General Data Protection Regulation: with the entry into force of the General Data Protection Regulation (Regulation (EU) 2016/679), the Internal Audit Officer was made the Data Protection Officer (DPO) for the ENAV Group.

Internal Audit (which functions pursuant to a mandate approved by the Board of Directors) shall have access to all information required for the performance of its duties and shall prepare periodic reports containing adequate information on its activities, the procedures through which risks are managed and compliance with plans for containing them. The periodic reports will contain an assessment of the appropriateness of the SCIGR, with regard to the audit activities established in the audit plan and any additional verifications that are requested.

Internal Audit is not responsible for any operational area and reports to the Board of Directors (through the coordination of the Chairman of the Board of Directors). It shall prepare timely reports on events of particular significance, transmitting its periodic reports and those on particularly significant events to the Chairmen of the Board of Auditors, the Risk and Related Parties Control Committee, the Board of Directors, the Director in charge of the Internal Control and Risk Management System (SCIGR), and to the Financial Reporting Manager to the degree in which the matter involves his/her responsibility. Moreover, the audit plan will be used to verify the reliability of the Company’s information systems, including its accounting systems. The Internal Audit Officer, who is also an internal member of the Supervisory Body, is responsible, among other things, for verifying that the internal control and risk management system is functioning and adequate; in particular:

  • verifica, sia in via continuativa sia in relazione a specifiche necessità e nel rispetto degli standard internazionali, l’operatività e l’idoneità del SCIGR, attraverso il piano di audit e lo svolgimento di specifiche verifiche non pianificate; 
  • predispone con cadenza almeno annuale il piano di audit, basato su un processo strutturato di analisi e individuazione delle priorità dei principali rischi, da sottoporre all’approvazione del Consiglio di Amministrazione; 
  • effettua specifiche attività di verifica, ove lo ritenga opportuno ovvero su richiesta del Consiglio di Amministrazione, del Comitato Controllo e Rischi e Parti Correlate, dell’Amministratore Incaricato del SCIGR o del Collegio Sindacale. 

Il Responsabile dell’Internal Audit garantisce altresì, a livello di Gruppo, un adeguato presidio per la prevenzione della corruzione ed il contrasto alle frodi, anche attraverso il monitoraggio delle segnalazioni pervenute tramite il canale di whistleblowing e le verifiche dei fatti segnalati nelle stesse.