Responsible business conduct

Over the years Leonardo has built an integrated responsible business conduct model with the aim to prevent the risk of illicit practices, at all work levels and in any geographical area, by disseminating and promoting its ethical values as well as by defining clear rules of conduct and implementing effective control processes, in line with the requirements set forth by applicable laws and international best practices. The best practices include the "Common Industry Standards” Common principles against corruption of the companies operating in the Aerospace and Defense sector (ASD- AeroSpace and Defence Industries Association of Europe) and the "Global principles for business Ethical Conduct" of the companies operating in the Aerospace and Defense sector (IFBEC - International Forum for Business Ethical Conduct).

In order to improve constantly its business conduct, Leonardo collaborates with organisations such as TRACE International and the Institute of Business Ethics.

Leonardo's integrated model for responsible business conduct is based on a system of rules and internal codes, including the Charter of Values, the Code of Ethics, the Anti-corruption Code, the Whistleblowing Management Guidelines, the Organizational, Management and Control Models pursuant to Leg. Decree no. 231/2001 for Leonardo Spa and the Italian subsidiaries, as well as the compliance programs in line with local laws.

Continuous training

Leonardo invests in the training of its people with the objective to raise awareness of expected behaviour and reinforce its model for responsible business conduct. We carry out training differentiated for the different functions, from the Board of Directors, to managers and employees, available in in the languages of its domestic markets (Italian, English and Polish).

In this respect, the Compliance Council is a core moment for the Company, in which the Top Management along with internal and external specialists take part. The business and trade compliance topics dealt with during the Compliance Council are disseminated throughout the Divisions by means of dedicated workshops.

Internal Controls

The Group Internal Audit organizational unit (o.u.), reporting to the Board of Directors, supports the control bodies in assessing the adequacy and the effectiveness of the functioning of the internal control and risk management system.

According to the International Standards for the Professional Practice of Internal Auditing (specifically Standard nr. 1300), at the end of 2016 Leonardo’s Chief Audit Executive undertook a quality assurance and improvement program of the internal audit activity. The program includes, according to International Standards of the Institute of Internal Auditors (IIA), both internal, on an ongoing basis, and external assessment conducted at least once every 5 years by a qualified, third party independent assessor.

The Chief Audit Executive communicates annually the results of both internal and external assessments to the Board of Directors, the Control and Risk Committee and the Board of Statutory Auditors.

Internal and external assessment

The internal assessments consist in on-going monitoring and supervision of the internal audit activity and periodic self-assessment conducted according to the annual Quality Review Plan approved by the Board of Directors. With the main objective of pursuing and maintaining a continuous improvement of Internal Audit activities, Group Internal Audit presents the Quality Assurance and Improvement Program (“QAIP”) – established by the IIA Standard 1300 – to the Control and Risk Committee, on a yearly basis. The QAIP includes several activities relating to:

  • Quality Assurance Review of Internal Audit Engagements;
  • Support Activities like Quality Assurance documentation, Periodical Group Internal Audit self-assessment, QAIP reporting program and plan etc.;
  • Methodology development like KPI, Knowledge sharing days, tool implementation etc.; 

and the consistency with the following rules/requirements are used to assess the Internal Audit activities:

  • IIA’s International Standards for the Professional Practice of Internal Auditing (Standards);
  • Audit Charter;
  • Group Internal Audit Operational Guidelines and other internal references.

The external assessments, in accordance with International Standards, include an opinion on all internal audit activities performed and conclusions about the conformance with the Definition of Internal Auditing, the IIA’s Code of Ethics, the Standards; external assessment may also include recommendations in the perspective of continuous improvement. In 2017 the Group Internal Audit o.u., in response to the external assessment, obtained the Quality Assurance Review certification, with the opinion of “General Conformity” (maximum degree of assessment, according to International Standards).

Audit Plan and procedural framework

  • Group Internal Audit internal managers ensure a proper supervision of the engagements, in particular in the most significant stages of the interventions (planning, execution and reporting). Through the supervision, it is also ensured that audit objectives (Work Program) are achieved and that Group Internal Audit Operational Guidelines are respected.
  • The internal procedural framework, the methodology and the investigation procedures (including Whistleblowing investigation procedures) are subject to regular updates that may be necessary as a result of specific requests of management or Supervisory Bodies, Chief Audit Executive’s guidance, organizational and business changes and/or any developments in the regulation of internal audit professional practices, and in any case at least every three years or in response to changes in the regulatory environment.


Internal auditors and all the related staff conducting investigations on anti-corruption receive dedicated and specific training courses through classroom session, on-line training, training on the job as well as participation in conferences, seminars and external professional courses.

With regard to training activities of Internal Auditors, the Project Management Office (“PMO”) performs assurance activities in accordance with the IIA’s Standard. In particular, the compliance with the Standard 1230 “Continuing Professional Development” is supervised through PMO’s Internal Auditors: 

  • professional development and training plans; 
  • membership and participation in professional organizations; 
  • certifications; 
  • on the job training and in house training. 

Internal Audit policies, training schedule, self-assessment and surveys contribute to the planning of continuing professional development.