You are here

Internal Control and Risk Management System

  • GRI

The Internal Control and Risk Management System (“SCIGR”) of Enel and of the Group consists of the set of rules, procedures, and organizational entities aimed at allowing the main corporate risks within the Group to be identified, measured, managed, and monitored.

The SCIGR is an integral part of the more general organizational and corporate governance structures adopted by the Company and by the Group and is based on Italian and international best practices. In particular, the system takes into account the recommendations of the Corporate Governance Code and is consistent with the “Internal Controls – Integrated Framework” model issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO Report”), the internationally recognized benchmark for the analysis and integrated assessment of the effectiveness of the SCIGR.

The SCIGR provides for control actions at every operating level and clearly identifies duties and responsibilities, so as to avoid duplications of tasks and ensure coordination among the main persons involved in the SCIGR itself. It ensures the necessary separation of operating and control activities, so as to prevent or – if that is not possible – attenuate conflicts of interest. It also guarantees the traceability of the tasks of identifying, assessing, managing, and monitoring risks, ensuring over time the reconstruction of the sources and elements of information that support such tasks. The SCIGR is divided into three distinct types of activities:

  • “line” or “first level” controls, consisting of all the control tasks that the individual operating units or companies of the Group perform on their processes in order to ensure that operations are carried out properly;

  • “second level” controls, which are entrusted to specific corporate Functions and aimed at managing and monitoring typical categories of risk;

  • internal audit activity (“third level” controls), aimed at checking the structure and overall functionality of the SCIGR, including by monitoring the line controls, as well as the second-level ones.

The SCIGR is subject to periodical tests and checks, taking into account the evolution of corporate operations and the situation in question, as well as current best practices.

The different types of risk are included in the chapter “Setting priorities”, 2018 Consolidated Non-financial Statement and 2018 Annual Report, available on the Company’s website (

For a detailed description of the tasks and responsibilities of the main persons involved in the SCIGR, as well as the coordination among such persons, please see the Guidelines of the Internal Control and Risk Management System available on the Company’s website (, “Investors” section).


Through the analysis of counterparties, an assessment is made of any reputational risks for the company resulting from the establishment and/or continuation of business relationships or collaboration with third parties (suppliers, business partners, etc.). In December 2016, the first edition of the operational instructions for counterparty analysis was finalized, thus promoting common criteria for carrying out the activity and standardizing the models used to acquire the requests and deliver the evaluation to the other units. In 2017, all the relevant countries adopted operating instructions, in some cases issuing a localized document and activating country-specific contracts.