The decision-making process guarantees that the Group will have full knowledge
of the risks related to the corporate activities
An environment of structured control, organization and clear rules, documented decisions, and properly registered corporate events, are items which provide a guarantee to YOOX Group’s stakeholders.
The internal control and risk management system is the set of rules, procedures and organizational structures which are aimed at allowing, through a suitable process of identification, measurement, management and monitoring of primary risks, the company to be run soundly, correctly and consistently with the previously established objectives. An effective internal control and risk management system helps guarantee:
- the safeguarding of corporate assets;
- the efficiency and effectiveness of corporate operations;
- the reliability of financial information;
- compliance with laws and regulations.
The following are an active part of the Internal Control and Risk Management System:
- the Board of Directors ;
- the Manager in Charge of the Internal Control and Risk Management System;
- the Control and Risks Committee;
- the Board of Statutory Auditors;
- the Audit Firm;
- the Director responsible for drafting accounting documents;
- the Supervisor of the Internal Audit Division;
- the Supervisory Body.
YOOX’s internal control and risk management system includes, among other elements, structured models of risk governance, which are regularly managed and audited by specialized professionals both within and outside of the company:
- “Strategic Risk Management” model – preliminary analyses of risks and mitigating actions relating to the qualified initiatives which are strategically significant within the corporate strategy plan, quantifying the impact of potential negative events on the Group’s accounts;
- Model pursuant to Law 262/05 (Law on the Protection of Savings) – with regard to the organization, formalization and verification of the adequacy and functioning of administrative-accounting procedures underlying the preparation of the Group’s corporate information;
- Model on Organization, Management and Control pursuant to Legislative Decree 231/01 – in reference to the administrative liability of legal entities;
- Unique System for Occupational Health and Safety Management and Environmental Management – in conformity with standards BS OHSAS 18001:2007 and UNI EN ISO 14001:2004, which are periodically certified by authorized third parties;
- Information Security Management System – based on international standard ISO/IEC 27001, with the aim of intercepting and managing the risks related to confidentiality, integrity and availability of corporate information (Customers, Employees and Associates, Partners, Providers.) The System includes elements of personal data protection (Legislative Decree 196/2003 as amended).
Specific flows of communication are active towards the Board of Directors, Top Management and the Bodies with control and supervisory duties, in order to indicate in a timely manner any situations of risk revealed, as well as with regard to the outcome of assessments and checks performed by the responsible corporate structures.