Internal Control System

With respect to internal control, on the basis of the resolution already adopted on December 21, 2006 and of preliminary assessments, the Board of Directors updated the “Terna Group’s Internal Control System” (ICS) definition, in line with national and international best practices, as the set of rules, procedures and organizational structures which, through an adequate identification, measurement, management and monitoring process of primary risks, enable the Company to correctly and consistently manage operations in line with its objectives (articles 8.C.1 and 8.C.2 of the Governance Code).

With reasonable certainty, the Group’s ICS contributes to reaching strategic objectives, to safeguarding Company assets, the efficiency and effectiveness of Company transactions, the reliability of financial statements, compliance with the Law and regulations, the reliability of Company and financial reporting, the safeguarding of the electricity service continuity and guaranteed impartiality in carrying out activities under concession. It is based on the following elements: control environment; risk management system; control activities; information, communication and monitoring. The coordinated implementation of these elements makes the ICS effective overall.

The “control environment” at the basis of all other elements, consists of the Group’s Corporate Governance model and its ethical principles, which are set out in the Code of Ethics which the Group’s managerial style, personnel management policies and all employees’ conduct must be in compliance with.
The “risk management system” implemented by top executives and management enables the Group to manage its main risks within acceptable limits, using wide-ranging risk management policies defined in specific procedures. In order to implement an integrated “risk management system”, in 2007 Terna created a Corporate Security Department significantly integrating its security tools and defining a transversal system for identifying, analyzing and controlling Corporate risks.

The importance of using a structured method and a dedicated internal organization (Corporate Security Department), that promotes and supervises its implementation, derives from the fact that risks can influence Corporate activities, which, being of a varied type, are also characterized by the time variable between the moment a threat presents itself and the moment in which this threat materializes.

In addition to ensuring absolute compliance with legal provisions, this integrated model allows reaching Corporate security levels that exceed the regular standards attainable through a sectoral and fragmented security management.
The “control activities” are carried out by management and employees to achieve specific objectives on the basis of principles, such as self-control, hierarchical control, accountability, opposing interests and segregation of duties.

The “communication and information processes” ensure that the Company’s expected objectives, culture, values, roles, responsibilities and conduct are clearly disclosed internally, while guaranteeing that disclosures to stakeholders outside the Company are correct and transparent.
“Monitoring” aims at constantly verifying the effectiveness of the Internal Control System through “continuous” activities carried out by personnel in the performance of their work, and through separate assessments that are regular, but not continuous, and typical, but not exclusive, of the Audit Department.
Terna has indeed an appropriate structure dedicated to preventing and managing Corporate fraud activities also aimed at spreading the culture of legality and respecting Corporate regulations. Continuously monitoring processes, verifying and managing reports of illegalities have led to introducing specific controls aimed at reducing such risks and at defining, for certain critical processes, specific procedures aimed at preventing illegal conduct.
With the support of the Internal Control Committee, the Board of Directors establishes the guidelines for the Internal Control System, so that the main risks are identified, monitored and managed on a compatible basis and in line with sound and correct management principles. The Board also evaluates the adequacy and effective implementation of the Internal Control System, on the basis of adequate preliminary assessments (Article 8.C.1 lett a) of the Governance Code).

Attachment 1 to this Report includes the principal characteristics of existing risk management and internal control systems with respect to the financial information note, also consolidated (pursuant to Article 123-bis, paragraph 2, letter b) of the Consolidated Law on Finance).
Terna’s Board of Directors’ meeting of March 20, 2012, in compliance with the opinion rendered by the Internal Control Committee on the basis of the analyses made during 2010 and in the first six months of 2011, judged the Terna Group’s Internal Control System suitable to achieve an acceptable risk profile, in consideration of the field in which Terna operates, of its size, organizational and Corporate structure (Article 8.C.1, letter c) of the Governance Code).
In its report, the Internal Control Committee also discussed in relation to the report of the Vigilance Body appointed pursuant to Legislative Decree no. 231/01 on the implementation of the Organizational Model within Terna and other Group companies.