Two specific bodies have been established for ESG governance: the ESG Steering Committee and the ESG Team.

ESG Steering Committee

Chaired by the Chief Executive Officer, supported by the CFO in the role of Deputy Chair, and meeting on a quarterly basis to define and promote Italo’s ESG policies and decision-making mechanisms, aligning them with the Company’s strategy. The Committee oversees the processes involved in approving ESG programs and initiatives and coordinates with the heads of the departments responsible for assessing technical and economic feasibility. The ESG Steering Committee is responsible for the Sustainability Report and the Sustainability Plan.

ESG Team

It meets at least once a month and has the role of putting forward programs designed to strengthen the Company’s ESG culture and values, in accordance with the guidelines provided by the ESG Steering Committee. The ESG Team is responsible for:

• initiatives relating to environmental protection, cutting emissions and energy use, and health and safety. It overseas the implementation of these initiatives and monitors environmental KPIs to ensure that they are in line with the Company’s goals;

• proposing and overseeing social programs for employees and their families and the community, ensuring their alignment with the Company’s goals;

• promoting awareness of ESG issues through internal communication initiatives.

Internal Audit and Risk Management

Italo’s control and management framework, based on the Framework drawn up by the Committee of Sponsoring Organizations of the Treadway Commission (CoSO Report - CoSO ERM) and the Three Lines Model published by the Institute of Internal Auditors (IIA), is constantly assessed to ensure its operational effectiveness and efficiency. A working group with members representing the second and third lines of control has been set up to discuss their key findings, to standardize operational and audit plans and produce a quarterly report on internal control and risk management for senior management.

The following diagram shows the structure of Italo’s control framework.

The main risks identified are:

• strategic and business risks: the risk of failing to achieve the organization’s mission and its strategic and business objectives;
• financial risks: risks that can adversely affect Italo’s ability to meet its financial obligations (e.g., credit, liquidity, borrowing and interest rate risks);
• operational risks: risks caused by the flawed conduct of processes, due to inadequacies in the organizational structure, ineffective procedures and/or malfunctioning information systems;
• compliance risks: the risk of incurring legal or administrative sanctions or reputational damage;
• external risks: risks caused by external events (e.g., natural or climate-related events, socio-political changes, competition, market forces).

Any critical issues identified during the conduct of audits and monitoring activities are shared with Process Owners, the Chief Executive Officer, the Chairman, the Board of Statutory Auditors and the Supervisory Board (as regards aspects relating to Legislative Decree 231/01). No critical issues were identified during the reporting period.