The Group has adopted an integrated Enterprise Risk Management (ERM) model based on international best practices. The system involves Moncler’s governance bodies, each acting within the scope of its respective competence. In line with the field’s guidelines and best practices of reference, the main objective of ERM is to ensure the effective identification, measurement, management, and monitoring of risks.
The ERM model covers all types of risk that can potentially affect the achievement of strategic objectives, impair company assets, and/or undermine the value of the Brand. ERM is incorporated into strategic decisions and key decision- making processes.
Risks may be internal or external depending on whether they are identified within or outside the Company. In particular, external risks are linked to industry and market situations, as well as to the stakeholders’ perception of how Moncler operates. Moncler’s ERM model divides risks into four categories:
• strategic risk;
• business risk;
• business support risk;
• compliance risk.
Strategic risks relate to changes in business or to inadequate responses to changes in the competitive environment. Sustainability risks may fall within this risk category.
Business risks are associated with the sector of reference and Company operations.
Business support risks concern the Group’s organisational structure, control processes, and IT and reporting systems.
Compliance risks are generally associated with business conduct, and relate to breaches of laws and regulations ap- plicable to Company operations at national and international level, as well as to violations of internal procedures.
With regard to internal risks, the objective of the ERM model is to manage them through specific prevention and control measures incorporated into Company processes, designed to eliminate the risk, minimise its likelihood of occurrence, or contain its impact in the event of occurrence. With regard to external risks, the ERM model aims to monitor them and mitigate their impact in the event of any occurrence.
For each business area in which a risk has been identified, there is a ‘risk owner’ responsible for managing the risk itself and the related control system, and for implementing or improving mitigation measures. All risks and related mitigation actions are recorded in a Risks Register, which is updated regularly (in concert with risk owners) on the basis of an annual plan approved by the Board of Directors with the support of the Control, Risks, and Sustainability Committee. The plan is periodically updated to include any new elements of risk and/or to reflect any increases in the likelihood of occurrences or in the extent of impacts.
In 2017, the ERM model was updated to include the Human Resources Management area and the production process at the site in Romania, and to reflect the findings of the cyber risk analysis performed on the Group’s IT systems and processes.
Furthermore, a detailed analysis was also conducted on the risks associated with: operations (with a focus on the supply chain); the retail, wholesale, and logistics areas; additional risks related to the IT area; and the business support processes of the administration and control, treasury, and legal divisions.
The results of ERM activities are reviewed half-yearly by the Control, Risks, and Sustainability Committee and by the Board of Directors, as part of the report by the Head of the Internal Audit division on the suitability and effectiveness of the Internal Control and Risk Management System (ICRMS). Moncler’s ERM model involves the following governance bodies:
• the Board of Directors, which defines guidelines and assesses the suitability of the ICRMS at least every six months;
• the Control, Risks, and Sustainability Committee, which has an investigative and advisory role in supporting the Board of Directors in its assessment and decisions concerning the risk management system;
• the Director in charge of the ICRMS, who is responsible for establishing and maintaining the effectiveness of the system itself as per the indications and guidelines defined by the Board of Directors in collaboration with the Control, Risks, and Sustainability Committee;
• the Head of the Group Internal Audit division, tasked with verifying the performance and suitability of the ICRMS, and coordinating the ERM process;
• the Board of Statutory Auditors, which oversees the ef- fectiveness of the ICRMS.