Auditing levels

ICRMS Actors and the three levels of control

The Eni ICRMS is structured along the following three levels of internal control:

  • first level of control: identifies, assesses, manages and monitors the risks for which it is responsible, for which it identifies and implements specific management actions;
  • second level of control: monitors the main risks in order to ensure the effectiveness and efficiency of their management; also responsible for monitoring the appropriateness and operation of controls implemented for the main risks. It also provides support to the first level in defining and implementing adequate systems for managing the main risks and the associated controls;
  • third level of control: provides independent, objective assurance on the appropriateness and effective operation of the first and second control levels and, more generally, on the Eni ICRMS as a whole.

The structure of the first and second control levels is consistent with the size, complexity, specific risk profile and with the regulatory environment in which each company operates.

The third level of control is exercised by the Internal Audit Unit of Eni SpA, which, on the basis of a centralised model, performs its controls using a risk-based approach to the overall Eni ICRMS, monitoring Eni SpA and the subsidiaries.

Last update: 25 March 2024

Back to top
Back to top