Juventus implements a traditional management and control system that envisages a split of responsibilities among Shareholders’ Meeting, the Board of Directors, and the Board of Auditors; this guarantees a constant exchange between management and shareholders, detailed as follows:
Shareholders’ Meeting (in its ordinary and extraordinary sessions) is responsible to decide on the following topics (among others): appointment and removal of Board of Directors and Statutory Board’s members (as well as their compensation); annual financial statement approval and net profit intended allocation; changes to Company By-Laws; appointment of the Statutory Audit (on motivated proposal by the Statutory Board); and incentive plans drafting.
The Board of Directors has a central role in leading and managing the Company. In addition to those qualifications assigned by law and by the Company By-Laws, the Board is the ultimate and exclusive decision maker on the most important economic and strategic choices, and on those choices that are core to monitor and direct the business. The Nomination and Remuneration Committee and the Control and Risk Committee have been established within the Board of Directors; both of these committees have proactive and consulting functions, in accordance with the recommendations of both Juventus Code of Conduct and the Committee for transactions with related parties.
The Director in charge of Internal Control and Risk Management System implements the guidelines defined by the Board of Directors, looking after planning, implementation and management of the Internal Control and Risk Management System. The director also reports to the Control and Risk Committee (or Board of Directors) on any issue that might arise while carrying out its duties.
The Control and Risk Committee assists the Board with those activities that pertain to the internal control system and risk management, in particular: the definition of systemic guidelines and the periodic assessment of adequacy, efficiency and effectiveness of the Committee itself. The Control and Risk Committee examines the work-plan of the internal audit responsible and his periodic reports; moreover - together with the director responsible for corporate financial statements drafting, the auditors and the Supervisory Board - it also evaluates the correct usage of the accounting principles and their uniformity for financial statement drafting. The Committee also expresses opinions on the identification of the principle corporate risks; in the context of annual and semi-annual financial statement approvals, it reports to the Board for what concerns ongoing business and the adequacy of the internal control and risk management systems; finally the committee monitors internal audit independency, its adequacy and its effectiveness. The Control and Risk Committee is also held responsible for operations with related parties.
The Remuneration and Appointments committee makes recommendations to the Board concerning remuneration plans for Directors and key management personnel, monitoring Board’s decisions and periodically assessing the criteria underlying relevant choices. Only for those choices - concerning Directors and key management remuneration – that are less relevant, the Committee for transactions with related parties coincides with the Remuneration and Appointments Committee.
The Internal Audit responsible assesses the adequacy and effectiveness of the Internal Control and Risk Management System, prepares periodic reports containing an evaluation on the adequacy of the System and evaluates the reliability of information systems (including accounting).
The Financial Executive Manager implements adequate administrative and accounting procedures for the drafting of financial statements, and it attests the adequacy and effective implementation of the administrative and accounting procedures for the Annual Report.
The Sustainability Executive Manager that is responsible for certifying that the Consolidated Sustainability Statement has been prepared in accordance with the applicable reporting standards, appointed by the Board of Directors pursuant to Italian Legislative Decree 125/2024.
The Risk & Compliance and Internal Audit Director, reporting directly to the Board of Directors and to whom the Head of Internal Audit and the Risk & Compliance Manager report, has the objective to strengthen the structure of the Three Line Model of defence adopted by the Company and ensure a greater degree of coordination and a better organic composition of the activities of the various corporate parties pertaining to the internal control system of Juventus.
The Head of Internal Audit is appointed to verify that the Internal Control and Risk Management System of Juventus and of the Subsidiary is functioning, adequate and consistent with the guidelines defined by the management body. The Head of Internal Audit is appointed by the Board of Directors, on the proposal of the CEO, based on the prior favourable opinion of the Control and Risk Committee and having consulted the Board of Statutory Auditors. The Head of Internal Audit reports to the Board of Directors, also through the Risk & Compliance and Internal Audit Director.
The Risk & Compliance Manager is tasked with promoting the definition of appropriate compliance programmes targeted at ensuring that the business is conducted in keeping with the highest ethical and integrity standards and in compliance with the laws and regulations in force. In addition, they promote the culture of integrity and respect for internal and external rules. The latter figure reports at least annually to the Supervisory Body and the Guarantee Body, regarding the activities carried out in the context of maintaining the respective models, also in order to highlight any need for updating them. In addition, the Risk & Compliance Manager coordinates the risk management process, supporting the company departments and areas in the process of identifying, assessing and prioritising the Company’s main risks, defining mitigation strategies and actions. The Risk & Compliance Manager reports, at least once a year, to the Control and Risk Committee on the results of the risk management activities carried out. Upon request, said person reports, also through the Risk & Compliance and Internal Audit Director, to the Board of Directors and the Board of Statutory Auditors on the risk management activities carried out.
The Financial Controller collaborates with corporate departments verifying the process to achieve management’s objectives and results.
The Employees, depending on their specific role within the Company, ensure an effective and efficient functioning of the Internal Control and Risk Management System.
The Supervisory Body supervises the functioning and the observance of the Model of Organization, Management and Control ex-Legislative Decree 231/2001, suggests eventual Model updates to the Board of Directors, and reports to the Board about its assessments’ results.
The Guarantee Body oversees the implementation and the effectiveness of the Organisation, Management and Control Model pursuant to Article 7, paragraph 5, of the FIGC By-Laws, promotes updates and reports to the Board of Directors.
The Board of Statutory Auditors assesses compliance with law and verifies the observance of accounting principles. For those aspects under its responsibilities, the Board monitors the correct implementation of corporate governance regulations envisaged by the Internal Control and Risk Management System.
The Independent Auditors verify accounts and check correct operations’ entry in accounting records.
The Data Protection Officer advises and cooperates with the whole organisation in relation to personal data protection; the Officer also monitors compliance with relevant legal data protection obligations and with the policies of Data Controller; assessing the associated risks by taking into account nature, scope, context and purposes of data processing. The Data Protection Officer also cooperates with the supervisory authority and acts as the contact point on personal data processing issues (for both the supervisory authority and other interested parties). Where requested, the Officer also advices on data protection impact assessment (Data Protection Officer: SBP Professional S.r.l. – società tra avvocati, Avv. Simone Bongiovanni – email address: privacy@juventus.com).
NIS 2 Delegate
In accordance with Italian Legislative Decree 138/2024, which implements the provisions of Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS 2”), the Company has appointed its Head of Information and Communication Technology as the person responsible for managing and coordinating compliance activities, as well as the official point of contact with the National Cybersecurity Agency (ACN) (known as the “NIS 2 Delegate”). The Company has also appointed its ICT Support and Infrastructure Administration Manager as the substitute for the NIS 2 Delegate, with backup and business continuity functions in the event of the absence or impediment of the NIS 2 Delegate.
