The institutional and strategic role covered, the nature and multiplicity of the data and architectures managed and the relevance and size of the supporting infrastructures necessarily entail particular attention by Sogei in identifying and managing risks.

During 2020, the implementation phase of the Enterprise Risk Management (ERM) was started. The ERM project aims to build a management and assessment dashboard for corporate macro risks, all-encompassing and transversal to the entire company, which consolidates the elementary risks, supervised by the various actors of the internal control system (so-called Risk specialist- D.P., R.P.C.T, D.P.O, etc.) in enterprise-level macro-risks (so-called ERM risks), assigning them to specific owners and monitoring them in a dashboard available at senior level.

The implemented model dematerialises the entire ERM risk assessment process and provides for specific access profiles that allow the various actors, each for their respective skills, to assess risks, monitor them and define treatment plans.

The protection of information has always represented, at all company levels, a central issue of attention and responsibility, precisely with reference to the complex information system that is managed.

Over the years, Sogei has developed the awareness that security, and more generally the protection of information, must be conceived, designed, implemented and managed, not only through structured processes and the implementation of logical security measures (firewall, cryptography, etc.) and physical security measures, but also through the implementation of an "Information Security & Data Protection governance system", manned by a Chief Information Security Officer (CISO), that is used to govern and monitor the entire "security chain".

The areas subject to attention concern physical security, logical security, Cyber Security and classified information.

It is our task to standardise the production processes and to use resources on an increasingly efficient level, to ensure greater responsiveness and speed in meeting customer needs and to create IT solutions that facilitate and simplify the eXperience of citizens.

During 2020, also following the effects of the pandemic, Sogei was called upon to play an important and highly committed role in the PA modernisation process.

The models of IT governance were reviewed, implemented and modified to meet the new challenges in which the company has been involved: new projects and new customers to speed up and facilitate the digital transformation of the PA.

The need was, and will be in the next few years, that of an IT governance, effective and flexible, to promote Sogei's path of innovation and growth in support of the PA.

Sogei's corporate governance system is structured according to the traditional model, centred on the guiding role attributed to the Board of Directors, within the framework of the general guidelines shared with the Department of Finance for the exercise of "similar control" for which it is responsible, in relation to the in-house nature of the Company.

Governance bodies

Management of the Company is the responsibility of the Directors who carry out the operations necessary for the implementation of the corporate purpose, taking into account the guidelines received from the Department of Finance and in compliance with the provisions of the Framework Services Agreement and with the Agreement stipulated with the Department of General Administration, Personnel and Services, pursuant to Italian Legislative Decree no. 414 of 1997.

The Department of Finance issues the General Directives concerning the strategies, organisation, economic, financial and development policies of the Company.

The rights of the Sogei shareholder are exercised by the Ministry of Economy and Finance - Treasury Department-Directorate VII-Finance and Privatisations. The Treasury Department and the Department of Finance, the latter for the exercise of "similar control" for which it is responsible in relation to the in-house nature of the Company, have the right to receive news and information from the Directors on the management and administration of the Company .

The Chairman and the Chief Executive Officer have legal representation. With resolution of the Board of Directors of 7 August 2018, the CEO was granted the broadest powers to manage and exercise the extended corporate signature, and with resolution of 22 May 2019 of the Board of Directors, regarding the powers relating to membership the Consip Conventions and Framework Agreements.

With resolution of the Board of Directors of 21 December 2020, the powers relating to bank credit lines were extended, including those undertaken with Cassa Depositi e Prestiti and its subsidiaries.

Corporate governance has a composite system for the prevention and mitigation of non-compliance risks.

External control bodies

• Analogous Control - In relations with the MEF, Sogei places itself on two institutional "tracks": with the Department of the Treasury regarding the framework of the rights of the Shareholder, and with the Department of Finance for negotiation-type acts, implemented through an in-house appointment.
• Board of Statutory Auditors - Art. 30 of the Articles of Association provides that the Board of Statutory Auditors is made up of three standing members and two alternate members and that they remain in office for three years and can be re-elected.
• Auditing firm - Pursuant to art. 32 of the Articles of Association, the accounting control is delegated to an auditor or to an external auditing company registered in the appropriate register, in accordance with the provisions of art. 2409-bis of the Italian Civil Code.
• Magistrate of the Court of Auditors - The Company is subject to the control of the Court of Auditors - Entity Control Section - which exercises it pursuant to art. 100, paragraph 2, of the Constitution, according to the procedures dictated by art. 12 of Law no. 259 of 21 March 1958, through the Delegated Magistrate who, for this purpose, attends the meetings of the Board of Directors and of the Board of Statutory Auditors.
• Parliamentary Supervisory Committee on the Tax Register - The Parliamentary Supervisory Committee on the Tax Register, based on a specific provision of the law, has the task of supervising the work of the Register itself and of carrying out investigations and research on the management of local tax assessment and collection services, also supervising the information systems related to them.

Organisational structure

The organisational macrostructure as at 31 December 2020.