Scenario and goals
Legislative Decree 231/2001 introduced into the Italian legal system a regulatory innovation of absolute importance, not only legal, but also economic and organizational.
For the first time, in fact, for certain corporate offenses, alongside the criminal liability of the individual, the liability of the Company in whose interest or to whose advantage the unlawful acts took place was provided for.
This therefore meant that the Company could be held liable with pecuniary consequences for all Shareholders. However, under the aforementioned Legislative Decree, the adoption of appropriate organizational, management and control models ("protocols"), aimed at "preventing" the commission of crimes, is considered an "exempting factor" for the Company's liability.
Goals
Taking into account the "riskiness" arising from the scenario outlined, the Company "BK", a multinational company in the clothing sector, decided to carry out a project having as its objective the refinement and "publication" of an Internal Control System, which, as a guarantee of the proper functioning of the company, constituted an "exempting factor" under Legislative Decree 231/2001. The 'intervention was within the framework of a "macro-analysis" already carried out by the Company and, more specifically, was focused on the definition of business processes inherent in the "Scope of Control" section, as defined in the "macro-analysis" itself.
Process steps
1. Analysis of existing documentation
2. Definition of processes and related control mechanisms
3. Coordination Project "231"
Actions
1. Following the analysis of existing documentation, provided for in the first phase, "business risks" were identified for each process with the related "1st level controls" (e.g., computer automation, manual controls...) provided by that process, and "2nd level controls" carried out by Internal Auditing (or equivalent resources).
2. Our consultants have been the Company's reference for the coordination of all activities, even though they are the direct responsibility of other professionals who revolve around the construction of the Company's Internal Control System itself, as required under Legislative Decree 231/2001 (e.g., Code of Ethics, Disciplinary System, Organization of the Supervisory Board...).
For the latter, checklists were prepared, the completion of which was "traceable" ("who" and "when"). Therefore, interaction with the company's information system was important at this stage, among other things, for the computerized implementation of the planned controls.
Results
Adaptation to the legislative decree was the first result achieved, which has not failed to be followed by a general optimization of all control mechanisms necessary for the effective and efficient performance of crime prevention processes.