Operational risk

In order to grant a complete analysis of company risks, the Generali Group has defined and monitored the risk of loss arising from inadequate or failed internal processes, personnel or systems, or from external events.

The management of operational risks is essentially the responsibility of each business unit. These units are asked to draw up operational plans aligned with the targets set by the Parent Company and to identify and implement all actions to mitigate any risk which could potentially jeopardize the performance of operating results. The overall assessment of these risks and the consistency of the various mitigating actions is guaranteed by the Group Risk Management department.

The Parent Company has set some common principles for this kind of risks:

  • policies and basic requirements to handle specific risk-sources;
  • a detailed operational risk classification and standard criteria to be applied to the whole Group in order to identify and evaluate operational risks within business processes;
  • criteria to measure operational risks;
  • common methodologies and principles guiding the internal audit activities, set by the Group Internal Audit department, in order to identify the most relevant processes to be audited.


Operational risk also includes the following risks:

  • financial reporting risk, defined as the risk of a transaction error which could entail an untrue and incorrect representation of the situation of the assets, liabilities, profit or loss in the company’s financial statements, in the yearly and half-yearly consolidated financial statements and in any other financial release.
    A model coherent with international frameworks (COSO, COBIT) has been defined to manage the financial reporting risk. The Chief Financial Reporting Risk Officer (manager in charge of preparing the company’s financial reports) of the Parent Company Assicurazioni Generali S.p.A. defines the operational and organizational aspects of the financial reporting risk model in application of powers and means as provided for by Law 262 of 28 December 2005;
  • compliance risk, defined as the risk of legal or regulatory sanctions, material financial loss or loss to reputation the company may suffer as a result of not complying with laws, regulations and administrative provisions as well as self-regulation applicable to its activities.
    The Group has introduced a “Group Compliance Policy” which sets out principles and provides guidelines for carrying out the compliance activities and provides, as part of the management and coordination activities of the Parent Company, that the compliance functions of the Group companies establish an information flow between them and the Parent Company.

For further information please see the Corporate Governance Report.