1.2.4
Training and periodic skills-updating programmes on, at least, accounting standards, audit, internal control and risk management for staff
involved in preparing and reviewing financial information and carrying out FICS evaluations.
The Company has put in place two action channels relating to the Internal Financial Information Control System:
-
Initial training programmes on the objectives and characteristics of the financial information control system: these programmes are aimed
at the individuals that make up the financial information control structure, process managers and business unit directors.
The aim is to provide information about the most relevant matters related to the process of generating financial information, in particular
on the operational processes of the company that make up the control system, the individuals responsible for maintaining the controls
defined within each process, notifications regarding improvements or modifications, understanding the monitoring system in place, etc.
These training programmes were carried out at the start of the assessment project and will be held once a year.
-
Continuity programmes: the aim of these programmes is to maintain the efficiency and efficacy of the control system through the periodic
training of the whole control system implemented. They are programmes that will be defined on an ad hoc basis according to the needs
of the areas involved.
In parallel, the Finance Department, the personnel of which has the greatest involvement in preparing financial information, has a specific
annual training plan delivered by external consultants that includes the chief areas of its activity: accounting rules, consolidation rules, specific
financial information applicable to the sector and areas considered particularly important to its functions.
2.
Main characteristics of the risk identification process
Risks relating to the Financial Information System are determined and evaluated within the general risk map produced by the Company, which is
periodically reviewed and updated.
The risks defined within the Company’s risk map are classified according to COSO criteria, including the following categories:
-
Strategic risks: those caused by the uncertainty associated with changes in the competitive, company or industry environment.
-
Financial risks: all risks caused by the uncertainty associated with fluctuations in interest rates, foreign exchange rates or difficulties and variations
in the conditions for accessing financing.
-
Unforeseen risks: in general, these relate to damage to the company’s own assets and liabilities arising from damages caused to third parties and
damages caused by natural hazards.
-
Operational risks: these include risks associated with uncertainty in processes, operations and staff or due to inadequate internal systems.
The Company currently has a risk management process in place, which is properly documented and contained on a company IT application.
In designing the risk management process associated with generating Financial Information the Company has focused on the following objectives:
-
Definition of the Financial Information Control System
processes and subprocesses.
-
Determination of the relevant risk categories and types
for each of the different Internal Financial Information Control System processes defined
in the point above.
Corresponding subcategories have been defined for each of these risk categories.
The Accounting, Reporting and Internal Control subcategories are differentiated and defined within the section on the Group operational risks.
-
Definition and analysis of controls
for each specific risk and establishment of their degree of effectiveness.
A risk matrix has been established for each of the subprocesses detailed above, in which the most relevant risks for each process are defined, along
with the operational controls and their effectiveness in mitigating the risks that affect them.
-
Determining and monitoring the scope
of the internal financial information control system. Defining the scope involves establishing which business
units within the Group are relevant and, therefore, if they should be covered by the financial information control system, along with identifying the
operational and support processes that have to be analysed within each business unit. To determine the scope, quantitative and qualitative criteria
for relevance have been taken into account.
The determination and review of this scope, as previously described, are fully documented within the Financial Information Control System, and
must be overseen by the Group Financial Department. It is approved annually by the Audit and Control Committee.
The process thereby defined meets all the basic objectives of financial information: existence and occurrence; integrity; assessment; presentation,
itemisation and comparability; rights and obligations.
Aside from the previously-described process, the Financial Department carries out a monthly accounting consolidation process.
This process starts with the consolidated accounts being received from the various Business Units each month. These are checked and approved to
ensure they comply with the established principles of control, co-management and significant influence.
The last phase of this process includes verification of the standardisation adjustments affecting the income statement (monthly) and the balance sheet
(
quarterly)
This means all the Business Units share a documentation and consolidation system that is approved by the Financial Department, which reviews it
once a year.
It is important to stress that the Company has a single Accounts Plan for the entire Group, as well as shared management IT tools in all the Business
Units.
3.
Main features of the Control Activities
The internal financial information control system defined within the control structure of the group includes a detailed definition not only of the
companies in the group to which it must be applied, but also of the map of the most significant processes within each of them. Among the most
important processes are those relating to reporting, closing accounts, consolidation and judgements and estimates.
60
ANNUAL CORPORATE
GOVERNANCE REPORT
