Management and Control Model

In accordance with Legislative Decree 231 of June 8, 2001, Cefriel has adopted an Organization, Management and Control Model which standardizes the entire company risk prevention and management system in accordance with Legislative Decree 231/2001 and the Confindustria guidelines.
The Model consists of a “General Section” and “Special Sections” concerning the categories of offenses covered by the decree when the Model was approved.
The current version of the model was approved by the Board of Directors on 2/11/2022.
Cefriel’s Model is organized into certain key parts that can be summarized as follows:

  • the decision to adopt the Organization, Management and Control Model, with the resulting identification of the human and financial resources required for this purpose;

  • the appointment of the Supervisory Body, whose members meet the requirements established in Legislative Decree 231/2001;

  • the definition of steady and continuous communication processes so that the Supervisory Body functions effectively, ensuring any necessary control activities (ordinary and extraordinary) and that the flow of information is real and not feigned.

  • the definition of reporting obligations to the Supervisory Body;

  • the adoption, maintenance and verification of the application of the Code of Ethics, which should be known within the company and brought to suppliers’ attention where necessary;

  • the mapping of business activities or functions in the context of which the offenses covered by Legislative Decree 231/2001 could be committed;

  • the risk assessment using the CRSA (Control Risk Self-Assessment) method, which recognized internationally for its reliability, to adopt all the appropriate safeguards for the effective, systematic prevention of any concrete risks;

  • the definition of suitable procedures and the adaptation of certain pre-existing procedures whose purpose is to implement the company’s decisions in relation to the offenses to be prevented (risk management methods) and the identification of financial resource management methods suitable for preventing the committing of offenses, which may be summarized as follows:

    • verifiability, traceability, consistency and fairness of all processes;

    • application of the principle of separation of duties (no one person is responsible for an entire process on their own);

    • decision and control documentation;

    • reminder of the need to uphold the principles of integrity and transparency and to comply with the laws and regulations in force when undertaking and managing relationships with the public authorities in judicial procedures;

    • the definition of powers and responsibilities through proxies and powers of attorney (Annex 4 General Section);

    • ensuring that Legislative Decree 231/2001 and the model are known within the organization and in relationships with suppliers and customers, through the ongoing, timely training of personnel, who must not be able to claim ignorance of the provisions governing the various activities as an excuse for illegal conduct;

    • extensive use of tested and inspected software tools that make financial assessments consistent for the different parties.

  • the creation of a disciplinary system to sanction non-compliance with the measures specified in the Model, a system known by the company’s employees and collaborators and applied effectively in the event that specific, substantiated violations occur;

  • constant updating of the Model in light of the inclusion of new predicate offenses.