and illegality in public administration”.
The Decree no. 231 provides for the “administrative” (criminally relevant) responsibility of legal persons, deriving from the commission or attempted commission of certain types of criminal offences in the interest or for the benefit of the companies themselves. Such a responsibility is in addition to the criminal liability of the individual who has committed the criminal offence.
The Law 190 provides for the adoption of measures, instruments, and models so that the Company may abide by the ethical standards and act in full observance of the norms regarding the prevention of corruption in all its forms, both direct and indirect, and the integrity, transparency, and correctness of the Company’s corporate actions.
The two laws converge on sensitive issues regarding the controls to enact on corruption offences, hence the corporate need to consolidate both the 231 decree matters and Anti-corruption profiles within a single Model: an unambiguous tool with which the Company ratifies its alignment with the aforementioned principles.
The Model identifies the relevant processes, the responsibilities and the control principles related to specific kind of criminal offences identifies by these two laws. Therefore, the Model represents the document on which an effective Company Management and Control System is based and developed.
It is assigned to the Supervisory Committee the duty of monitor the observation and the level of application of the Model in order to verify its ongoing efficacy.
The Company updates, on a yearly base, the Risks & Controls Map: this activity it is called Risk Assessment.
The Risk Assessment target is to evaluates, through a structured methodology, the business processes exposed to the most relevant risk factors as well and the efficacy of the control system put in place functional to the achievement of the strategic and operational targets of the Company.
The activity is also strategic in terms of the audit activities prioritization and of definition of potential corrective actions in order to reduce the risk factor and to improve the governance and the Company process management.
TOTO has chosen a Self-Risk Assessment with a “top down” approach, that is a self-evaluation by the Head Quarter Managers of the connected risk (based on the probability and the impact) and the residual risk (based on the control system actually implemented), each one for the process of its own competence.
In order to maintain an adequate risk management and monitoring process, Toto adopts, from an organizational point of view, an Internal Audit & Risk Management Department that conducts the related activities with the support of the Quality, Health, Safety and Environmental Department.
The Risk Assessment results, approved by the CEO, gives a valid support to the Board and the Control and Supervisory Company Committees, in order to express an opinion on the adequacy of the internal control and risk management system of the Company.
/ 02
Governance System
Board of Directors
Chairman | Paolo Toto
Council Member | Carlo Toto
Council Member | Mattia Toto
Council Member | Lelio Scopa
Council Member | Lino Bergonzi
Board of Statutory Auditors
Chairman | Giovanni Smargiassi
Standing Statutory Auditor | Vito Ramundo
Standing Statutory Auditor | Francesco Cancelli
Standing Statutory Auditor | Paolo Palumbo
Standing Statutory Auditor | Giovanni D’Aquino
Audit Firm
PricewaterhouseCoopers S.p.A.
Integrity Board
Chairman | Salvatore Ricci
Acting Member | Francesco Cancelli
Acting Member | Roberto Milia