Specifically, the model defines:

• the concept underlying the system

• the roles and responsibilities of management at different levels
• the procedures for the introduction and maintenance of an adequate control system and for the evaluation of its design and effectiveness.

In line with the provisions of Eni's Code of Conduct, the primary responsibility for the introduction and maintenance of the system of control is of the operational management that must also ensure adequate reporting on the systems effectiveness to the top management.
As requested by the act, Eni has identified the model of reference to the introduction and evaluation of its control systems the Coso Report. This model foresees the achievement of corporate control targets as related to the presence and effectiveness of the following components:

Control environment – the combination of values, ideas, motivations, convictions and behaviours, the recognition and sharing of which has a determining impact on implementation, with particular regard to the control function. This is a fundamental element of the control system on which all the other components depend. Among the elements that make a greatest contribution to the creation of Eni's control environment are:

• the philosophy and operational style of the management
• the existence, application and dissemination of the corporate Code of Conduct
• the current corporate governance structure
• the system for the attribution of powers and responsibilities
• the general competence of company personnel.

Risk evaluation – the combination of activities aimed at identifying and evaluating actions or events that may partially or total compromise the attainment of the objectives of the control system; specifically, the reliability of financial information. In the context of this activity, Eni pays particular attention to the risk of fraud by identifying and evaluating the events and conditions that could create the opportunity for fraudulent activities inside the organisation.

Control activities – the combination of activities aimed at reducing to acceptable levels risks related to the failure to achieve the objectives defined. To this end, Eni has established, at different organisational levels, specific and pervasive controls with a view, in the first instance, to effecting controls during operations and, the second instance, on structural elements of the control system common to a range of processes within the corporate organisational structure or specifically related to one or more of the same.
For this component, the overall design has been defined according to the following two basic principles:

• the spread of controls to all levels of Eni's organisational structure, in line with operational responsibilities;
• the sustainability of controls over time, so that controls are increasingly integrated and compatible with operational requirements. To this end, particular attention is given to the selection of controls in order to identify those that are decisive in mitigating risks (key controls).

Information system and communication flows

• flows managed by system applications and/or hard copy flows related to the gathering, elaboration and distribution of information regarding operational and control activities, and
• communication flows related to the internal control system itself. In order to ensure the correct implementation of the different components of the reference model, Eni considers it essential to have in place an effective IT system and adequate communication flows to enable the different players to operate effectively.

Monitoring – the combination of activities aimed at verifying over time the adequacy of the design and effectiveness of the specific and pervasive controls put in place. To this end Eni has foreseen activities for:

• line monitoring, which is the responsibility of heads of activities pertaining to processes;
• independent monitoring, which is the responsibility the Internal Audit unit.

The results of these monitoring activities are the subject of a specific and periodic reporting procedure that involves the various levels of the Group's organisational structure, the final destination of which are the CEO and CFO.

In July 2002, the US Congress introduced the Sarbanes-Oxley Act (SOA) with a view to "protecting investors through improvements in the accuracy and reliability of financial reporting".

The provisions of the SOA apply to all companies, both US-based and foreign, that are listed on the New York Stock Exchange (NYSE). Eni, as a foreign private issuer, is consequently subject to the terms of the act.

Of particular relevance are Sections 302 and 404 of the SOA which establish obligations and responsibilities concerning financial reporting and disclosure.

Section 302, among other things, underscores management responsibility, in particular for Chief Executive Officers (CEO) and Chief Financial Officers (CFO) to ensure that adequate procedures and controls are in place to ensure compliance with the Disclosure controls and procedures outlined by the act.

Such controls and procedures include those specifically designed to ensure that financial information is gathered and communicated to the management, in particular to the CEO and CFO, so that they may take swift action in regard to the information requested by the act.

Section 404 introduces the obligation of a specific statement  which:

• establishes the management responsibility (CEO and CFO) with regard to the institution and maintenance of an adequate control system for the report laying out
• contains an evaluation (produced by the subjects themselves) on its effectiveness, issued at the close of the financial year

Section 404 requires also that the internal control system is the object of specific certification issued by the company in charge of financial reporting control.

The internal system of control on reporting is intended to ensure the reliability of financial reporting, in compliance with generally accepted accounting principles.