Before going through the characteristics of the Organization, Management and Control Model (Lgs. Decree no. 231/2001) and the procedure to establish it, we shall clarify that adopting the Model is not compulsory, but rather an opportunity for the company and for its administrators to provide themselves with:

  • a perfect tool which enables the company to detect any risks in advance and be endowed with all procedures needed in order to prevent potentially dangerous events;
  • a defense tool during a trial;
  • an adequate tool enhancing company’s efficiency as well as its production process and external representation.

The introduction of the Model has both direct and indirect costs. Direct costs are related to the resources employed in planning and managing, while indirect costs are linked to the delay in business caused by the new procedures and controls the Model entails.

Considering these factors, upper management may decide not to adopt the Model for preventing crimes, in which case the company could face the so called ‘corporate negligence’. In the last few years, judges have often included the lack of a Model against entrepreneurial risks among the reasons for verdict.

Legislative Decree no. 231/2001 outlines the content of Organization and Management Models, as they need to identify activities and consider procedures with the purpose of making decisions in order to prevent crimes. A company is not considered to be liable if it can prove, by means of a deliberation, it has adopted a suitable Organization, Management and Control Model (so called Organization Model) and verified the efficacy of that Model through a specific Supervisory body.

Liability is excluded if the Company has managed to adopt an Organization Model before the crime was committed!

The model has to be verified periodically, it must be kept up to date and everyone needs to respect it: this is the role of the Supervisory Body.

In case the model is not respected, a disciplinary code will subject transgressors to sanctions.


Planning stage

Planning requires some fundamental steps in order to create an adequate, efficient and effective Organization Model.

  1. First of all, a preventive exam on the Supervisory Body is required in order to verify its accordance with standard procedures.
  2. After the Supervisory Body’s analysis, the working group will perfectly know the ascertained situation and be able to move forward to mapping procedures and business activities.
  3. Once single activities (primary and secondary activities) are identified, a risk map is necessary.

Procedure stages of the risk map are:

  • risk factors recognition;
  • analysis;
  • evaluation;
  • suitable strategies to adopt.

A study on the significance of specific actions/omissions is required in such cases. Planning an Organization Model requires an adequate organizational structure. This structure has to be able to identify the company’s participants and make them responsible for their actions. Once all these stages have been completed, the company may start planning its Organization Model.


After identification, evaluation of risks and risk map, projecting specific control measures becomes essential in order to reduce or eliminate any risks of crime.

Adopting ethical principles is a perfect starting point for an effective preventive control system. Code of Ethics are official documents of a company created by the upper management which contain the totality of rights and duties, recommendations and also prohibitions of certain behaviors. The code must be known by all individuals, by all manner of means, so that everyone can adapt his/her behavior to the company’s Ethical Code. An adequate program of constant development of the ethical rules fits in with the objective.