Global confectionary group Ferrero planned to upgrade from TeamMate AM to TeamMate+ in March 2020. The onset of the coronavirus pandemic created an impetus to complete audits faster and more flexibly, while working remotely, so the new system was put to the test immediately.
Since its founder famously added hazelnuts to chocolate cream and created bottled joy in the form of Nutella in 1946, Ferrero has expanded from a small Italian confectioner to a global purveyor of treats from Ferrero Rocher to Kinder and Thorntons. Now a multinational company employing almost 40,000 people across 38 trading entities, it produces around 365,000 tonnes of Nutella each year and operates 18 factories.
However, while the Nutella recipe is unchanged and the company is still owned and run by the founder’s descendants, Ferrero, like any large food manufacturer with complex supply chains and distribution networks, requires sophisticated modern risk and governance processes. Its group internal audit team of 21 people is based in in its international headquarters in Luxembourg and its members normally spend up to 40 per cent of their time travelling worldwide to conduct audits across its entities.
In 2020, of course, business travel was grounded by the coronavirus pandemic, so robust processes and controls and an efficient automated system that supported planning, secure document sharing and rapid reporting became even more essential. This was one reason why Ferrero’s audit team continued to implement a planned upgrade to TeamMate+ in the first months of the health crisis. The move demonstrated their confidence in both the company’s robust governance structures and in the software. It paid off and the system has supported the ongoing developments precipitated by the crisis.
It helped that the company was already in a strong position with well-established audit procedures. Francesca Labricciosa, Ferrero’s audit supervisor, explains that the team conducts integrated IT and operational audits across all the group’s brands and regions, while compliance assurance is provided by a dedicated team in the second line. A rolling three-year audit plan establishes the geographical and operational spread of the audits required in this period, but this plan is then revised and confirmed annually.
“We conduct risk assessments between March and June each year, mixing qualitative research, such as benchmarking against external surveys, ‘hot topics’ and emerging risks, with internal discussions with the compliance function and interviews with the members of the executive committee responsible for key business areas,” Labricciosa explains. “We collect and identify risk indicators for each business process and then combine the findings and create a proposal for the audit committee and executive committee. They then input their views on the organisation’s strategic plan and any specific requests for audits based on their view of business risks.”