TOTO S.p.A. Costruzioni Generali executes its management and control of the Company through a sound and transparent way in fulfilment of national and international legal provisions, particularly in compliance with:

• The requisites of Legislative Decree 231/2001 containing the “Discipline of the administrative liability of legal persons”.
• The principles of Law 190/2012 containing “Provisions for the prevention and punishment of corruption and illegality in public administration”.

The Decree no. 231 provides for the “administrative” (criminally relevant) responsibility of legal persons, deriving from the commission or attempted commission of certain types of criminal offences in the interest or for the benefit of the companies themselves. Such a responsibility is in addition to the criminal liability of the individual who has committed the criminal offence.

The Law 190 provides for the adoption of measures, instruments, and models so that the Company may abide by the ethical standards and act in full observance of the norms regarding the prevention of corruption in all its forms, both direct and indirect, and the integrity, transparency, and correctness of the Company’s corporate actions.

The two laws converge on sensitive issues regarding the controls to enact on corruption offences, hence the corporate need to consolidate both the 231 decree matters and Anti-corruption profiles within a single Model: an unambiguous tool with which the Company ratifies its alignment with the aforementioned principles.

The Model identifies the relevant processes, the responsibilities and the control principles related to specific kind of criminal offences identifies by these two laws. Therefore, the Model represents the document on which an effective Company Management and Control System is based and developed.

It is assigned to the Supervisory Committee the duty to monitor the observation and the level of application of the Model in order to verify its ongoing efficacy. The Supervisory Committee relies on the Internal Audit Department support that, on behalf of the Committee, executes the audit activities, applying protocols and anti corruption controls, mentioned in the Model, with reference, in particular, to the relevant processes in terms of the 231 Decree.

The Company updates, on a yearly base, the Risks & Controls Map: this activity is called Risk Assessment. The Risk Assessment target is to evaluate, through a structured methodology, the business processes exposed to the most relevant risk factors as well and the efficacy of the control system put in place functional to the achievement of the strategic and operational targets of the Company.

The activity is also strategic in terms of the audit activities prioritization and of definition of potential corrective actions in order to reduce the risk factor and to improve the governance and the Company process management.

TOTO S.p.A. Costruzioni Generali has chosen a Self-Risk Assessment with a “top down” approach, that is a self-evaluation by the Head Quarter Managers of the connected risk (based on the probability and the impact) and the residual risk (based on the control system actually implemented), each one for the process of its own competence.

In order to maintain an adequate risk management and monitoring process, Toto adopts, from an organizational point of view, an Internal Audit & Risk Management Department that conducts the related activities with the support of the Quality, Health, Safety and Environmental Department.

The Risk Assessment results, approved by the CEO, gives a valid support to the Board and the Control and Supervisory Company Committees, in order to express an opinion on the adequacy of the internal control and risk management system of the Company.

Finally, the Company, in order to regulate its proper internal control and governance system, adopts its own Code of Ethics, which is integrated with the Model. They together assure efficiency and transparency of the management processes as well as effectiveness in the audit and in the risk monitoring activities.

The Code implemented by TOTO S.p.A. Costruzioni Generali, sets basic ethic principles that inspire the Company to follow its own targets. Furthermore, it requires adherence to these values on the part of the Company Bodies, the employees and the third parties, in order to prevent corruption.

Therefore, the “231 Compliance System” of TOTO S.p.A. Costruzioni Generali, is structured as follows:

• a “231 and Anti Corruption Model”, updated with reference to the internal and external context;
• procedures in accordance with the Special Parts of the Model that include the following main elements: Roles and Responsibilities, Powers of Attorney, Informative Flows, Relevant Documentation, Reporting, Process Phases and Authorization Process, Information Technology, Controls;
• a recurring Risk Assessment activity in order to support the evaluation of the main risks that cause the “relevance” of the processes in terms of “231 / anti-corruption” within the scope of the Model;
• a recurring and traced audit activity in terms of “231 / anti-corruption” in order to support the Administration, Supervision and Control Bodies of the Company in giving an opinion on the adequacy of the Internal Control and Risk Management System.