In the Tuf reform

Stronger supervision of the control system

The new Testo Unico aims to ensure their effective functioning. Spot checks on the system of internal controls

by Nicola Cavalluzzo

15 April 2026

Presentation, team building and meeting for a development strategy or corporate workshop for sales in a company. Board, manager and business man or speaker talking about growth or negotiation. Thurstan Hinrichsen/peopleimages.com - stock.adobe.com

3' min read

Translated by AI

Versione italiana

3' min read

Translated by AI

Versione italiana

Significant strengthening of the role of the board of auditors through greater integration in corporate control systems and the extension of supervisory duties in a substantial, not merely formal, key. But the real novelty of Legislative Decree 47/2026 is a systematic restructuring of the subject. Today, many rules on auditors are located in the articles 2403 and following of the Civil Code and are formulated with the traditional system in mind. The decree, on the other hand, moves part of these rules to a general part common to the 'control body', so that they are also applicable, with appropriate adaptations, to the other models of administration and control.

New trim

Compared to the current discipline, there are two levels of novelty:

1 of the system, i.e. the location and scope of application of the rules;

2 punctual, in some cases more pronounced, in others almost only coordination.

More concrete supervision

The reform intervenes in a targeted manner on a profile that has so far remained partly in the background: the supervision of the Board of Statutory Auditors over the internal control and risk management system (Scigr), which is now explicitly emphasised and made more structured. First of all, it is clarified that the object of supervision is not only the adequacy of the structures in a static sense, but the overall functioning of the control system. The board of auditors is therefore called upon to verify that there is an effective system for identifying, measuring and managing risks, consistent with the nature and size of the enterprise. It is no longer enough to ascertain the existence of procedures: it is necessary to assess their operational effectiveness, their ability to promptly intercept critical issues and their integration into decision-making processes. This evolution entails a change in approach: supervision becomes risk-based (as envisaged in the Conduct of Business Rules), i.e. oriented towards the main corporate risk factors.

The risk map

The auditors must understand the company's 'risk map' and verify that the directors have put in place adequate and proportionate safeguards. In this respect, continuous, and not just periodic, monitoring is also important, with a greater focus on infra-annual information flows. A second new element concerns the coordination of control functions. The decree definitively overcomes a fragmented vision, in which the board of auditors, the statutory auditor, internal audit (where present) and other controls operated on parallel levels. Instead, an integrated model is introduced, in which the board of statutory auditors performs a liaison and synthesis function.

Information exchanges

In concrete terms, this translates into:

-Stricter obligations to exchange information with the statutory auditor, especially on major issues such as deficiencies in the internal control system, significant risks and accounting anomalies;

-systematic interaction with the internal audit function and with any endoconsiliar committees, in order to avoid duplication or gaps in controls;

-evaluation of flows from the compliance and risk management functions, which become essential inputs for supervisory activities.

The board of auditors does not replace these functions, but assesses their adequacy, independence and effectiveness, acting as a 'hub' of the system. This also implies the ability to critically read the findings of the second and third level controls and to identify any inconsistencies or uncovered areas.

Extended incompatibilities

There are also important changes in the causes of ineligibility and disqualification of the members of the supervisory body, which are more a matter of updating and streamlining the rules than of radical innovation. From a subjective point of view, the new Article 2396 septies broadens the scope of the relationships relevant for incompatibility, including, in addition to the spouse, also the other party to the civil union and cohabitees, thus acknowledging the evolution of cohabitation forms and family models. This extension reinforces the legislator's attention to situations where independence may be compromised, even outside the bonds formally typified in the previous discipline. Finally, with reference to relations with the corporate group, the new rule maintains substantially unchanged the subjective perimeter already provided for in Article 2399 (of which the second paragraph remains in force), but is characterised by a more systematic and clearer formulation. In this context, of particular importance is the explicit provision according to which the simultaneous holding of positions on the supervisory bodies of companies belonging to the same group does not, in itself, constitute grounds for ineligibility or disqualification. This is an important clarification, which helps to overcome uncertainties in the interpretation of the previous rules, introducing a principle of greater flexibility in the governance of corporate groups.