**3. The role of the board of statutory auditors**

In order to protect stakeholders, the Board of Statutory Auditors manages an extensive system of controls related to, first of all, compliance with the reference standards for the preparation of financial statements and, second, compliance with the law and the Articles of Association [18]. Of particular importance is overseeing the timely implementation of mandatory requirements in the event of significant losses, such as to jeopardise business viability [19]. Originally, the "control of the financial statements" was included tout court among the duties of the Board of Statutory Auditors pursuant to Article 2403 of the Italian Civil Code; subsequently, this concept was replaced by the "audit", understood as a function distinct from overseeing. The Board of Statutory Auditors may also perform the audit, but only in smaller companies and only if the Board is composed of auditors who are members of the appropriate register. Above all, however, in a situation of going concern, it is the responsibility of the Board of Statutory Auditors to monitor the conduct of the directors. They therefore check if there is an effective dashboard of indicators and if it is reliable and if it can therefore allow them, among other things, to monitor the risks taken by the company, the actual and projected performances. It is indeed necessary for the Board of SA to calculate with constant frequency the parameters and thresholds identified in the new IC-Code to check if there are signs of the beginning of a crisis phase and a risk for company viability.

It is worth noting that statutory auditors are professionals who act autonomously and independently, including vis-à-vis the shareholders who elected them. The Board of Statutory Auditors verifies compliance with its independence both after its appointment and annually thereafter, reporting its findings to the Board of Directors. They accept the appointment when they judge that they can devote the necessary time to the diligent performance of their duties, as required by the

2020 Italian Corporate Governance Code. It is in fact a challenging position the performance of which, in addition to their skills, requires to play a number of tasks. An indispensable component of their work is, therefore, a commitment and the possibility of taking part in the activities of the Board of directors and, if they have been appointed, of the committees (i.e.: Control and Risk Committee) set up within it and of interacting with the other key players in corporate governance, including Auditors and the Internal Auditor, who, when appointed, is responsible for setting up and monitoring the Internal Control and ERM system. The remuneration of the statutory auditors is commensurate with their skills, competence, the commitment required and the size and sector characteristics of the company. As for all independent auditors, it must be determined *ex-ante* by the shareholders' meeting and cannot be changed for the duration of the mandate [20].

For the system to work, a significant and structured dialogue among the parties involved in the process [21] must be developed, which should ideally take place: a) on a daily basis among the directors, the managers and the Internal Auditor; and b) periodically, but not intermittently, between these parties - in particular the directors appointed in the Control and Risk Committee and the Internal Auditor - and the corporate control bodies that is the Board of Statutory Auditors (or the Sole Statutory Auditor in case of sitting alone appointment).

The 2020 Italian Corporate Governance Code devotes space to the issue of coordination among control bodies. In particular it establishes that the Board of Directors shall define the principles concerning coordination and information flows among the various entities involved in the internal control and the risk management system in order to maximize the efficiency of the system itself, reduce activities duplication and ensure effective conduct of the tasks of the control bodies. As part of their activities, the Statutory Auditors may ask the internal Auditor to carry out checks on specific areas or corporate operations [20]. Moreover, the law provides that the Board of Statutory Auditors and Auditors must promptly exchange information related to the performance of their respective duties.

The Board of Statutory Auditors has the fundamental function of a communications hub as it manages and drives information flows to ensure their efficient circulation and to oversee the timely identification of any threats to business viability [17]. The Board of Statutory Auditors is, in fact, the central hub in the information flow system; it simultaneously plays the role of "recipient, researcher and source of information" [22]. The law establishes the obligation of the Board of Directors to report to the Board of Statutory Auditors at least quarterly in listed companies and at least every six months in unlisted companies, with an initial flow of information which is essential for the effective performance of the control functions over the administration. The Board of Statutory Auditors, however, is the recipient of a more complex information flow, i.e. not only "downstream" from the Board of Directors but also "upstream" due to the information flows coming from the auditors and from the internal audit function. On its own initiative, it can also set in motion information channels to obtain the information needed for the exercise of its supervisory function [23]. It thus assumes in fact the function of coordinator of the numerous players in the system of internal corporate controls.

### **4. The role of auditors**

During the year, the auditor verifies that the accounts are duly kept and the company's transactions in the book entries are recorded properly. To do this, they collect evidence related to the transactions and compare it with the contents of the financial statements [17]. In their report, they illustrate the findings of their

#### *Corporate Governance and ERM for SMEs Viability in Italy DOI: http://dx.doi.org/10.5772/intechopen.96688*

checks and express their professional opinion. The audit report is related to actual accounting documents, i.e. the financial statements and the consolidated financial statements, if they have been prepared. It also contains the auditor's conclusions on the existence of going concern, indicating any uncertainties related to events or circumstances that may give rise to significant doubt, but this is done only with the precise purpose of assessing the fairness of the criteria used to prepare the financial statements figures.

Auditor functions are, therefore, limited to expressing a professional opinion on the fairness of the financial statements, and comply with auditing standards published in the European Union Official Journal. The functions are in no way comparable to the supervisory functions attributed to the Board of Statutory Auditors by the Italian Civil Code. Specifically, the auditor – unlike the Board of Statutory Auditor – does not participate in Board of Directors meetings and does not oversee the directors behaviours, nor the appropriate organizational, management and accounting structures and tools. Such as appropriateness – or even existence - of the internal control system and the corporate risk mapping system. The auditor cannot express an opinion on the interim accounting situation. The auditor does not assume the role of a corporate information "hub", but rather contributes as a supplier of specific information only on the accounting figures already processed. In short, the auditor's checks are *ex-post* on the actual accounting documents prepared by the company, while the Board of Statutory Auditors oversight role is more complex, in that it is an *ex-ante* systemic guarding role and it works from a forward looking perspective.
